Page 1

Published by Ethical Board Group Limited |

Spring 2018

Keeping it above board

Become a wise leader

How to create and preserve shared value

Nigerian directors & board effectiveness A national code to raise governance standards


Key lessons to learn from US tax reform

An insight into compensation

Directors in the digital age

It’s time to insist on robust cyber policies

Forging a culture of accountability

Can abstaining improve transparency?


Nigeria’s banking giant on the importance of ethical responsibility

9 772058

Creating enthusiasm for sustainable principles

UK £9.95 USA $14.99 CAN $16.99 EUR €11.99 13

Zenith Bank

ISSN 205 8- 61 1 6

Your Bank More than 190 Branches More than 1,5 million Clients Province of

Luanda (117 Branches)


City of Luanda Viana Belas

BFA is growing with Angola. With 16 Corporate Centres, 9 Investment Centres and 165 Agencies across the country, it now serves more than 1,5 million Clients. With a competitive and wide range of financial services available and a commercial network that reaches almost every part of the country, BFA is growing to meet all its Clients’ needs wherever they are and wherever they need to be. For further information on how to start or strengthen your business relations with Angola, visit any BFA Agency, Corporate Centre, Investment Centre or go to

in Angola. Cabinda (7 Branches) Soyo

Uíge (2 Branches)




Caxito Province of Luanda

Lucapa N’dalatando

Catete Porto Amboim



Saurimo (2 Branches)



Gabela Waku-Kungo




Catumbela Benguela (6 Branches)

Kuito Lobito Huambo (11 Branches) (4 Branches) Ganda Caála Cubal Caconda

Lubango (8 Branches) Namibe


Matala Chibia

Tômbua Ondjiva

Santa Clara (2 Branches)


Ethical Boardroom | Contents




UK governance after Brexit Improvements in audit and corporate governance is important for the UK to attract investment, post its EU exit


Ready for action Passivity is no longer an option for citizen investors as they put ESG factors at the heart of fi nancial decision-making


Why you need a cyber attorney Experienced legal counsel has an essential role in managing cyber risk


Women on boards: Driving the change Understanding women’s experiences and the barriers they face in the workplace can help address the lack of women on UAE boards




Zenith: Riding the ethical high road to the top Nigeria’s banking giant on why sustainability is an essential ingredient for its long-term success



What is business good for? Why board directors need to think harder about creating social value


Flexing your board’s muscles How to appoint the right non-executives to ensure quality oversight


Calculating board composition Stakeholders expect boards to look more like them – and why not?


Inclusive cultures in a multicultural world How companies can mitigate discrimination and build workplaces that work for everyone












Journey from ‘smart’ to ‘wise’ leadership Create and preserve shared value while conforming to a well-defi ned and communicated organisational vision and purpose

4 Ethical Boardroom | Spring 2018


Contents | Ethical Boardroom



Global News: Asia Compliance, diversity, graft and corporate governance



Samsung and the 2018 Winter Olympics Free gadgets and rumours of illicit lobbying put the South Korean company under the watchful eye of the country’s antitrust tsar

10 44

Executive compensation metrics and tax reforms Five important lessons to learn from the rollout of the Tax Cuts and Jobs Act


Cloud governance within financial institutions How internal audit can address the risks of Cloud software and infrastructures in the boardroom



Global News: North America Shareholder activism, data sharing and governance standards




The hypocrisy of hedge fund activists Activists will go to great lengths to demonstrate their desire for corporate change, but who actually benefits?


C O N T E N T S 62 12

Getting board ready Shareholder activism, governance and the hunt for long-term value – 15 themes to use over the next two years Forging a culture of accountability The importance of fi nding better ways to achieve investment goals


How to sleep in on a Sunday morning Why non-executive directors have nothing to lose and everything to gain from regular investor engagement


68 70

Global News: Africa Ethics, gender diversity, money-laundering and standards


Boards must embrace the 21st century Aligning strategy and the business environment

Spring 2018 | Ethical Boardroom 5

Ethical Boardroom | Contents


Nigeria’s aim to transform business The Corporate Governance Rating System sets clear goals to help correct the idea that all Nigerian businesses are corrupt


The calm after the storm Strategic leadership will boost the economy and provide Nigeria with a much-needed steady hand


Nigerian directors and board effectiveness A review of corporate governance that endeavours to instill values-based principles in every boardroom is to be welcomed




Introduction & Winners list We reveal our 2018 African & Middle East Award winners


86 88

Global News: Middle East Crime compliance, gender parity and good governance

Board effectiveness in the Gulf A decade of change in Gulf Cooperation Council boardrooms: progress and challenges ahead



Global News: Australasia Women on boards, governance failings and a CEO shakeup



Changing corporate cultures Companies can make a big impact in communities by engaging with issues that matter to them and to society at large




Wells Fargo: Corporate board lessons learned? The Federal Reserve’s strong rebuke of the US banking giant highlights the need for a compliant culture


Compliance culture and excellent sheep A cautionary tale for addressing organisational culture, processes and policies

6 Ethical Boardroom | Spring 2018

Contents | Ethical Boardroom


How compliant are small businesses? A cost-effective, four-step strategy to reduce risk for SMEs


Compliance in Chinese banks: Playing catch-up Although already under significant scrutiny, more action is needed to stop money laundering



Jurisdiction over corruption Understanding global enforcement trends can help inform company strategy


Advocating together to reduce corruption Collective action is the only way to tackle fi nancial malpractice


Beating Bribery Leadership and culture in risk and anti-bribery management systems



Global News: South America Legal compliance, corruption and money-laundering claims



126 130

The Big Data problem The ethics and risks of having too much information Directors and the digital age US boards are under scrutiny for their oversight of cybersecurity – not only from regulators but shareholders and the public, too


120 134

Establishing and maintaining trust Building an ecosystem of trust through compliance and security



Global News: Europe Gender quotas, corruption, whistleblowers and board changes


Lessons from Naftogaz Where do we stand with reform of corporate governance in Ukraine’s state-owned enterprises?




How not to choose a board portal Seven essential recommendations for corporate secretaries

Spring 2018 | Ethical Boardroom 7

Ethical Boardroom | Foreword

Welcome to the Spring 2018 edition of Ethical Boardroom magazine

Does the UK watchdog need more bite? An independent review of the UK’s Financial Reporting Council (FRC), the regulator for auditors, accountants and actuaries, aims to make the watchdog the ‘best in class for corporate governance and transparency’, while helping it fulfil its role of ‘safeguarding the UK’s leading business environment’.

Greg Clark, the Business Secretary, has asked Sir John Kingman, chairman of Legal & General and former second permanent secretary at the Treasury, to oversee the independent inquiry. The root and branch review will investigate the governance, impact and powers of the FRC. In other words, the Government has decided it’s time to address widespread concerns over the FRC’s competence. The FRC has come under increasing fi re for failing to investigate the audits of scandal-hit UK businesses, such as Carillion, and the auditors of those that had been examined. It has been called ‘toothless’, ‘useless’, ‘not fit for purpose’ and been accused of being too close to the Big Four accounting fi rms – Deloitte, EY, KPMG and PricewaterhouseCoopers (PwC). Due for completion by the end of 2018, the review is part of the Government’s industrial strategy

8 Ethical Boardroom | Spring 2018

aim of creating a business environment that ensures regulators are fit for the future and markets are working for consumers. On the announcement of the review, the FRC held fi rm with a pledge to continue to ‘track innovation and developments in audit in order to promote high-quality corporate governance for stakeholders and society as a whole’. It said: “We welcome this independent review of the FRC’s governance, impact and powers to be led by Sir John Kingman and look forward to contributing positively to it. Meeting public expectations means using our powers effectively, working closely with other regulators and identifying where gaps in those powers exist. The review will ensure we are best placed to support UK efforts to attract investment in business for the long term.” With the FRC under such scrutiny, we are delighted we’re delighted to hear from Stephen Haddrill, CEO of the FRC, in this issue of Ethical Boardroom. Mr Haddrill addresses how public confidence in business has been damaged, following some high-profi le cases of misconduct, but he underlines that while regulation creates a framework and expectation of leadership in fi rms, it cannot succeed unless the culture of the fi rm that is set and driven by the leadership is strong. Elsewhere in this issue, compliance expert Sally Afonso also discusses the importance of strong leadership in ensuring that companies are respectful and responsible by engaging with issues that matter to them and to society at large.

Contributors List | Ethical Boardroom

Our thanks to this issue’s contributing writers SALLY AFONSO Sally is a compliance advisor within the financial services industry

STEPHEN HADDRILL Chief Executive Officer of the Financial Reporting Council

VICTOR RUDEBECK Associate Director, Compliance, Forensics and Intelligence department, Control Risks

SOJI APAMPA Executive Director for the Convention on Business Integrity and a Consultant on CBi projects

DR ASHRAF GAMAL EL DIN Chief Executive Officer, Hawkamah


RAKHI KUMAR Senior MD and Head of ESG Investments and Asset Stewardship, State Street Global Advisors

DR KATARINA SIKAVICA Independent corporate governance expert

VICTOR BANJO Corporate Governance and Board Effectiveness Coach MORTEN BENNEDSEN & BRIAN HENRY Morten Bennedsen is the André and Rosalie Hoffmann Chaired Professor of Family Enterprise and Academic Director of the Wendel International Centre for Family Enterprise, INSEAD. Brian Henry, PhD, is a Research Fellow, INSEAD NINA BRYANT, CHERYL DAVIS & PAUL PRIOR Nina is a Director in FTI Consulting’s Information Governance Privacy and Security practice in EMEA. Cheryl is a MD for Cybersecurity at FTI Consulting. Paul is a MD within FTI Consulting’s Performance Analytics Practice ROBERT CLARK Legal Research Manager, TRACE International GIAN PIERO CIGNA & SVYATOSLAV SHEREMETA Gian Piero is Associate Director, Senior Counsel and Svyatoslav is a Corporate Governance Advisor at the Legal Transition Team of the EBRD THE #CYBERAVENGERS Paul Ferrillo, Chuck Brooks, Kenneth Holley, George Platsis, George Thomas, Shawn Tuma & Christophe Veltsos STEPHEN DAVIS Associate Director and Senior Fellow at the Harvard Law School Program on Corporate Governance NECHI EZEAKO Executive Director, Institute of Directors Nigeria Centre for Corporate Governance

KAI HAAKON E. LIEKEFETT Chair of the Shareholder Activism Defense Team, Sidley Austin LLP KELLY MALAFIS & TAKIS MAKRIDIS Kelly is a founding Partner of Compensation Advisory Partners (CAP) in New York. Takis is the President and CEO of Equity Methods DAN MARCEC Director of Content at Equilar KAROLA McARTHUR Director at M&D Associates ANGELA McCLELLAN Senior Advisor, Business Integrity Programme, Transparency International EMILY MENEER & SIMON KINGSTON Emily is the Global Knowledge Director for the Non-profit Sector and Simon is Head of the Non-profit Sector, Russell Reynolds Associates ANETA NASTAJ Aneta is a Training Manager for CRI Certification, EMEA SABASTIAN V. NILES Partner at Wachtell, Lipton, Rosen & Katz MANDY OFFEL Director of Corporate Governance at D.F. King JIM OVIA Chairman, Zenith Bank Plc

SVEN STUMBAUER Managing Director, Global Anti-Money Laundering and Sanctions Practice Lead, AlixPartners MUFID SUKKAR Group Chief Strategy Officer, Nest Investments ARAVIND SWAMINATHAN & KEN HERZINGER Aravind is a Partner & Global Co-Chair Cyber, Privacy & Data Innovation and Ken is Chair of Orrick’s White Collar, Investigations, Securities Litigation and Compliance Group DNIKA J. TRAVIS & JENNIFER THORPE-MOSCON Dnika is Vice President of Research. Jennifer is Senior Director and Panel Manager of Research at Catalyst SHAWN E. TUMA Cybersecurity & Data Privacy Partner, Scheef & Stone JANE VALLS Executive Director, GCC Board Directors Institute PATRICK VELAY Patrick is an internal auditor DR PETER VERHEZEN & STEFFI GANDE Peter is the Adjunct Professor for Governance and Ethical Leadership, Melbourne Business School. Steffi is the Global Marketing Director, Amrop MICHAEL VOLKOV CEO, The Volkov Law Group

EDITOR Claire Woffenden DEPUTY EDITOR Spencer Cameron EXECUTIVE EDITOR Miles Hamilton-Scott ART DIRECTOR Chris Swales CHIEF SUB Sue Scott ONLINE EDITORS Allegra Cartwright, Hermione Bell SUBSCRIPTIONS MANAGER Lucinda Green HEAD OF ONLINE DEVELOPMENT Solomon Vaughan ONLINE DEVELOPMENT Georgina King, Rosemary Anderson MARKETING MANAGER Vivian Sinclair CIRCULATION MANAGER Benjamin Murray HEAD OF SALES Guy Miller PRODUCTION EDITORS Tobias Blake, Dominic White VIDEO EDITOR Frederick Carver VIDEO PRODUCTION Tom Barkley BUSINESS DEVELOPMENT Michael Brown, Gerald Fox, Steven Buckley ASSOCIATE PRODUCER Suzy Taylor ADMINISTRATIVE ASSISTANT Abigail Fitzwilliam HEAD OF ACCOUNTS Penelope Shaw PUBLISHER Loreto Carcamo Ethical Board Group Ltd | Ethical Boardroom Magazine | 1st Floor, 34 South Molton Street, Mayfair | London W1K 5RG S/B: +44 (0)207 183 6735 | ISSN 2058-6116 | | Ethical Boardroom | Designed by Yorkshire Creative Media | Printed in the UK by Cambrian Printers. Images by All information contained in this publication has been obtained from sources the proprietors believe to be correct, however no legal liability can be accepted for any errors. No part of this publication can be reproduced without prior consent from the publisher.

Spring 2018 | Ethical Boardroom 9

Commentary | UK Corporate Governance

UK governance after Brexit Continuous improvement is needed in audit and corporate governance to ensure that UK attracts investment, post its EU exit Stephen Haddrill

Chief Executive Officer of the Financial Reporting Council

The UK’s corporate governance framework is respected globally and has helped attract significant investment in UK businesses. Twenty-five years on from the inception of the UK Corporate Governance Code, and with changing expectations from shareholders and other stakeholders, it was time to have a major review to ensure that it remains fit for purpose.

There are many reasons why international investors favour UK companies, including, of course, the knowledge that the ‘comply or explain’ basis of our corporate governance code delivers better governance practices and enables informed engagement between companies and investors. The Financial Reporting Council (FRC) has supported companies in this in several ways: ■ We provided additional guidance in the fi nancial crisis to support auditors in their audit of management’s assessment of going concern and guidance on factors to consider where liquidity may be an issue ■ We provided guidance on going concern for directors of listed companies, which set out disclosures by directors and for auditors ■ We set up an inquiry, led by Lord Sharman, to identify lessons for companies and auditors addressing going concern and liquidity risks ■ We have developed revised auditing standards, including additional requirements to drive more stringent, higher quality audit work

10 Ethical Boardroom | Spring 2018

■ We developed the concept of extended auditor reporting, providing a way for more of the auditors’ insight on an entity to be shared with the users of fi nancial statements by sharing the auditors’ assessment of risk and materiality. Alongside that we introduced audit committee reporting and, more recently, developed material to support audit committees in making an assessment of the quality of the audit they receive

Public trust in business

The political events over the last year or so, accompanied by the Brexit referendum, have ushered in a new political and economic narrative and a degree of uncertainty about the future. Alongside this and following some high-profi le cases of misconduct, public confidence in business has been damaged, leading to a perception that business is not delivering for all. Codes put forward principles for best practice that make bad behaviour less likely to occur; and public reporting can make it harder to conceal such behaviour. But, by itself, a code does not prevent inappropriate behaviour, strategies or decisions. Only people, particularly the leaders within a business, can do that. To establish an appropriate governance structure, a board must defi ne the purpose of the company and what type of behaviours it wishes to promote in order to deliver its business strategy. It involves establishing a company-specific corporate culture, asking questions and making choices: how to align values and purpose to the company’s strategy; how to integrate new leaders into that culture, particularly at times of a merger or acquisition; how to maintain a healthy governance under pressure; how to decide whether different parts of the business should operate different cultures; and how actively to communicate values, purpose and behaviours in order for shareholders to engage in constructive discussion. A robust culture is also rooted in diversity and succession planning. A board must determine the balance of skills, background

and experience required by the senior executives and non-executive directors. Boards must champion the benefits of a diverse workforce, including senior management. They must determine the balance of skills, background and experience necessary for both executive and non-executive directors to achieve success. Effective succession planning is crucial to achieving an effective board. Succession plans should recognise the value of recruiting talent from a wide pool. A diverse board avoids the dangers of group think and encourages wide-ranging ideas and views. Boards should take time to consider and understand how diversity and effective succession plans will achieve the strategy and promote success and value. In the revised code – the consultation on which closed in February – succession planning and the promotion of diversity are key elements within its principles and provisions. As such, it will encourage boards and investors to engage in considering how these matters benefit the company.

Audit quality

Corporate governance isn’t the only important element in promoting Britain as

UK Corporate Governance | Commentary

‘open for business’ after Brexit; ensuring the highest audit quality is also paramount. It remains essential that a company audit is trusted by the users of financial statements. It should provide reasonable assurance on the public reporting of financial performance of a business. Auditors should examine the strategic report and the annual report to ensure that it provides clarity and accuracy in its reporting. The UK Corporate Governance Code has, since 2012, expected the audit committee to appoint the auditor; retender the audit at least every 10 years; ensure auditor independence; and assess audit effectiveness. In 2016, following the EU Audit Regulation and Directive, the FRC became the competent authority for audit in the UK with responsibility for the oversight of UK statutory audit, ensuring audit regulatory tasks are carried out effectively. The directive requires auditor rotation for public interest entities, meaning an audit firm can serve no more than two

Corporate governance isn’t the only important element in promoting Britain as ‘open for business’ after Brexit; ensuring the highest audit quality is also paramount. It remains essential that a company audit is trusted by the users of financial statements terms of 10 years, and limiting the provision of non-audit services, as well as prohibiting auditors from providing certain additional functions, such as tax, valuation and legal services.

The FRC now requires extended auditor reporting, which provides greater transparency over the judgments an auditor makes and the work they do. We also require public reporting by audit committees, so they can demonstrate how they have challenged the auditor on the quality of their work. At the same time, auditors should consider and be prepared to challenge directors’ assessments of the long-term health of a company. Since 2014, boards have been expected, through the UK Corporate Governance Code to include a viability statement in their strategic report, to provide an improved, broader assessment of long-term solvency and liquidity. Companies should also state whether they consider it appropriate to adopt the going concern basis of accounting and identify any material uncertainties as to their ability to continue to do so. They should assess their principal risks and explain how they are being managed or mitigated and they should monitor and review annually the effectiveness of their risk management and internal control systems. The UK’s audit quality inspection regime is a world leader. The FRC has inspected audits for the last 12 years to maintain a focus on continuous improvement on the quality of firms’ audit work. It is also the most transparent regime in the world, publishing reports on individual firms’ audit quality. The FRC also undertakes thematic reviews on specific issues to maintain a focus on audit quality. Recent reviews have found that firms can do more to support the roll-out of data analytic techniques and materiality. Large firms are improving the effectiveness and efficiency of audit through the transformative use of technology, which should prompt further competition on quality. This raises concerns, though, about smaller firms’ ability to compete; what the role of an auditor is and should be; and how regulators and standard-setters will be able to match the pace of change. The FRC continues to track innovation and developments in audit in order to promote high-quality corporate governance for stakeholders and society as a whole. Strong innovation and continuous improvement will help ensure that the UK remains a prime capital market as we face a post-EU-exit environment.

Spring 2018 | Ethical Boardroom 11

Commentary | Investors and ESG

Ready for action

Passivity is no longer an option for citizen investors as they embrace their roles as responsible stewards and put ESG factors at the heart of financial decision-making It is no small irony that the biggest source of capital in the world – tens of millions of savers who entrust financial nest eggs to investing institutions – has been missing in action in determining how asset owners and asset managers behave in their roles as agents when they own corporate equity.

But thanks to a series of unexpected, if long-overdue reforms, that cohort of grassroots savers is about to show up in force for the first time. Implications for corporate boardrooms and the global fund industry are vast, especially when it comes to environmental, social and governance factors (ESG). To appreciate the revolution now getting under way, let’s fi rst look at how that universe of beneficiaries got excluded in the fi rst place – and what has changed. It was 44 years ago when the US passed the Employee Retirement Income Security Act of 1974 (ERISA), its mother statute covering pensions. Back then, the Dow Jones closed the year at 616 (it’s now just under 25,000) and nearly all worker savings were gathered in defined benefit (DB) plans. These vehicles guaranteed a specified income to members. Sponsor companies, not plan members, shouldered everyday investment risk. Moreover, the funds had comparatively little to worry about in meeting their obligations. The ratio of workers to retirees hovered at about 16 to one, and retirees didn’t, in general, live that long after work ended. Most plan sponsors could and did run their funds on virtual autopilot, acting as passive holders of equity and bonds in the knowledge that cash piles would be sufficient to cut cheques monthly to those eligible. Similar perspectives and demographics held sway in Britain, the Netherlands, Australia, and other markets with invested pension arrangements. Grassroots savers had little

Stephen Davis

Associate Director and Senior Fellow at the Harvard Law School Program on Corporate Governance or no consciousness of their indirect involvement in the capital market. Fast forward to today. DB plans are an endangered species in the US and UK; employees lucky enough to have retirement benefits have been herded over time, and en masse, into defined contribution (DC) plans. These place investment risk squarely on the individual saver and funnel capital into mutual funds that did not even exist when ERISA was born. Corporate matching contributions are down, or have disappeared entirely, so employees by necessity have had to become aware of how markets affect their savings. Moreover, the demographics are radically different. We are fast closing in on a ratio of two workers for every one retiree, meaning that collective investment vehicles can no longer be indifferent owners of equity and count on cash piles being adequate. Investment chiefs have to pull every lever available to achieve satisfactory returns. Passivity is no longer an option. On top of all that, retirees are living a lot longer, requiring invested assets to deliver payouts for longer periods.

US legacy

For all the wholesale shift of risk onto plan members and retirees, the governance architecture for safeguarding long-term nest eggs has remained stuck in 1974, especially in the US. Plan members have no more say over plan decision-making than they had when they were passive recipients of defined benefits. The paralysis is even more striking when compared to the steady improvements in governance of public company boards, which have transformed from clubs to professional bodies. But neither US legislation nor regulation has provided for member participation in bodies governing retirement plans. So, while members can select

investment choices from a 401(k) menu, they cannot make judgements about what is on the menu to begin with. In fact, in too many cases, plans are run by a single executive at the sponsoring company. It is no wonder that too many Americans are woefully underinvested, or paying too much in fees, to meet their retirement goals. Elsewhere, though, change is in the air. There is, increasingly, recognition that while all the helpful governance and stewardship codes proliferating worldwide have offered meticulous guidance to corporate managers, corporate boards and institutional investor agents, they have largely ignored grassroots citizen savers who supply capital. The International Corporate Governance Network (ICGN) was first to reform. Its Global Stewardship Principles explicitly called on institutional investors to feature their own independent governance structures that ensure behaviour aligned with the interests of beneficiaries. Then UK policy bodies – mainly the Pensions Regulator and the Financial Conduct Authority (FCA) – took important steps to ensure that boards overseeing retirement plans are at least partly representative, skilled up, transparent, and provided with appropriate powers to protect member savings. The FCA, in particular, issued a brutally frank report identifying secrecy in fund manager fees that crippled the capacity of citizen investors to hold agents to account. So new transparency standards are in place. At the same time, UK legislation provided for new Independent Governance Committees at DC plans that has begun to equip beneficiaries with fresh information. Plan members and NGOs, such as ShareAction (disclosure: I am a trustee) have seized on the new flow of data to advocate for more fund accountability to savers. The job is not complete. But similar measures are in place in the Netherlands and Australia.

EU proposals

All this was prelude, though, to the most far-reaching recent development. In January

Younger savers, especially women, increasingly want their investment agents to incorporate progressive social and environmental values into stewardship behaviour 12 Ethical Boardroom | Spring 2018

Investors and ESG | Commentary

A WAKING GIANT Citizen investors will soon be empowered to better tackle financial issues

2018 the European Commission’s High-Level Expert Group on Sustainable Finance (HLEG) released its long-awaited final report, which points the way for near-term EU action. In it, the group spelled out its aim: “A sustainable future is one in which citizens are able to engage fully with the financial system as a whole and ensure that their money is being invested responsibly and sustainably.” To do that, HLEG went further than any recommendations before to invite citizen investors into the capital market tent. Pension funds, it asserted, ‘should ensure that they have a sound understanding of the broad range of interests and preferences of their members and beneficiaries, including ESG factors’. Further, the report declared that every investment agent has an obligation to ‘proactively’ seek out and incorporate ‘the preferences of clients, members and beneficiaries’ on key issues in ‘investment decision-making’, whether such issues are ‘financially material or not’. A handful of EU funds, such as APG and PGGM, already have mechanisms in place to regularly test member opinion. Most do not – yet. As revolutionary as HLEG was in mapping a new role for savers in Europe, it may already be a lagging indicator. In the US, despite formal barriers against beneficiary participation in decision-making, researchers – and especially mutual funds sales forces – are detecting a marked new culture of savings expectations among millennials. Younger savers, especially women, increasingly want their investment agents to incorporate progressive social and environmental values into stewardship behaviour. That’s why we have seen unprecedented steps by the likes of BlackRock, State Street Global Advisors, and Vanguard, the three biggest fund families, to demonstrate their bona fides in ESG. They voted against ExxonMobil management last year on climate change; they have proven vocal in calling for gender diversity in corporate boards; and in February 2018 they went public in ways never seen before, urging US gun manufacturers to embrace safety and control standards. The big three now see their ability to compete for custom hinging on their ability to align with citizen investor interests on environmental, social, and governance criteria. That’s new, and it should help performance, if research is to be believed that better governance is associated with better returns. As savers enter the ESG ecosystem, corporate boardrooms will have to learn to accommodate investing agents that are more vocal and engaged. Such institutions will be looking to earn their own ‘licence to operate’ among their clients. So, in turn, they will be pressing for more responsibility among portfolio companies. Consequences are only just beginning to be felt, to be sure. But one thing seems certain: the days of the AWOL citizen investor are over for good.

Spring 2018 | Ethical Boardroom 13

Commentary | Cybersecurity

Why you need a cyber attorney Experienced legal counsel has an essential role in managing cyber risk Companies are beginning to understand that cyber is an overall business risk, not just a technical issue. Now they must realise that cyber is also a legal issue. The easiest way to understand why is to ask these two questions: ‘Why do we know about the data breaches of Target, Yahoo, Equifax and all the others?’ and ‘Did those companies air their dirty laundry just because they believed it was the right thing to do?’ Of course not! They did so because laws and regulations made them. Those laws and regulations require companies to disclose their breaches and mandate things, such as who they must notify, when and how they must notify, what must be communicated and what must be done for those who were impacted. As these rules demonstrate, having data creates risk and one of legal counsel’s roles is to help companies manage that risk. Many attorneys explain their primary value through their wielding of the attorney-client privilege, by helping to cloak the cyber risk management process with the attorney-client privilege. While that can be helpful when done correctly, it is greatly underselling the real value that experienced legal counsel can add. When it comes to managing cyber risk, there is no substitute for experienced legal counsel.

Real world experience for assessing and managing risk

To effectively manage cyber risk, companies must understand what their real cyber risk is because they cannot manage that which they do not know or understand. The process of assessing a company’s overall cyber risk is

14 Ethical Boardroom | Spring 2018

and in certain markets. They will also understand the types of attacks that are most likely to lead to reportable data breaches. They will have a better one of the most crucial steps in the risk understanding of the laws and regulations management process. It is the foundation. applicable to the jurisdictions in which the Attorneys who have substantial companies operate and what they require in experience in dealing with cyber risk are terms of securing information, disclosing able to better understand how to manage breaches of such information and the cyber risk, including legal and regulatory all-important question of distinguishing liability that leads to significant risk in between a non-reportable incident and a this environment. Th ink about this: how reportable data breach, a subtle yet many cyber incidents or data breaches has bet-the-company distinction. your company’s information technology, Deeper still, by calling on their history of security and management teams been cases, they will have a unique understanding through or even observed fi rst hand? of those things that companies did right Counsel with many years of experience and those things that were ineffective serving as a ‘breach guide’ or ‘breach or led to problems. Because no two are quarterback,’ leading companies through alike, this insight provides a deeper the cyber incident and data breach response understanding of what caused many cyber process, will have been involved in incidents, how they happened and what hundreds or thousands of cyber incidents could have prevented them. Once an and data breaches. Th is real-world incident has occurred, the focus shifts to an experience is invaluable for helping understanding of what companies did right companies understand or wrong, or could have the real-world risks they done but did not do, that Attorneys who now face. Without such may have improved the have substantial practical experience, response and better companies are more likely mitigated the situation. experience in to spend their resources Finally, it enables them to dealing with cyber chasing some of the uniquely understand the hyped-up threats that true harm to companies risk are able to make the best sales that such cyber incidents better understand pitches, conference talks cause, from the initial how to manage and news headlines – it panic, administrative isn’t always the most and confusion cyber risk, including burden exotic and sophisticated and disruption of legal and regulatory operations, to the loss of attacks that cause the most problems. business opportunities liability that leads Diving deeper, such to the companies to significant risk in due counsel will have a being focussed on the unique perspective on incident, to the betterthis environment the most common attack known harms, such as the tactics that have been used costs of remediation and incident in the past and that are currently being response, negative publicity and the used against certain types and sizes of decrease in business value and stock prices. companies, in certain industries, with When working with companies on their certain types of data and business models cyber risk management programmes, one of

Shawn E. Tuma

Cybersecurity & Data Privacy Partner, Scheef & Stone

Cybersecurity | Commentary

RISING TO THE RISK Cyber counsel will hold up-to-date knowledge of law, threats and likely business impact

the most frequently asked questions is, ‘how do you prioritise the steps in your strategic action plan?’. Because companies can’t ‘boil the ocean’ (i.e. fi x every problem) and companies do not have unlimited resources to throw at this problem. They must be able to evaluate the risks and develop a strategic action plan that prioritises those things that should be done fi rst. There is a lot more to consider than the traditional risk formula of ‘risk = probability x loss’ because there are important business factors that must be considered. When evaluating how to prioritise the actions to take, the analysis translates into something more akin to ‘risk = probability x loss x time to implement x impact on the business and resources x benefits/hindrance.’ To work through an analysis such as this requires not only drawing on real-world experience to understand the most likely risks companies face, but also requires having an understanding of the overall business, its operational needs, the practicalities of the business environment and the many competing interests that must be considered. Analysis of such complexities is an essential skill for legal counsel. With cyber risk, even the most extensive and effective risk management programmes

cannot come with guarantees. The problem is not a static problem that can be solved, rather, it involves an active adversary that is continuously evolving its strategy and tactics to fi nd more effective ways of attacking and exploiting its intended victims. And, as with security in general, the company must get it right 100 per cent of the time and the attacker needs only one lucky shot. Because of this, when it comes to legal and regulatory liability, the question is usually not as simple as ‘did the company have a data breach?’ but is more like ‘before the company had the data breach, was it taking reasonable measures to protect its network and data to keep from having a data breach?’ Well-documented evidence of its diligence can go a long way.

Privilege is valuable, but it must be done right

Not to be ignored, the attorney-client privilege can play an important role in many jurisdictions, such as the United States. However, because the privilege

applies to communications and does not shield facts, it is not as effective or certain as many think for either pre-incident risk management or post-incident response. The best way to help ensure the privilege applies is to have the activities integrally intertwined with the rendering of legal advice by ensuring the attorney is retained first, then the attorney retains and directs the work of consultants and that attorney’s role is prominent by truly leading the process so that the consultants are reporting to the attorney who is then using their work to render legal advice. Even then, however, there are no guarantees with privilege. The best course of action is to prepare by doing everything possible to have the privilege but carry out the work as though there will be no privilege because there may not be. There is no substitute for experienced legal counsel in managing cyber risk. In today’s business environment, cyber is unquestionably a legal issue and experienced legal counsel must be integrally involved in helping companies manage their cyber risk.

Spring 2018 | Ethical Boardroom 15

Commentary | Gender Diversity

Women on boards: Driving the change Understanding women’s experiences and the barriers they face in the workplace can help address the lack of women on UAE boards Gender diversity is probably one of the most talked about subjects in the business world. Despite this subject emerging in the early 70’s, yet it’s a challenge handled so slowly that researchers and practitioners suggest it will take more than 100 years to properly resolve, if ever. If we start from the top, it makes perfect sense for women to be on the board of any company, regardless of its activities. The Board, as a driver of strategy and oversight, needs diversity of backgrounds, experiences and personalities. Some research also indicated a significant impact on the company’s performance by having a gender diverse board that represents the customer base. So the most obvious reason is that women are direct clients or part of the market of these companies – whether it’s fashion, financial services, tourism and so on. The less obvious is that even when it comes to goods and services that are perceived to have a ‘male-dominated’ client base, such as cars, men’s fashion or real estate, women tend to strongly influence the buying decisions. It makes perfect sense, therefore, to have a proper female presence on corporate boards.

Regional differences

Most countries are not doing that great when it comes to gender diversity on boards. The Organisation for Economic Co-operation and Development’s (OECD) latest figures suggest that women occupy close to 20 per cent of board seats in OECD countries. Some countries are on a very low percentage, such as Korea and Japan, with less than five per cent, while other countries fare better, such as Iceland and Norway, with more than 40 per cent of board seats of listed companies taken by women. Figures from the Arab countries indicate that the region still has a long way to go. In Jordan – the best Arab country for gender diversity on boards – only 27 per cent of listed companies have women on their boards, the

16 Ethical Boardroom | Spring 2018

Dr Ashraf Gamal El Din

Chief Executive Officer, Hawkamah percentage goes down to 19 per cent in both Oman and Egypt. Regarding the percentage of women on boards of listed companies, a study that we compiled on GCC countries in 2016 found that the average was two per cent. It is quite surprising that in a country, such as the UAE, where more than 35 per cent of ministers are women, that the percentage of women on boards is 1.9 per cent. This means that having women entrepreneurs or even ministers does not mean that women will be on corporate boards. Apparently, increasing the representation of women on boards faces unique challenges and hence requires some structural changes. Therefore, during 2017, Hawkamah, the Dubai-based institute for corporate governance, conducted a survey on listed companies in the UAE. The survey targeted both men and women on boards and top executive positions of listed

While there is clear recognition of the importance of having gender diversity both on boards and management, boards do not spend enough time trying to ensure that gender parity becomes a reality. companies. The objectives were to find out perceptions, challenges and possible solutions for the phenomenon of lack of women on boards in the UAE. Survey results showed that there is common understanding of the correlation between gender diversity and company performance and that gender diversity is perceived to be very important. The perception is that the current number of female on boards does not reflect the importance of female board members. The survey also showed that women occupy less than 10 per cent of top management positions in listed companies.

Moreover, the frequency of discussing gender diversity on boards and in leadership positions is significantly low. This indicates that while there is clear recognition of the importance of having gender diversity both on boards and management, boards do not spend enough time trying to ensure that gender parity becomes a reality. The respondents identified three groups of factors preventing gender parity; culture, limitations that women place on themselves, and organisational barriers, in that sequence of significance. Among the top cultural barriers were lack of maternal support, missing work-home balance, traditional roles of women and the housewife stereotypes present in society. The survey discovered that culture is the strongest barrier to gender parity for listed companies in the UAE. Interesting barriers that the survey also identified were the self-imposed ones. These included that women feel they lack experience for board seats and that they fear not being able to balance family and work commitments. Furthermore, women tend to sacrifice their own career to support their husband‘s career or their families and that women tend to be more careful than men in not making mistakes, seriously undermining their willingness to take risky decisions. The organisational challenges expressed by the respondents show a good deal of work that need to be done by corporates in order to enable gender parity to happen. In general, women are less likely to advance to top management positions because they face greater barriers. In the organisational context, women need to work harder than men to prove themselves. The survey also showed that women lack the proper networks, initiatives and mentorships. Finally, the respondents perceive that there is a lack of supporting HR policies. The Hawkamah study shows how serious

Gender Diversity | Commentary the challenges facing gender parity are and how difficult it is to overcome them. The starting point is the culture. The society must be more supportive to the concept of gender parity. Th is starts at home and schools and not only in corporates. It is also about the support mechanisms available in the society that help women and men achieve the balance between their different commitments. The second area that requires work is the self-imposed barriers or glass ceiling effect. Mentorship programmes, awareness events, exposure and meeting female leaders and top executives can all help women to feel more confident and realise that they are well-qualified to be top executives and board members. Parallel to the initiatives on culture and self-confidence, companies can do a lot to facilitate gender parity. Companies can create the mentorship and capacity-building programmes, they can facilitate networking events and can plan awareness campaigns for their employees, men and women alike, on the importance of gender parity. More important, however, is reforming HR systems in order to allow real gender parity to take place. This could include maternity/family leave for men, as well as women, flexible work systems, relaxed attendance policies for women and men, who have family obligations that require their presence at home. Performance appraisal systems should not penalise women, or men, who must take more time out with their babies or families. Structures must be in place to make sure that promotions are based on merit, not gender, with very transparent criteria and processes in order to prevent system abuses. It is only when we have more women as top leaders, CEOs, CFOs, heads of strategy, etc, that we can expect to have more women on boards, for such positions are the main source of company directors. When women are given the chance to fi ll such positions, that they can then climb up to director level in their organisations and elsewhere. If countries are serious about tackling the issue of gender parity, they need to work on those three groups of challenges. Additionally gender quotas could pave a way for a more diverse board. I fully support the notion of creating quotas for women on boards as a temporary solution and as a means to break the glass ceiling. But, in the long term, the WOMEN AS TOP LEADERS fundamental challenges Reforming HR must be handled well if systems will allow we are to create a more gender parity to take place sustainable reality.

Spring 2018 | Ethical Boardroom 17

Cover Feature | Zenith Bank

Jim Ovia

Chairman, Zenith Bank Plc

Zenith: Riding the ethical high road to the top

Nigeria’s banking giant on why sustainability is an essential ingredient for its long-term success

points better than the sovereign of 7.875 per cent and the oversubscription indicates a huge endorsement of the Zenith Brand as a reputable, international financial institution recognised for superior performance and creating premium value for all stakeholders. The bank had established a $1billion Global Medium Term Note in 2014, with $500million already raised in the fi rst tranche. The fi rst tranche notes were listed and admitted to trading on the Now the number one banking brand Irish Stock Exchange in 2014. In the fi rst in Nigeria, Zenith Bank has thrived on tranche of the exercise, the financial the strength of its sound business model, institution’s $500million Eurobond was conservative risk management, corporate equally oversubscribed with investors governance and strategic corporate mainly from Nigeria, the US, the UK and social investments. the European Union taking part. The endorsement of the Zenith brand is Much of the success achieved by the also not limited to the shores of Nigeria. bank in a little over a quarter of a century Its listing of the second can be traced to its tranche of the $500million Much of the success adherence to global Eurobond Global practices, evidenced achieved by the bank best Medium Term Note by a good corporate Programme in 2017 in just a little over a governance culture and equally broke new ground risk management quarter of a century strong with an overwhelming ethos. The bank’s strategy can be traced to its oversubscription of is to continue to surpass more than 300 per cent. adherence to global its past successes, while Subscription to the ensuring that it does best practices, Eurobond 2022 issue, not go against ethical which topped $2.1billion, standards and regulatory evidenced by its recorded landmark requirements. The bank good corporate success on three counts: has also developed a pricing, subscription standard code of conduct governance culture level and global appeal. and set up a team to and strong risk The result makes the monitor and ensure a management ethos strict adherence to the issuance the highest by any non-sovereign and code. Th is is in addition non-supranational company in sub-Saharan to institutionalising corporate governance, Africa, excluding South Africa. Additionally, thereby setting an industry-wide example the pricing of 7.375 per cent is 50 basis of best practices in that field.

When Zenith Bank went public in 2004, there was an overwhelming endorsement of the brand as its initial public offering (IPO) was oversubscribed. The bank’s performance ever since is evidence that the support has not been misplaced.

18 Ethical Boardroom | Spring 2018

Zenith Bank | Cover Feature

Independent board

Zenith Bank prides itself on being one of the banks in the country with a truly independent board, with the remuneration policies of the board of directors conforming to laid-down principles and policies. Th is minimises the risk of confl ict of interest, leading to increased value creation for all stakeholders. Headquartered in Lagos, Zenith Bank Plc is a leading fi nancial services institution with a presence in Ghana, Sierra Leone, The Gambia, United Kingdom, United Arab Emirates and Representative Offices in South Africa and the People’s Republic of China. Established in May 1990, Zenith Bank Plc is today Nigeria’s largest and Africa’s sixth largest

fi nancial institution by tier-1 capital. The bank provides individual customers and corporate clients a range of fi nancial products and services. Its shares are traded on the Nigerian Stock Exchange (NSE), London Stock Exchange (LSE) and Irish Stock Exchange (ISE). Zenith Bank has greatly impacted banking in Nigeria, lifting the sector from the era of over-conservatism to one of dynamism, characterised by a culture of excellence and global best practices. The bank achieved this through the power of vision, skilful union of banking expertise and cutting-edge technology with which it met and anticipated the varied and changing appetites of its existing and potential customers. The bank is a clear leader in the digital space with several fi rsts in the deployment of innovative products, solutions and an assortment of alternative channels that ensure convenience, speed and safety of transactions. The bank has shaped and continues to influence certain critical aspects of development in Nigeria and has a knack for setting the pace and raising benchmarks. With a team of dedicated and well-trained professionals, the bank leverages its robust information and communication technology (ICT) infrastructure to provide products and services through its network of branches, point of sales terminals and electronically through its internet and mobile banking channels. Zenith Bank’s management team is made up of seasoned professionals led by Peter Amangbo, the group managing director and CEO, who has been on the board for more than a decade. He took over the reins in July 2014 from Godwin Emefiele, who was appointed the governor of the Central Bank of Nigeria.

Leading by example

Successive leaderships have been able to draw on superior people, excellent service culture and continuous deployment of state-of-the-art technology to keep the institution at the forefront of Nigeria’s banking industry. Jim Ovia, founder and now chairman, Emefiele and Amangbo, believe the bank’s impetus for success is the strict adherence to policies, procedures and a rare determination to break and surpass records.

Spring 2018 | Ethical Boardroom 19

Cover Feature | Zenith Bank Clearly, the seamless transition of leadership at the bank is evidence of a well-planned institution and is consistent with the bank’s tradition and succession strategy of grooming leaders from within. While Amangbo’s leadership skills and cognate experience are a significant advantage, he continues to rely on the strength of the board, management and staff to sustain stellar performance. Th is collaborative management approach adopted by the bank in its decision-making processes has created one of Nigeria’s strongest banking brands. Zenith Bank relies on its core business strategy which is anchored on ‘People, Technology and Service’ to create value for its clientele. With strict adherence to global best practices, the bank combines market knowledge, professionalism, expertise and information and communication technology (ICT) to create products and provide services that anticipate and meet customers’ dynamic needs. The bank is also noted for its commitment to the promotion of diversity in its recruitment processes and board appointments. As an institution, the bank draws strength from the diverse contributions of staff with different backgrounds and orientations, knowing that to achieve its set goals and objectives, the aggregate experiences of members of staff is necessary and non-negotiable. This has contributed in no small measure to the bank having one of the lowest staff turnovers in the industry. The bank has stayed ahead of the competition by constantly innovating its processes and developing a bond with all its stakeholders and the environments where it operates. In order to continue to remain relevant, the bank has always adapted its systems and processes in a manner that helps to satisfy the varied appetites of its customers in a constantly changing world. Zenith Bank places a high premium on developing top-of-the-range risk management policies and strategies that are capable of not only promoting the sound health of the bank and protecting its assets, but also ensuring its growth and survival. In essence, having a best-in-class enterprise risk management strategy has been crucial for ensuring the sustainability and survival of the bank as an institution over the years. In recognition of its impressive growth pattern and performance, the bank has earned and received excellent ratings, accolades, recognitions and endorsements from both local and international agencies and institutions. These recognitions and awards continue to affirm the bank’s commitment to professionalism, ethical conduct and sustenance of global best practices, which is attributable to the joint 20 Ethical Boardroom | Spring 2018

BUILDING NIGERIA’S LARGEST BANK Former CEO Jim Ovia founded Zenith Bank in 1990 and moved to the chairman’s role in 2010

At Zenith Bank, corporate social responsibility is a way of life and an entrenched corporate culture. Through this the bank ensures that its social, economic and ecological obligations to the communities where it operates are carried out efficiently and professionally collaboration of the management and staff – indeed, people and talent are two equalisers in the bank’s value chain and the institution has leveraged these to create innovative solutions that often exceed customers’ expectations. The conferment of these awards is also testament to the bank’s adherence to global standards, borne out of its commitment to quality in all dealings with various stakeholders.

Sustainable reporting

Aside from showing leadership in the area of corporate governance, Zenith Bank has equally won commendations with its strategic corporate social investments and adoption of global standards in

sustainability reporting. Guided by the Nigerian Sustainable Banking Principles (NSBP) of the Central Bank of Nigeria (CBN) and the United Nations Global Compact (UNGC) Principles, Zenith is committed to ensuring that the environmental, social and economic impacts of its banking services are carefully considered to obliterate or minimise negative outcomes. The bank published its maiden sustainability report (Nurturing Our People, Planet, Profit), covering its economic, social and environmental activities and performance from January to December 2015, which highlights its various corporate social responsibility initiatives. The second edition of the sustainability report for 2016 (Creating Wealth Sustainably), showing the progress made in the sustainability and corporate social responsibility journey, was also published in August 2017.

Zenith Bank | Cover Feature

ZENITH HEIGHTS The bank’s official headquarters in the business district of Victoria Island in Lagos

the less-privileged in society is the natural fi rst step towards achieving its overall sustainability objectives. One of the biggest achievements for the bank, therefore, was creating widespread awareness about and enthusiasm for sustainable business principles, policies and practices within the workforce. Th is is indeed a critical fi rst step, as the bank’s workforce is the propeller of its overall strategy and vision. The bank has made tremendous progress in its vision to entrench sustainability principles into its business operations, including product offerings, credit and loan administration, vendors’ relations, and employee management. During the 2016 financial year, the bank began the strict enforcement of uniform closing hours in all its business locations, effecting a 5pm closing time bank wide. Th is was in its quest to improve work-life balance for its employees, while also cutting its carbon footprint. Th is policy has been highly rewarding for all stakeholders – it has helped to reduce the working hours of its employees and improve the energy efficiency of the bank significantly, while also cutting down the energy cost and carbon emission of the bank. More importantly, this initiative has boosted staff enthusiasm,

years, has set up ultra-modern ICT centres in several educational institutions across the country. Zenith Bank also supports projects for the resettlement and educational empowerment of victims of flood in several states of the federation as well as internally displaced children in North East Nigeria, with the donation of mattresses, food, rechargeable lamps, insecticide-treated mosquito nets and several educational and personal care items to victims. The bank’s sustainability and corporate social responsibility initiatives are hinged on the belief that today’s business performance is not all about the financial numbers. The bank believes that institutions’ social investments, contributions to inclusive economic growth and development, and improvements in the condition of the physical environment all constitute a balanced scorecard. The communities within which the bank operates constitute an integral part of the Zenith family. The bank treats the wellbeing of its host communities with utmost seriousness and constantly elicits their feedback on how they could continue to live and coexist better together. Zenith Bank has also supported global climate action and has prioritised investment in green and sustainable business projects. The bank has fully integrated environmental and social considerations into its business and credit administration processes. As part of its

efficiency and productivity in the workplace. Zenith Bank remains the biggest corporate social responsibility (CSR) contributor in the Nigerian financial services industry. During the 2017 financial year, ended 31 December 2017, the bank invested a total of N2.661 billion on diverse CSR initiatives, with emphasis on health, education, ICT & youth empowerment and public infrastructure development. Th is represented 1.5 percent of the profit after tax during the review period. In clear demonstration of the organisation’s commitment to the ideals and tenets of corporate sustainability and responsibility principle, hinged on the triple bottom line of people, planet and profit, the bank, over the

green earth policy, Zenith Bank is the fi rst bank in Nigeria to have carried out an external audit on its greenhouse gas footprints, using the Greenhouse Gas Protocol Corporate Standards, a globally certified greenhouse gas audit procedure. As a clear testament to its remarkable strides in corporate social responsibility and sustainability, the bank has been rewarded with several prestigious awards. In September 2017, it was recognised for its Excellence in Social Responsibility by the New Banking Age Awards. Most recently, in November 2017, the bank was recognised as the Best Company in Sustainability Reporting by the SERAS CSR Award Africa.

ZENITH’S MANAGEMENT TEAM (From L-R) CEO Peter Amangbo, Chairman Jim Ovia, Deputy MDs Adaora Umeoji & Ebenezer Onyeagwu

As shown in the reporting database of the Global Reporting Initiative (GRI), more than 100 companies have so far adopted the new GRI Standards worldwide. Zenith Bank is one of these global early birds. At Zenith Bank, corporate social responsibility (CSR) is a way of life and an entrenched corporate culture. Th rough its corporate sustainability and responsibility department, the bank ensures that its social, economic and ecological obligations to the communities where it operates are carried out efficiently and professionally. For Zenith Bank, having a workforce that is increasing aware and passionate about the wellbeing of the physical environment and

Spring 2018 | Ethical Boardroom 21

Board Leadership | Social Value

Emily Meneer & Simon Kingston

Emily is the Global Knowledge Director for the Non-profit Sector. Simon is Head of the Non-profit Sector Russell Reynolds Associates

What is business good for? Why board directors need to think harder about creating social value Larry Fink, chief executive of $6.3trillion asset manager BlackRock, made headlines in mid-January with his open letter, warning CEOs to focus on the social purposes of their companies to ensure long-term value.

“To prosper over time, every company must not only deliver financial performance, but also show how it makes a positive contribution to society. Companies must benefit all of their stakeholders, including shareholders, employees, customers and the communities in which they operate,” Fink wrote. “Without a sense of purpose, no company, either public or private, can achieve its full potential.” While Fink is certainly the most prominent and mainstream voice to highlight the need for companies to assess the full scope of their impact on societies in which they operate, he is by no means the fi rst. In fact, our understanding of the role of business relative to society and our beliefs about how and what business should therefore contribute has evolved through several incarnations over the years. In its earliest stages, expectations for corporate citizenship were limited to philanthropic activity: companies made

contributions that were unrelated to their core business and required little action beyond writing a cheque to the nearest opera house. By the early 2000s, companies had begun to see the value of aligning their philanthropic activity with their core business and started to draw on the skills and expertise of their employees to make more meaningful contributions, through volunteering, for instance. Following the 2008 financial crash, the focus of corporate responsibility turned towards harm reduction and risk mitigation, with companies seeking to reduce carbon emissions and waste in the supply chain and improve employee safety. Spurred in part by shareholder initiatives, these efforts led to a new class of non-financial corporate disclosure: 99 of the FTSE100 companies now report their carbon usage and 70 have publicised carbon reduction targets as of 2016, according to a recent report from UK consultancy Carbon Clear. Similarly, 82 per cent of the Fortune 500 now issue a corporate social responsibility or sustainability report, according to the Governance & Accountability Institute. The latest conceptualisation of corporate responsibility has emerged within the last few years and looks beyond simple harm reduction towards the positive effects, or ‘social value’, a business can create. Social value in this sense takes many

forms, ranging from the reformulation of ingredients to create healthier foods for children, to partnerships with civil society to expand sales and distribution of hygiene products to remote areas of the developing world, or to programmes to promote a diverse and inclusive workforce. In this paradigm, companies are expected to consider the financial and non-financial impacts of their business on all stakeholders and to hold an equal seat at the table alongside government and civil society in addressing major societal challenges. Moreover, recent studies by the Boston Consulting Group and others have shown that companies that take this broad lens on societal impact significantly reduce risk and open up valuable new opportunities in the form of new markets, customers and products.

Why is it critical now?

The question of how business relates to society is hardly a new one, but as

WHAT IS SOCIAL VALUE? Social value refers to non-financial benefits created as a result of a company’s business activities. This value may accrue to a range of stakeholders, including customers (e.g. healthier food products), employees (e.g. diversity hiring initiatives), local communities (e.g. capacity building for farmers providing raw inputs), or society at large (e.g. reducing carbon emissions). A social value lens on strategic decision-making requires a company to evaluate the impact of its business on shareholders and stakeholders alike.

WORKING TOGETHER Companies need to recognise the challenges facing society and want to be part of the solution 22 Ethical Boardroom | Spring 2018

Social Value | Board Leadership

Fink’s letter suggests, it is becoming more pressing than ever. A number of other large institutional investors, including State Street Global Advisors, have joined BlackRock in calling for companies to go beyond financial results and use more holistic performance criteria. Recently proposed changes to the UK Corporate Governance Code by the Financial Reporting Council would require companies to disclose how they ‘contribute to wider society’, alongside their efforts to generate value for shareholders. At a macro level, companies face closer scrutiny as a result of the increased transparency that social media creates. They must appeal to the Millennial generation, which shows strong inclinations to work for and shop at businesses that are considered to be socially responsible. A global backlash against capitalism – in many ways the legacy of 2011’s Occupy Wall Street – has led to a new wave of populist agendas and leaders in developed countries around the world. Within the business world, other forces are creating the need to examine more closely corporate engagement in society. The concept of corporate ‘ecosystems’ is quickly gaining popularity and is prompting many companies to seek partnerships with non-traditional players, like non-profits and governments, in order to achieve business goals. Similarly, there is a growing recognition that the private sector has a significant role to play if the 2015 UN Sustainable Development Goals are to be met. In other cases, it is public opinion – and discontent with government inaction – that is pushing companies to step up. In the wake of the United States’ 2017 withdrawal from the Paris Agreement on climate change, for example, more than 2,500 US organisations, including Apple Inc. and Nike Inc., formed the We Are Still In initiative to pledge their

ongoing allegiance to leading up to the 2008 A social value meeting the agreement’s financial crash; that jumped emissions targets. to 30 per cent in 2009. Last lens on strategic At the same time, the year, these terms appeared risks for companies that fail decision-making in almost 40 per cent of to sufficiently consider requires a company all specs. Our data makes long-term social value grow clear that in the immediate to evaluate the more daunting. Several aftermath of the crisis, companies, including BP many companies were impact of its plc, Volkswagen AG and seeking board members business on Wells Fargo Corp., have who could complement shareholders and seen significant damage their business acumen following negative events with a non-financial lens stakeholders alike (see that could have been Figure 1 below). avoided if short-term profits were balanced However, it’s also clear that to the extent against long-term environmental and social that boards are prioritising these attributes in impact. Failure to enforce moral rigour also director recruitment, they remain narrowly increasingly comes with a price and not only focussed on innately altruistic personal for business: the UK-based charity Oxfam attributes rather than technical expertise International faced a loss of government related to social value. For example, 50 per funding when allegations surfaced that its cent of the 2017 specs included some form of staff had sexually abused disaster victims. the word ethics, but only nine per cent mentioned some variant of corporate Are boards prepared? responsibility. Furthermore, personal While it is clear that companies face an attributes with passive connotations, such as increasing imperative to incorporate ethics and values, appear significantly more social value thinking into strategic often than those with active undertones, like decision-making, it is less clear that their courage and sense of purpose (see Figure 2). boards are prepared to do so. FIG 2: PERSONAL ATTRIBUTES To understand if and how corporate (Average % of NED job specifications boards are weighing social value expertise with term in time period) in recruiting new outside directors, we turned to our own database of work to 23.25% Ethics analyse more than 2,300 position 43.53% specifications for non-executive directors between the years 2000 and 2017. Our goal 9.6% was to discern trends in the usage of terms Values related to social value, such as stakeholders 38.83% and sustainability, as well as personal 1.1% attributes that would suggest an affinity Morals for social value, such as morals or ethics. 2.6% We found that the incidence of these terms has steadily increased. On average, at least 1.1% 2000-2008 one of the five most common terms appeared Courage 2.4% 2009-2017 in 12 per cent of director in the eight years



10% SOCIAL VALUE EXPERTISE 5% Note: Includes average of all terms appearing at least once in given year. 0




2003 2004 2005 2006 2007 2008 2009









Spring 2018 | Ethical Boardroom 23

Board Leadership | Social Value Among the expertise-focussed terms, looked for such expertise in directors those related to environmental themselves. Now, digital is fully integrated sustainability are most commonly sought: into strategic decision-making in most forms of the word sustainable appeared in companies and ‘digital directors’ are 22 per cent of non-executive director specs increasingly in demand. in 2017, up from two per cent in 2000, while This trend is clear when we analyse our environmental saw a similar increase from database of director specs for terms related two to 16 per cent. These trends suggest to digital themes. Looking again at the years there is a growing awareness of the need between 2000 and 2017, we find the term for a social value orientation at the board digital appeared in 36 per cent of 2017 level, but that it remains narrowly focussed specs, up from an average four per cent on harm reduction rather than social value between 2000 and 2008. The term mobile creation (see Figure 3). saw a similar ramp-up, appearing in 67 Unsurprisingly, we see variance in the per cent of 2017 specs, from an average of ways and speed at which these terms have eight per cent before 2008. been adopted across industries. The financial When we look at the directors that services sector – arguably at the heart of the companies have chosen to fulfil their digital 2008 crash – saw the largest increase in mandates, we see several distinct profiles, social value terms (up 46 per cent since ranging from people with traditional the crash), suggesting a corporate backgrounds and Boards will recognition for the need a working knowledge of to mitigate damage done digital issues, to leaders of increasingly want with a forward focus on digital transformations responsibility. Of particular to identify director within businesses, to note, terms related to industry disruptors from talent whose inclusion were included in emerging digital companies. understanding of fewer than one per cent of While it is essential specs pre-crash but jumped business includes an that boards look first and to seven per cent in the for excellent appreciation for how foremost years since. Retail saw a business people who can social value issues 39 per cent increase in contribute to a broad range social value terms, with of topics, there is often materially impact variants of corporate social some trade-off between the business responsibility appearing in subject matter expertise three per cent of specs prior and general management to 2008 and eight per cent after. Social experience. That means boards have had to value-related terms increased 29 per cent be open to non-traditional candidates who among industrial goods companies, with may not have previous board experience terms related to sustainability rising – such as start-up CEOs or business unit from five to 22 per cent and stakeholders managers – to find both breadth and depth. from 18 to 35 per cent. Similar lessons apply as boards begin equipping themselves to elevate social value The path forward to a strategic level. A robust understanding As companies consider how to bring social of business will always be table stakes for value perspectives into the boardroom, we any director candidate, but boards will see a helpful roadmap in the journey many of increasingly want to identify director talent our clients have recently taken to integrate whose understanding of business includes digital considerations into director selection an appreciation for how social value issues and corporate strategy. Just a decade ago, materially impact the business. CEOs of digital was still seen as a siloed business top charities, social venture fund investors topic. Boards brought in digital experts to and executives from the companies at the advise on specific situations, but rarely forefront of the social value movement

will likely be obvious candidates, as they are the most likely to have experience of measuring non-financial impact and taking a stakeholder-oriented lens on strategy. Undoubtedly other attractive profiles will also emerge.

Bringing social value into your boardroom

Beyond selecting directors with the right capabilities, we would suggest there are five key questions that board chairs should be asking themselves, their board members and their CEOs now: ■■ Who are our major stakeholders? ■■ If every corporate action were transparent, would it have a positive or negative effect on our share price or market cap? ■■ What percentage of board time is allocated to discussions around the contribution the organisation makes to society? ■■ Are there metrics in place for the board to assess social impacts and risks? Does the board believe the management team has an understanding of social risk? ■■ Do we know which of our major investors integrate environmental, social and governance (ESG) factors into their investment decision-making and are we engaging with them?

FIG 3: SOCIAL VALUE EXPERTISE (Average % of NED job specifications with term in time period) Long-term

11.8% 35.7%


15.6% 34.9%


4.2% 19.2%


10.9% 12.9%

Corporate Social Responsibility

1.4% 6.3%

2000-2008 2009-2017

MOVING FORWARD Bringing social value perspectives into the boardroom 24 Ethical Boardroom | Spring 2018

We make ESG Risk transparent.

RepRisk offers the world’s largest, daily updated due diligence database of 100k+ public and private companies in all sectors, markets and sizes. Gain access to our exclusive ESG and reputational risk profiles, created with a unique outside-in perspective for assessing a company’s on-the-ground performance. Know early, know more.

Board Leadership | Effectiveness

Flexing your board’s muscles In December 2017, Carillion appointed Justin Read as a non-executive director to chair the company’s audit committee.

In his role as chairman of the committee, Read would be responsible for evaluating the transparency, independence and integrity of Carillion’s fi nancial reporting. Th is included such tasks as reviewing the external audit companies hired to look after the fi nancials and generally overseeing Carillion’s audit process to ensure best practice. His committee was also responsible for risk-based internal audit functions as well as making sure any internal controls were effective. Read had all the makings of an excellent non-executive director. He was formerly the fi nance director of a large property developer and had also held positions of responsibility at Euro Disney, Bankers Trust Company and leading manufacturer Hanson. With Read sitting alongside numerous other fi nancial and corporate specialists, at the end of 2017 it looked like Carillion was shaping up to have one of the most professional and well-qualified boards in the business. None of that mattered, of course, when the company surprised us all by going into liquidation a month later.

The changing role of a non-executive director

As Dr Roger Barker, head of corporate governance at the Institute of Directors put it: “The role of a board member is increasingly complex and requires specific skills and knowledge.” It has long been wrongly held that the non-executive director role is simply the next (and often fi nal) stage in the life of a corporate executive: a lower-stress option for senior company leaders from which retirement can be looked forward to. As the Carillion case study shows, this supposedly easier, lighter role often fails to materialise. In fact, non-executive directors have a tougher job than ever before and

26 Ethical Boardroom | Spring 2018

How to appoint the right non-executives to ensure quality oversight Mufid Sukkar

Group Chief Strategy Officer, Nest Investments must make a significant investment, both of their time and skills, to do an effective job. Becoming a non-executive director in 2018 is far from an extra-curricular activity. Each member of a company’s board, non-executive or otherwise, must work extremely hard to act in the best interest of the company in today’s complex corporate world. When the board assembles, all directors are equally responsible in so far as having a collective and consistent perspective to face the issues of the day. Th is is why, in the eyes of the law, they are considered to be ‘joint and severally liable’ should the business fail due to negligence, incompetence or malice.

How to build an effective board Business leaders would do well to dismiss any preconceived notions they may have about non-executive directors and their responsibilities in the boardroom. Non-executives are there to bring qualified and experienced perspectives, from a variety of backgrounds and previous careers, so that the conception of new ideas and insights can be brought into reality by means of best practices of their industry.

Becoming a non-executive director is not the holy grail of a grey-haired executive, but rather an accountable, all-consuming challenge. A good company realises this when making its appointments

An effective board is a diverse one, made up of multiple backgrounds, races, genders and experiences. The UK Corporate Governance Code advises that small companies should appoint at least two non-executive directors, whereas larger companies are required to ensure that 50 per cent of their boards are non-executives. Why not seek out some alternate viewpoints with interesting career histories when making these appointments? After all, the Corporate Governance Code discourages you from appointing former employees or those with a ‘material business relationship’ with your company in these roles for a very good reason – to ensure independence. The point is that, just like pilots are not necessarily the best people to run airlines and doctors are often not the best hospital administrators, appointing non-executives from the same industry can be a hindrance to effective governance. Being one step removed from the board as a non-executive adds an extra layer of independence and scrutiny to the work, due in no small measure to the fact that they are on fi xed fees and therefore can act without fear or favour. It may seem counter-intuitive, but presumption of knowledge after a 30-year-plus career in an industry can hinder creative thinking and lead to laziness and herd mentality, where objectivity and thought independence is minimal. Surely, the desire to seek out alternative viewpoints is the reason that the non-executive role was conceived in the fi rst place? Some of the country’s most successful companies certainly think so. Barclays has 10 non-execs sitting on its board and HSBC has 14, clearly demonstrating the worth that these companies place on their insight.

Effectiveness | Board Leadership

While we have seen much more emphasis on placing women in senior positions in recent years, the sad truth is that Britain still lags behind the likes of Norway, Sweden and France for boardroom gender equality. We are failing on age diversity too – over half of board members in the UK are aged 56 to 65. IT, sales, marketing and HR professionals are also seriously underrepresented. Often also overlooked is the importance of ‘laymen’ in boardrooms, who are responsible for ethical scrutiny. We should follow the example of Scandinavian companies: they frequently appoint ethicists to their boards to ask questions like ‘is this new product likely

to cause social harm?’ which can ultimately prevent corporate disasters.

Learning from mistakes

It’s not all bad news, though. More than 66 per cent of non-executives in the UK weren’t known to the organisation when they secured their most recent appointment and nearly all this number went through a formal recruitment process for their role. It is a good sign that British industry is learning from the mistakes of past companies. Fundamentally, any director that attends a board meeting thinking the job is a quarterly one-day commitment is doomed to fail; it is a matter of time. Becoming a non-executive director is not the holy grail for a

grey-haired executive, but rather an accountable, all-consuming challenge. A good company realises this when making its appointments, invests in the appropriate training for directors and curates a diverse board with a range of opinions and methods. An effective non-executive views responsibility as a new and exciting way to bring their substantial corporate and life experiences to a company while at the top of their career. I’m sure all of Carillion’s board members took up their roles expecting to do just that and only time will tell if the quality of their oversight contributed to the company’s downfall or not. If so, we should expect big changes in the way that boards are required to function. Companies would do well to get ahead of the game straightaway and examine the effectiveness of their boards.

PUTTING UP A CHALLENGE Non-executives need to offer critical feedback and independent advice

Spring 2018 | Ethical Boardroom 27

Board Leadership | Performance CHOOSING THE RIGHT CANDIDATES All white, male boards do not make for the best performance

Calculating board composition Stakeholders expect boards to look more like them – and why not? The relationship between shareholders and boards of directors at public companies has seen a gradual, but consistent, shift over the past decade.

Following the 2008 financial crisis, the Dodd-Frank legislation in the US enacted rules and regulations that gave investors a stronger voice in corporate matters, which also led to a more direct influence on boardroom decisions. This didn’t happen overnight. The annual say-on-pay vote, which from 2011 gave all investors the ability to have a say on executive compensation, created the need for companies to be more transparent in their public filings in order to clearly communicate their pay decisions. In that time frame, proxy advisors that provide voting recommendations to investors closely scrutinised these disclosures, leading to more standardised pay strategies centred on shareholder value creation. Larger investment firms – particularly those with scalable proxy voting teams – began engaging directly with companies to discuss pay, leading to a host of other conversations around board matters. During the same time period, activist investors gained a stronghold by leveraging 28 Ethical Boardroom | Spring 2018

Dan Marcec

Director of Content at Equilar sizable stakes to elect board members and take control of the direction at major companies. Depending on the objective, these scenarios could place long-term investors in difficult situations if the activists were in position to influence the board and the company to target short-sighted gains. Investors, such as pension funds or institutional shareholders, heavily invested in index funds, do not have the ability to exit a stock if the corporate outlook is misaligned with their long-term strategy. As a result, the best tool they have is to engage the company directly and to leverage votes on the composition of the board to ensure that the company’s strategic direction is not only focussed on current performance, but also on long-term growth and health. Th is non-exhaustive list of trends led up to 2017, a banner year for large investors speaking out on board composition and diversity. State Street Global Advisors made a very public statement by installing the ‘Fearless Girl’ statue on Wall Street in support of more women on corporate boards. The fi rm then proceeded to vote against hundreds of directors at companies without

women on their boards in the subsequent annual meeting season. Similarly, BlackRock announced in its Q2 Investment Stewardship Report that it had supported eight out of nine shareholder proposals that requested an adoption of a policy on board diversity or disclosure around plans to increase board diversity. Vanguard also went on the record, calling board composition the number one issue for shareholders last year. In addition, on the heels of the Boardroom Accountability Project in 2014 – which was credited with giving rise to proxy access, i.e. a more straightforward path for investors to nominate director slates – New York City Comptroller Scott M. Stringer and the New York City Pension Funds launched the ‘Boardroom Accountability Project 2.0’ in late 2017. It aimed to ‘ratchet up the pressure on some of the biggest companies in the world to make their boards more diverse, independent and climate-competent, so that they are in a position to deliver better long-term returns for investor’. These are just a few high-profi le, examples from the last year. Other large pension funds, such as CalPERS and CalSTRS, have been working on diversity initiatives for years, including starting their own database of

Performance | Board Leadership board-ready candidates to increase visibility of directors from all backgrounds. The wheels have been put in motion and we wait to see the long-term results of these efforts. What we do know now is that investors have become much more keenly attuned not only to what decisions are being made in the boardroom but also to who is making them. With annual meeting season currently in full swing, every public company’s board will be up for review. The question remains: what are boards doing to provide the information that shareholders want in advance of those votes?

The push for clearer disclosure

Underpinning the board diversity conversation, a mounting body of evidence has identified that diversity improves financial performance. For example, a McKinsey & Company report found that companies in the top quartile for gender diversity were 15 per cent more likely to outperform those in the bottom quartile, while ethnically diverse companies in similar positions were 35 per cent more likely to outperform. In other words, companies that lead appear to reap rewards for their broad range of perspectives and inclusivity. Yet progress in increasing diversity remains slow. According to a global survey of directors by KPMG, 61 per cent claimed a need for greater diversity of viewpoints and backgrounds on their boards and only 36 per cent were satisfied that their board had the right complement of skills, backgrounds and perspectives to navigate the competitive global environment. KPMG’s survey respondents said that boards were most challenged to find directors with both the general business experience and specific expertise needed for a board role, yet only 31 per cent of directors indicated their boards had a robust or formal board succession plan. Nearly half of respondents claimed to be actively recruiting directors with specific

skill sets, but less than one-third were actively casting a wide net to enhance diversity. Clearly, many boards and nominating and governance committees are grappling with the process of building a high-performing board and meeting the expectations of constituents. This background puts into context the fact that 16.5 per cent of Russell 3000 board seats were occupied by women at the end of 2017. That figure increased from 15.1 per cent about 18 months earlier, according to the Equilar Gender Diversity Index, a quarterly study of women on boards at US public companies. While there has been some movement, the ultimate purpose of diversity

As shareholders prepare to vote in director elections each year, the annual proxy statement has become a critical tool for boards to communicate how board composition supports corporate strategy initiatives – for boards to reflect a company’s employee, customer and shareholder base and therefore better serve their fiduciary constituents – is still a long way off.

How boards communicate composition strategy

As shareholders prepare to vote in director elections each year, the annual proxy statement has become a critical tool for boards to communicate how board composition supports corporate strategy. Because there is not requirement for such information in public filings, companies face the decision of whether





39.8% 30% 20% 18.4%

10% 0% Director photos

Gender diversity


Skills matrix

or not to disclose board diversity considerations and metrics in their annual proxy statements, and if so, how. Equilar annually conducts a study of voluntary disclosures in proxy statements at US public companies and found that in 2017 about 40 per cent of the 500 largest companies by revenue (the Equilar 500) shared some level of detail about diverse representation among their board members. While a majority of these companies disclosed that either gender (64 per cent) or ethnicity (62 per cent) was a ‘consideration’ in board or director candidate assessments, these disclosures are typically boilerplate text. Meanwhile, a minority of companies disclosed the actual composition of the board by gender (45.1 per cent) or ethnicity (39.8 per cent). In addition, about one in six companies disclosed a ‘board skills matrix’, or a table, that outlines the various skill sets and qualifications of each individual board member. Finally, about four in seven of the largest companies by revenue included director photos in their latest proxy statement. Perhaps seeming like a small detail, many shareholders appreciate that photos personalise the board, once again allowing them to gain a better perspective on the individuals they are voting in to oversee their portfolio companies and be a steward for their investments. Because data on board diversity is not universally available – i.e. not required – any analysis of board composition is reliant on voluntary information provided by companies. The disclosures noted in Figure 1 vary in nature, but they have in common the fact that they quantify a number or a percentage of diverse representation on the board. For example, Prudential Financial, on page nine of its proxy filed on 21 March 2017, itemised various groups of candidates to show how its directors represented various groups (Figure 2).

FIGURE 2: BOARD DIVERSITY While the Company (Prudential Financial) does not have a formal policy on board diversity, our corporate governance principles and practises place great emphasis on diversity and the committee actively considers diversity in recruitment and nominations of directors. The current composition of our board reflects those efforts and the importance of diversity to the board. Two-thirds of our Board is diverse 3 Director nominees have worked outside the United States 2 Director nominees are African-American 1 Director nominee is Asian-American 2 Director nominees are Hispanic 3 Director nominees are Women 1 Director nominee is LGBT 12 Total number of director nominees

Spring 2018 | Ethical Boardroom 29

Board Leadership | Performance Meanwhile, Johnson & Johnson was less specific, but created an identifiable visualisation meant to draw the reader’s eye, located on page 15 of its proxy filed last year on 15 March 2017 (Figure 3). When it came to board diversity disclosures, there were differences across sectors as well. For example, utilities companies were most likely to disclose that they considered either gender or ethnicity in board assessment (74 per cent) yet ranked only sixth out of eight sectors in terms of composition disclosure (41 per cent). At the same time, technology companies were least likely among the sectors to disclose assessment considerations (52 per cent and 55 per cent) and yet ranked at or above the median for composition disclosure (42 per cent to 45 per cent). Exactly half of industrial goods companies disclosed gender diversity in board composition, the only sector to reach this level in either the gender disclosure or ethnicity/race disclosure categories in the study. In addition, 48.1 per cent of healthcare companies disclosed board composition for both gender and ethnic/racial diversity, marking the highest prevalence in the latter category. The

basic materials sector was the least likely to disclose board composition by gender (36.3 per cent of companies) or ethnicity/race (21.3 per cent of companies), see Figure 4. When it came to director photos, 57.1 per cent of Equilar 500 companies included director photos in their proxy statements, as many observers have suggested companies do so in order to improve transparency around board composition. Nearly 90 per cent of utilities companies included director nominee photos in their proxy statements, by far the highest percentage of any sector, while services companies – which include retailers, travel companies, cable and internet providers, etc – were the least likely to include director photos in their proxy statements, with 41.3 per cent doing so.

Adding board skills to the equation

FIGURE 5 DISCLOSED SKILL PERCENTAGE OR ATTRIBUTE OF DIRECTORS Corporate leadership 94.8% Finance 93.8% Business development 86.5% Technology 77.1% International 68.8% Operations 67.7% Government affairs/public policy 58.3% Legal and governance 57.3% Risk management 43.8% Board leadership 37.5 % Public company experience 33.3 % Strategy 24.0 % Transaction experience 19.8 % Diversity 18.8 % HR and talent development 18.8 % Research 13.5% Healthcare 12.5% Retail 12.5% Financial services 10.4% R&D and innovation 10.4%

The board diversity conversation can be often misunderstood or misrepresented, especially if it’s put into the context of a political discussion or framed as having a social agenda. The bottom line is that boards election at its 2018 annual meeting. Consistent have a duty to represent their shareholders with the investors’ message to its portfolio and, if there is broad companies, BlackRock conformity of background, added directors that As companies FIGURE 3: DIVERSE IDENTITIES perspective and experience, support the firm’s long-term build more the board is more likely investment in technology. to engage in group think. In their 2017 proxy transparency Demographics of the statements, more than 18 into their board population and the per cent of Equilar 500 evaluation and workforce are changing companies disclosed a rapidly, yet leadership skills matrix, nearly succession planning board demographics have seven percentage points processes, they remained largely the same. higher than the previous Therefore, a critical year (up from 11.8 per cent open the doors component of the board of companies in 2016). for shareholders assessment, refreshment Unsurprisingly, finance and succession planning experience was one of to engage discussion is centred on the the top-cited skills among skill sets each director brings to the table boards that included these detailed and how those skills support the strategic breakdowns. ‘Corporate leadership’ was also direction of the company. As an example, cited for 94.8 per cent of directors, another Women, Hispanic and BlackRock recently refreshed its board of unsurprising finding. However, the most African-American nominees directors, nominating three new members for prevalent skills varied going further down the list, with business development, technology, FIGURE 4: EQUILAR 500 BOARDS COMPOSITION DISCLOSURES international business and operational BY GENDER OR ETHNICITY/RACE, BY SECTOR experience assigned to more than 60 per 60% cent of directors each (See figure 5). Because these board disclosures are 55% voluntary, they may be taken with a grain 50% of salt. However, as companies build more 45% transparency into their board evaluation and 40% succession planning processes, they open the 35% doors for shareholders to engage. Just as the 30% annual say-on-pay vote created an avenue for 25% investors to more closely analyse and engage with boards about developing executive pay 20% plans that support shareholder value creation, 15% board composition disclosures advance the 10% dialogue. As the relationship between boards 5% and their constituents continues to evolve, 0% these conversations are intended to engender Basic Consumer Financial Healthcare Industrial Services Technology Utilities stronger ties to achieve near-term growth materials goods goods and long-term prosperity for all parties. ■ Current board composition gender ■ Current board composition ethnicity/race 40.7% 40.7%

44.9% 42.0%

48.1% 41.3%

50.0% 47.6%

48.1% 48.1%





46.7% 42.2%


30 Ethical Boardroom | Spring 2018


ARE YOU READY? 2030: global talent shortages of 85.2 million skilled workers means $8.5 trillion won’t be added to the global economy. What can nations, organisations and leaders do now to avoid the crunch point? Find out more at

Board Leadership | Diversity

Dnika J. Travis & Jennifer Thorpe-Moscon

Dnika is Vice President of Research and Jennifer is Senior Director and Panel Manager of Research at Catalyst

Inclusive cultures in a multicultural world When most people in America hear the word ‘racism’ they think of overt acts, such as the white nationalist march in Charlottesville, Virginia, in 2017 or the massacre of Black churchgoers in Charleston, South Carolina, in 2015.

While these types of dramatic and deadly events make headlines, there’s a more common and insidious form of racism that’s harder to see: ‘microaggressions’ – those everyday verbal and nonverbal slights, insults and snubs that constantly remind people of colour and marginalised communities that they’re different, that they aren’t ‘one of us’. Microaggressions can occur in both personal or professional settings. For example, it happens in the former when a Latino man is followed by a store manager while shopping for groceries,2 or when a multiracial woman is asked ‘what are you?’, or a Black woman is told ‘you are so articulate’. And it happens ‘inside the workplace’ when a ‘co-worker mocks someone with an accent’, or a ‘Black woman is told her natural hair is unprofessional’,

32 Ethical Boardroom | Spring 2018

How companies can mitigate discrimination and build workplaces that work for everyone

or a potential hire is passed over because her ‘CV sounds too ethnic’. A new Catalyst study – Day-to-Day Experiences of Emotional Tax Among Women and Men of Color in the Workplace – finds that the cumulative effect of these experiences puts professionals of colour in a constant state of being ‘on guard’, bracing themselves for the next insult or biased act. Over time, the daily battle takes a heavy toll, imposing an ‘emotional tax’ that affects their health, wellbeing and ability to thrive at work. In addition, employees who feel on guard in the workplace have a higher likelihood of quitting. As one Black man from the Catalyst study recalled, ‘I experience a lot of tribalism at work, where the Polish people socialise with the Polish people, the Asian people with the Asian people, the Italian people with the Italian people. Being the only African

American, I don’t have anyone with whom I can socialise. They care nothing of the history [of] my ethnicity – only theirs… I am ostracised every day and cannot wait to leave in a month. I found a more accepting place to work’.

As talent gets harder to find, employee retention is critical and diversity is a must

If your organisation is finding it difficult to fi ll open positions, you’re not alone. Manpower Group’s global study, 2016/2017 Talent Shortage Survey, reports that the shortage of talent has steadily worsened since 2007. In fact, in 2016, 40 per cent of organisations reported challenges in fi lling open roles. The top reasons employers cite that they can’t fi ll positions? Not enough people are applying for the roles and people don’t have the right skills or experiences. Unsurprisingly, in times of talent and skill scarcity, companies are focussing inward and spending more time and resources developing their current employees. That’s good news for companies trying to retain people of colour, as despite being ‘on guard,’ nearly 90 per cent of women of colour want to be influential leaders, have challenging and intellectually stimulating work, obtain high-ranking positions and stay at the same company.

Diversity | Board Leadership To retain this highly motivated and talented group of employees, companies need to build an inclusive workplace where all people feel valued for their unique perspectives and experiences as well as a sense of belonging.

Building an inclusive culture is key

Building an inclusive culture is not only good for employees’ wellbeing, it also delivers real-world, tangible benefits. Research shows it drives more innovation, more cooperation among employees and increases employee retention.10 But what is an inclusive culture? What does it feel like? An inclusive culture has a balance of two factors: 1) you need to feel like you belong in your team and 2) you need to feel valued for your unique skills and capabilities.11 And for many women and men of colour, finding ways to simultaneously be part of the team while also retaining their individuality is a careful balancing act. When people feel included and valued for their unique contributions, amazing things can happen.12 Employees are more likely to engage in innovative behaviours, such as identifying opportunities for new products and processes, or trying out new ideas and

Diversity is a fact. Inclusion is a choice. When you cultivate an inclusive workplace, you harness the power of the people. This can not only drive financial performance, but organisations can have a competitive advantage by attracting and retaining top talent from all backgrounds

approaches to problems. Also, the more included they feel, the more cooperatively they behave, e.g. helping colleagues with heavy workloads, picking up the responsibilities of someone that was absent, or volunteering to help their manager. Put simply, employees are more likely to go above and beyond the call of duty to help the team. Diversity is a fact. Inclusion is a choice. When you cultivate an inclusive workplace, you harness the power of the people. This can not only drive financial performance, but organisations can also have a competitive advantage by attracting and retaining top talent from all backgrounds.

Actions for companies

In the study, Catalyst offers four actions for companies to build more inclusive workplaces for women and men of colour:


Listen: Talking about differences can be uncomfortable, but making conversations about race, gender and ethnicity part of the day-to-day experiences of employees shows a commitment to understanding and validating every point of view. Celebrate and honour employees’ differences by encouraging dialogue. Develop strategies to help employees with these conversations. And remember, a key aspect of inclusion is feeling heard. Don’t shy away from difficult conversations. Ask questions and listen – really listen – to the answers. Are microaggressions prevalent 2 Learn: in your organisation? Do certain groups

of employees feel singled out or excluded? Take stock of your current cultural norms to understand how your employees experience the workplace. By learning what the pain points are you can determine what practices, policies and unwritten rules need to be revised to create an inclusive environment.

up: Who better to ask for solutions 3 Link in creating an inclusive environment

than your employees? Involve all your employees, not solely people of colour, and leverage everyone’s enthusiasm to change the culture. Ask them what works, what doesn’t and why. Get employees involved in implementation and find ways to have them own and drive the solutions. Everyone has a role to play 4 Lead: in creating workplaces where all

employees feel they can succeed. Educate and train your managers on inclusive leadership behaviours and provide air cover and support if your team encounters difficulties in delivering results. Cultural and behavioural change doesn’t happen overnight. As a leader, you need to simultaneously support your employees as they learn new skills and behaviours and hold them accountable for creating an inclusive environment.

Don’t hide, engage meaningfully

Discussing differences can be uncomfortable, but to build inclusive workplaces companies need to acknowledge the unique challenges women and men of colour face both inside and outside of work.13 We must listen and learn from people of colour’s experiences, lead with intention to address emotional tax in our workplaces and, importantly, we need to hold each other accountable for change. Creating more inclusive workplaces will benefit employees and businesses and perhaps our collective learnings will even spill over into society at large. As we uncover our own biases and learn to correct them, maybe we can reduce the microaggressions in our communities as well. Footnotes will be run in full online.

LISTEN TO PEOPLE Employees are more likely to be innovative if they feel included

Spring 2018 | Ethical Boardroom 33

Board Leadership | Decision-making

Journey from ‘smart’ to ‘wise’ leadership How to create and preserve shared value while conforming to a well-defined and communicated organisational vision and purpose Round-the-clock news cycles and fragile trust in corporations mean that business leaders are now under the spotlight more than ever. Almost 70 per cent of observers perceive an over-focus on short-term financial results, according to the 2016 Edelman Trust Barometer. The short-term focus of CEOs seems misaligned with the rising expectations of the general population. Increasingly, the need is for organisations that create wealth, not just for investors but for all stakeholders, without undermining social and ethical values or violating the fragile ecosystem. Even Larry Fink, CEO of BlackRock – one of the biggest global investment funds with $6.3trillion of assets under management – recently advised CEOs to act more responsibly. Modern businesses are an integral part of a broader socio-ethical framework. Profit at any costs will no longer secure a licence to operate or gain genuine legitimacy. To uncover the issues at the heart of this misalignment and discover the health of leadership decision-making, Amrop, a global executive search organisation, recently surveyed C-suite executives from

Dr Peter Verhezen & Steffi Gande

Peter is the Adjunct Professor for Governance and Ethical Leadership, Melbourne Business School. Steffi is the Global Marketing Director, Amrop around the world. The study, Wise Decision-making: Stepping Up To Sustainable Business Performance, explored three pillars of ‘wise decision-making’ identified by the researchers: ‘Self-Leadership’ – how leaders exercise self-governance; ‘Motivational Drivers’ - what drives leaders’ choices; and ‘Hygienes’ – how leaders nourish their decision-making ‘health’ (see The Th ree Pillars of Wise Decision-Making, right). Our study finds that senior executives tend to have good intentions, placing a high premium on ethics.

So why do good leaders make bad decisions?

Digging deeper, we find that business leaders are missing opportunities to drive sustainable business performance. Organisational pressures are often preventing leaders from acting in accordance with their own values, with a mismatch between what they say is important, versus their choices when presented with hypothetical career scenarios. Such disconnects can result in flawed decision-making, potentially putting organisations at risk.

Smart doesn’t mean wise

Unconscious biases, values and beliefs all affect our decisions. So, too, do pressures from our operating context, organisational governance mechanisms and processes. Senior executives face challenging social, environmental and ethical dilemmas every day. Generally, leaders try hard to ‘do the right thing’ and make reasonable decisions in the face of fast-evolving markets and acute internal and external scrutiny, doing their utmost to minimise thinking errors and bias, and optimising innovative insights that can be translated into business opportunities. Qualities such as self-awareness, intuition backed by analysis, perseverance and innovation, are all essential and help leaders generate value for shareholders and stakeholders. But although these are some of the marks of a smart decision-maker, being smart is no longer enough. Smart leaders become wise leaders when they are not just commercially accomplished or cognitively adept but make decisions in a way that holistically addresses ethical, societal and ecological dilemmas

CHOOSING THE RIGHT PATH Wise decision-making can help leaders steer their organisation through complex issues 34 Ethical Boardroom | Spring 2018

Decision-making | Board Leadership and takes account of non-financial, as well as financial, factors. What is at stake? We propose that to avoid poor choices (and their reputational and financial repercussions), leaders need to make this shift. Organisations and society are increasingly demanding that they do. Wise leaders are interested not only in the ‘what’ but in the ‘why’. At the heart of wise decision-making lies a series of attributes: the willingness to continuously reflect, guided by a robust personal, ethical framework; to learn with an open mind, seeking alternative options; to proactively seek feedback on one’s attitudes and behaviour and act upon this; to make time for mindfulness practices. Wise decision-making implies a synergy of competences or knowledge, enhanced by a combined form of cognitive, social and moral intelligence. All this is underpinned by experience and guided by values and a clear purpose. As we will discover, if we focus on factors within our scope of control, we can significantly improve our individual propensity to make wiser decisions.

The business case for wise decision-making

Why does wise decision-making matter? In short, because it equips leaders and organisations to deal with today’s complex

Smart leaders become wise when they address the dilemmas of modern business in a holistic way. Not only do wise leaders create and capture vital economic value, they also build more sustainable – and legitimate – organisations business environment. And, increasingly, only businesses that are run in an ethical, holistic way will earn the legitimacy to operate. We see evidence of this shift all around us. In compiling its 2016 list of the world’s 100 best-performing CEOs, the Harvard Business Review took environmental, social and corporate governance (ESG) ratings into account for the first time. And the financial benefits are coming through, too, with a recent study suggesting that highly ‘principled’ CEOs out-perform ‘self-focussed’ peers.1 CEOs whose employees marked them highly on character achieved an average return on assets of 9.35 per cent over a two-year period, nearly five times as much as CEOs with low character ratings.

Admittedly, not all ecological products or ethical services will necessarily turn into profit. And academic research is inconclusive as to whether socially responsible business leaders always outperform their peers. Nonetheless, today’s business ‘champions’ are notable for their ability to generate financial profitability while also scoring highly in terms of ethical and ecological leadership.2 And banks, investors (institutional and individual) and stakeholders (employees and customers) are taking ethical and ecological sustainability increasingly seriously.

Mixed news

How far away are we from a world of ethical organisations, populated by leaders who make wise decisions? Encouragingly, our research shows that leaders already tend to place a high premium on ethics, with a vast majority (99 per cent) checking for ethical misconduct before judging something a success. Most set the moral bar high and display holistic thinking in their stance on hypothetical dilemmas designed to surface tensions between profit, planet and people. Furthermore, when presented with a choice of leadership styles, 86 per cent choose ‘service’ over ‘sovereignty’, showing a desire to fulfil the organisation’s objectives even when it’s not in their own interests to do so.





Reflection Affective intelligence

SELFCognitive LEADERSHIP intelligence Guiding framework


Leadership purpose




Feedbackseeking Mindfulness practices

Smart Accomplished Overcoming biases and Viable enhancing in the insights short-term Commercial


Socio-ethically and environmentally sustainable


Spring 2018 | Ethical Boardroom 35

Board Leadership | Decision-making But before we start congratulating ourselves for excellent moral character, we need to look at how these intentions play out in a business context. This is where we start to find the fault lines. For example, although 82 per cent of leaders believe businesses should exercise a high level of moral responsibility, 71 per cent report that they’ve taken a professional decision that conflicted with their own ethical principles in the last three years. The top three reasons were (a) profit imperatives, (b) local business culture and practices, and (c) the demands of other influential leaders in the organisation. Overcoming these ethical obstacles is possibly made more difficult when only around half of leaders can easily describe their personal mission, or their strengths and weaknesses, or say that their values and principles help them navigate dilemmas.

Issues and opportunities

In today’s complex business environment, leaders and organisations are under increased pressure to provide the best possible products and services while avoiding harm to society or the broader ecosystem and, meanwhile, still deliver a decent return on investment. The study shows us that trying to become wiser decision-makers is a journey, rather than a destination. We found that in a series of critical areas, explored below, there are some fundamental issues – and clear opportunities. Self leadership – how leaders exercise self-governance Most leaders are smart and accomplished, but we find that few consciously reflect on past experience and take learnings into account when making decisions. Only one in 10 leaders habitually dedicate themselves to reflecting on past events, or recalling the past to see if they have changed. We also see that leaders are failing to change route if they realise they may be heading in the wrong direction, with only 33 per cent saying they will always stop or adapt a decision given counter evidence. Furthermore, leaders appear to be taking the easy way out when it comes to involving other people in decisions, with 52 per cent generally using stakeholders as allies to validate their opinions. Only four per cent involve ‘difficult’ people who may raise blocking or delaying questions – the ‘devil’s advocates’ who may provide essential contradictory or alternative information that will likely raise the chances of a well-founded decision. Motivational drivers – what drives leaders’ choices When we present leaders with pairs of contrasting leadership styles, we find that most choose ‘service’ over ‘sovereignty’, ‘virtue’ over ‘value’ and an ‘entrepreneurial’ style over an ‘executive one’. But power is the strongest career motivator, with a hypothetical job description geared 36 Ethical Boardroom | Spring 2018

around a ‘Need For Power’ seen as a promotion by 63 per cent of leaders. Meanwhile, only 10 per cent strongly see as a promotion a job description designed to appeal to wise values and demanding temporary financial sacrifice. Hygienes – how leaders nourish their decision-making health Our study finds that many leaders regularly engage in personal mindfulness practices, but often skip feedback. Proactive feedback-seeking on our attitudes and behaviours is vital for smart and wise decision-making, informed by self-awareness and self-development, but 42 per cent of leaders are passive about seeking it out. Under half (46 per cent) can easily describe their strengths and weaknesses. Reflective practices These include activities that encourage states of ‘flow’ and they are important for awareness and insight. Walking is the most widely-practised amongst the leaders we surveyed, with 62 per cent walking daily or several times a week, and 74 per cent reporting a highly positive effect on their decision-making. But could meditation be even more effective? Only 18 per cent of the leaders we spoke to practise meditation, but 95 per cent of them report a highly positive effect on their decision-making.

What kind of leadership do we need on boards?

All too easily we find ourselves on the slippery slope: unethical behavior develops gradually and ends in a reputational crisis

Over-confidence, unconscious biases and judgment noise, sub-par organisational structures and financial pressures can all mean that accomplished leaders with seemingly robust moral compasses make bad calls that can cause huge reputational and financial damage for organisations. We can all recall a host of headline-dominating scandals and high-profile resignations in the last few years. The journey to wise leadership – for individual leaders and organisations – is no easy road. It usually involves uncomfortable struggles, frequent dialogue and deep reflection. It’s an acute challenge when most incentive systems are rooted in short-term profitability and rarely related to ecologically and ethically sound criteria or meaningful job content. Taking this approach means executives and boards can guide organisations to more sustainable business opportunities – to the ultimate benefit of shareholders and stakeholders, both in the short and long term. There may not be one ‘best’ solution to optimise business opportunities while minimising risks. However, leaders addressing local and global challenges should be part of the solution and not part of a problem at the root of the widespread mistrust in modern business. Fortunately, many techniques can help leaders to make smarter decisions.

Here are just a few points for business leaders and board members to consider on the path to wise decision-making and better governance.


Transcending bias

Crucial for any decision-maker is to increase insights – being creative and innovative – whilst decreasing bias, errors and uncertainties. Combine System 1 and System 2 thinking Gut feel has its place in business, but it must be used in combination with sharp analytical reasoning. Combining System 1 (fast, intuitive) and System 2 (slow, analytical) thinking is an indicator of, at least, smart leadership, but only around half of leaders generally or always apply the combination. Consult yourself and others Leaders must decide how high they set the ‘consultation bar’ in the decision-making process. Conscious reflection on the complexity of a decision and its stakes can help set the process, reduce risk and raise sustainability.

Decision-making | Board Leadership

RUNNING THE RISK Leaders are under pressure to avoid ethical obstacles

It’s crucial to draw on your own experience and the experience of others. Increase diversity at board level Research has found that diversity is associated with better decision-making, and, by association, distinctive strategic choices, creative innovation and competitive advantage. This implies more women, minority groups, different industry expertise and the inclusion of digitally experienced board members where necessary.


Building an ethical positioning

How high do you think the moral bar should be set for your organisation? Between aspirations and practice, where are the biggest zones of difference? What are the stumbling blocks and what’s slipping under the ethical radar of your organisation? What signal-spotting reflexes are in place? These are essential to ensure a company’s ethical antennae are fit for purpose. Any firm is a potential breeding ground for unethical behaviour. Ill-conceived goals and incentives, although originally intended to promote a positive behaviour, may encourage a negative one.

Where are your blind spots? In cases of ‘indirect blindness’, third parties are not held sufficiently accountable. ‘Motivated blindness’ means overlooking unethical behaviour because it’s in our interest to remain ignorant. When we give a pass to ethical behaviour because the outcomes seem to serve the firm, we are ‘overvaluing outcomes’. All too easily we find ourselves on the slippery slope: unethical behaviour develops gradually and ends in a reputational crisis.

3 Honing leadership styles

How can leaders get the best of both worlds? Reconciling leadership paradoxes demands reflection. 3 How can leaders temper an entrepreneurial style by checks and balances to ensure that seizing opportunity (or positive risk) does not lead to poor decision-making (negative risk)? Can a personal mission of ensuring ecological sustainability be reconciled with a ‘sovereign’ style of leadership? possibly, rather than being simple either/or trade-offs. Wisdom can also lie in getting the best of both worlds, transcending opposing views to reach a broader, holistic but still commercially-viable, perspective.

The way forward

In conclusion, a wise leader addresses the socio-economic and environmental dilemmas of modern business in a holistic way. For senior executives and boards, it’s about building sustainable, legitimate organisations, while creating, capturing and sustaining economic value over the long term. As our study shows, the journey from smart to wise decision-making involves ongoing self-reflection and learning. While our findings suggest that most leaders know that this is the path they want to take, many struggle to stick to it due to the daily strains of business and short-term imperatives. Many are missing self-reflection and tough, honest feedback, and need to be wary of letting self-confidence override their willingness to take other opinions on board or to change direction if necessary. It’s a cliché but it’s true: it can be lonely at the top. Isolation from ourselves and our true principles, as well as from others, can undermine wise decision-making. While good practice is crucial – involving the right stakeholders and trying not to fall into thinking traps, for example – it’s also essential to work on our personal processes. This involves investigating our true motivations and strengths and identifying avenues for self-development. Mindfulness is a good place to start. Engaging in one or more reflective practices could make the world of difference, enabling internal answers to emerge and tuning into our core values, principles and mission. Establishing this requires searching questions. For example: to what extent is what I do important to me? Is there really nothing more important for me? What is the essence of my (personality) profile? How can I best use my resources – for myself and for others? What goals do I need to set for myself to ensure that my life has sense and meaning? What do I really want for myself? These measures will equip leaders to better address the increasing external pressures applied by a widening spectrum of stakeholders and to re-build the trust that is still sorely lacking. In the modern business environment, it’s organisations with wise leaders and boards that will succeed in the long run. 1 Kiel, F., (2015b), Measuring the Return On Character, Harvard Business Review, April: 20-21 2Harvard Business Review Staff, (2017) The Best-Performing CEOs In The World 2017, Harvard Business Review, NovemberDecember 3Meyer, R., Meijers, R., (2008), Sovereign Or Servant, Cross Fertilizing 20 Approaches To Develop A Robust Leadership Style ©Krauthammer & Strategy Academy. The publication of the report coincided with the launch in October 2017 by Meyer & Meijers of Leadership Agility: Developing Your Repertoire Of Leadership Styles, London and New York, Routledge, Taylor & Francis Group. The authors invite leaders to exercise agility, experimenting with broadening their range beyond their ‘default’ styles. See the Full Report for more key references: Alves et al., (2014), Ardelt (2003), Chen et al., Rovira & Trias De Bes, (2004), Soll, et al., (2015), Magnien et al., (2002).

Spring 2018 | Ethical Boardroom 37

Global News Asia SGX rewards companies that address compliance Listed companies in Singapore with good corporate governance (CG) practices and compliance track records can now enjoy fast-tracked approval for certain corporate actions. Singapore Exchange Regulation (SGX RegCo) has launched the SGX Fast Track programme to recognise listed companies that have a high corporate governance standing. Companies in the programme will have prioritised clearance for selected corporate action submissions to SGX RegCo, such as circulars, requests for waiver and applications for share placement. Tan Boon Gin, CEO at SGX RegCo, said: “Encouraging companies to achieve good corporate governance standing is just as important, if not more, than disciplining those that fall short. We hope this programme will motivate more companies to pursue higher CG standards, a better compliance track record and quality submissions to the exchange.”

Singapore urged to improve diversity Progress towards achieving gender parity in Singapore companies and boards has ‘been minimal’, according to the Asean Corporate Governance Scorecard 2018. Thirty-seven per cent of 100 Singapore companies provided detailed and measurable diversity policies, yet only four reported on progress towards achieving those objectives. Six in 10 companies had no women directors; three in 10 had just one. The scorecard — a joint initiative of the Asean Capital Markets Forum and the Asian Development Bank — also indicated that the development of corporate governance practices in Singapore has ‘flatlined’ with a gap in standards between large-capitalisation companies and the rest of the field widening. John Lim, nominated corporate governance expert to the Asean Scorecard, said: “There is a lot of room for improvement for Singapore companies. What with the education standards we have, the development we have, we should be much, much higher (ranked) than this.”

Hong Kong should monitor governance Hong Kong lags behind international best practices in corporate governance and could do more to protect shareholders’ interests, according to a new study. The study by the Hong Kong Institute of Certified Public Accountants (HKICPA), conducted by two scholars at the University of Hong Kong, suggests the city’s government should establish a corporate governance unit to protect investors. The report says: “While in some areas the

38 Ethical Boardroom | Spring 2018

corporate governance system is well developed and goes further than other markets, such as the non-statutory regulations governing connected party transactions, the adequacy of enforcement discipline and availability of shareholder remedies remain a concern.” A high-level ‘corporate governance policy unit’ could lead and coordinate policy formulation for a strong corporate governance framework, the HKICPA says.

India agrees to update policies

Capital market regulator Securities and Exchange Board of India (SEBI) has approved most changes to the corporate governance framework for listed companies. According to reports, 65 of the 80 recommendations made by the Kotak Committee on corporate governance have been accepted, either fully or partially. Among the approved recommendations was splitting the roleS of chief executive officer, managing director and chairperson for the top 500 listed firms from April 2020, according to a statement by SEBI. SEBI’s approval comes after a 23-member panel, led by Indian billionaire businessman Uday Kotak, had submitted its suggestions in October last year.

China investigates Lai Xiaomin for suspected graft China’s anti-corruption watchdog has announced it is investigating the former chairman of Huarong — one of the country’s largest financial asset management companies — for alleged corruption. In the latest string of probes into high-profile financial executives, Lai Xiaomin — who recently resigned — is under investigation for disciplinary and legal violations. The official allegations against the 55-year-old have not been disclosed. Staff at several subsidiaries of China Huarong Asset Management in Hong Kong were also recently forced to surrender personal travel documents to the company or face unspecified punishments, according to the Financial Times.

Board Governance | Succession Planning GAME CHANGER Samsung denies illicit lobbying for 2018 Winter Olympics

Samsung and the 2018 Winter Olympics Free gadgets and rumours of illicit lobbying put the South Korean company under the watchful eye of the country’s antitrust tsar Many observers will remember the 2018 Winter Olympics for two things: 1) the rapprochement between Seoul and Pyongyang following the participation of North Korean athletes; and 2) the North Korean charm offensive led by the sister of reclusive leader Kim Jong-un. But another invited guest also played a starring role at the Games – Samsung. Ironically, all the Winter Olympic athletes – except those from North Korea – received special-edition Samsung Galaxy Note 8 devices that were gifted to them by the company upon their departure from Korea. During the Games, Samsung invited all spectators to visit its special pavilion where they could play with virtual reality headsets and other electronic gadgets. However, the real story behind Samsung’s charm offensive at the Games touches upon many pain points in South Korea’s unique economic and political cultural landscape. Samsung is the largest conglomerate in the country, but has run foul of the law on several occasions and shown to have disregarded basic principles of corporate governance. The current government, led by 40 Ethical Boardroom | Spring 2018

Morten Bennedsen & Brian Henry

Morten Bennedsen is the André and Rosalie Hoffmann Chaired Professor of Family Enterprise and Academic Director of the Wendel International Centre for Family Enterprise, INSEAD. Brian Henry, PhD, is a Research Fellow, INSEAD President Moon Jae-in, has sent a strong message to Samsung and other chaebol leaders (chaebol is a combination of the Korean words for wealth and clan) that they must change their ways. But reform will take time, as the story behind Samsung’s participation at the Games will demonstrate.

A presidential pardon

Samsung’s presence goes back to the presidential pardon of the company’s chair nearly 10 years earlier. The second-generation leader of the family-owned company, Lee Kun-hee, who was 76 at the time of writing, was pardoned in December 2009 by Lee Myung-bak, who was the president of South Korea from 2008 to 2013. In August 2009, a judge convicted Lee Kun-hee of embezzlement and tax evasion and sentenced him to a suspended three-year term in prison and ordered him to pay $100million in fi nes. His crimes were to have illegally engineered for his only son and two daughters significant stakes in two Samsung affi liates via the sale of convertible bonds. Blocks of shares

were sold to his children at prices far below their market value. When these outrageous transactions became known, Lee was prosecuted. To halt the wheels of justice, he created a slush fund of more than $200million with which to bribe prosecutors and politicians into disregarding his illegal activities. Prosecutors had sought a sentence of seven years in jail and a fi ne of $350million. The reason why Lee wanted to ‘gift’ the shareholdings to his three children in the fi rst place dates back to his health problems, which emerged in the late 1990s, when he was diagnosed with cancer. Lee realised then that he needed to put a succession plan in place to enable his heirs to maintain ownership over Samsung and its 70 affi liates. Lee Kun-hee does not now have long to live. In May 2014, he suffered a massive heart attack which left him incapacitated on the top floor of Seoul’s Samsung Medical Centre. Since then, he has been the nominal chair of Samsung, leaving his only son as the de facto chair of the business. No news about his health has since been released, although

Succession Planning | Board Governance his succession plan was only partially completed at the time of his sudden health deterioration. According to Lee Myung-bak, the Samsung leader was pardoned in exchange for his help in securing Korea’s right to host the 2018 Winter Olympics. However, this legendary version of events has been recently contested by a former Samsung vice chair named Lee Hak-soo, who has alleged in court that the underlying reason for the presidential pardon was that Lee Kun-hee had agreed to pay $3.7million in legal fees to an American law firm that was representing a company that Lee Myung-bak’s brother owned. The news of this illegal deal has been covered widely in the Korean press, including the JoongAng Daily, ever since and the former president was placed under investigation for bribery and abuse of power in February 2018.

Samsung promotes Olympic bid According to the so-called official story, Lee Myung-bak pardoned the Samsung tycoon so that he could participate on the Korean Olympic Committee (KOC), which was gearing up for a third time to win over the International Olympic Committee (IOC) vote in favour of the Korean bid; the first two Korean bids had failed. When Lee Kun-hee agreed to the proposition, the chair of the Korean Olympic Committee wrote that Samsung would provide the ‘reinforcements of a thousand soldiers and ten thousand horses’. This was an oblique reference to the offices and personnel that Samsung eventually put at the disposal of the KOC in key cities around the world to organise meetings and events with the IOC. Over a period of 18 months, a committed Lee Kun-hee travelled around the world to lobby IOC voters wherever and whenever they met, allocating the resources of Samsung affiliates to win the bid. In 2011, the IOC voted in favour of Korea’s bid to host the games. By this time, Lee’s earlier conviction had been forgotten and he returned to Samsung as chair of Samsung Electronics, the company’s crown jewel.

Second generation strategy shift Forbes recently estimated that the net worth of Lee Kun-hee was $20.2billion, making him the wealthiest man in Korea. His enterprising father, who had many children, had the good fortune to establish a company a few years before the country became independent. In 1938, the founder, Lee Byung-chul, started a trading firm dealing in foodstuffs. Once Japanese occupation ended, the entrepreneur started diversifying and exporting. When General Park Chung-Hee came to power in a coup d’état in 1963, Lee aligned his business model with the imperial dreams of a dictator who wanted to transform Korea

into the world’s first factory of the world. Only those chaebol business leaders who were willing to oblige General Park in his pursuit of power survived. In return, the chaebols were showered with lucrative contracts by the US government as a payback for the general’s dispatch of more than 300,000 troops to the Vietnam War. Lee Byung-chul was an obliging man – he even gave up control of his own financial institutions so that he could be seen as completely dependent on General Park. While the Korean workforce was known for its prodigious productivity, General Park outlawed trade unions and held wages down to a minimum. Working for a pittance for most of their lives, pensioners have now come to believe that the chaebol families have amassed all their wealth on their backs. By the time of his death in 1987, Lee Byung-chul had diversified Samsung across so many sectors of the economy that it went well beyond the dreams of most Western conglomerates. For the export market, the company produced cheap goods that competitors in western countries could not undercut. Lee’s third son, Lee Kun-hee, inherited the empire and expanded it even more through organic growth. Around this time, however, China had suddenly emerged

In the late 1990s, the Asian financial crisis struck South Korea hard, hitting the chaebols that were dependent on export earnings. Along with many others, Samsung nearly went into bankruptcy as a major competitor to Korea. Chinese labour was even cheaper than Korean labour and, gradually, China was overtaking Korea in the supply of cheap goods to western countries. Ironically, many chaebol leaders in Korea did not take seriously China’s ascendance as the second factory of the world, until it was too late.

Asian financial crisis

In the late 1990s, the Asian financial crisis struck South Korea hard, hitting the chaebols that were dependent on export earnings. China was impacted, but not so much. Along with many others, Samsung nearly went into bankruptcy. A $40billion programme launched by the International Monetary Fund successfully shored up the economies of Korea, Thailand and Indonesia, the three countries most affected by the sudden devaluation of their currencies. However, many businesses went bust.

The Asian financial crisis was a wake-up call for Lee Kun-hee. To survive, he realised he could no longer compete with Chinese-made exports. His vision suddenly came to him. Samsung must become a leader in innovative, high-quality goods. To this end, he decided to do something that would leave a mark on thousands of Samsung employees. He turned up unannounced at one of the many Samsung factories making phone handsets and instructed all the employees to come down to the shop floor. There, he gathered hundreds of cheap handsets and called them ‘cancers’ for their defects. He then ordered a bulldozer to put about 150,000 of them in a pile before setting them alight. Many employees were sickened by the sight and smell; some became so distraught that they broke down in tears. He then organised a meeting with all his top managers at the Samsung HQ in Seoul where he issued his most famous ultimatum: “You must change everything, except your spouse and children.”

Samsung takes quality to heart

Eventually, management at Samsung got the message. Lee Kun-hee changed Samsung’s business model on many different levels. It entered into joint ventures with partners abroad to manufacture televisions, refrigerators and video equipment. It also used FDI to establish regional headquarters in China, Europe, Singapore and North America. In addition, the second-generation leader set up factories in China and other countries to manufacture consumer electronics and appliances. By 2005, Samsung had established 64 manufacturing and sales subsidiaries and 13 R&D centres around the world. In so doing, Lee Kun-hee was able to take advantage of local talent and be closer to his customers. Lee Kun-hee also started hiring westerners at management level to stimulate innovation and idea generation, a move that shook up a culture that had been based on internal country-level contracts. Those foreigners who learned the Korean language were more likely to stay than those who did not try to integrate into the local workforce.

Tax evasion comes back to haunt Lee Kun-hee

Even though salaries have gone up in South Korea – the minimum wage has been raised by 16 per cent recently – many pensioners discover that they have almost nothing to live on. In fact, poverty has afflicted 50 per cent of the elderly, the same people who powered the transformation of South Korea into a wealthy country. But the over-65s still have the ballot box to turn to if they want to make reforms happen and in 2017, President Moon Jae-in was elected on a platform to reform the chaebol system. Spring 2018 | Ethical Boardroom 41

Board Governance| Succession Planning Lee Kun-hee was one of those leaders who came under renewed scrutiny by the new government. A formal investigation has been launched into his suspected evasion of $7.5million in taxes. It is alleged that he set up more than 260 fictitious bank accounts that held $350million under the names of more than 70 Samsung employees. In addition, the Moon government has investigated several brokerage firms, including Samsung Securities, for helping Lee Kun-hee conceal his income illegally. Thus far, the brokers have been fined $96.7million.

Third generation succession crisis leads to jail

Following his father’s heart attack in 2014, Lee Jae-yong became the de facto chair of Samsung, but he still did not own enough shares to prevent any disgruntled shareholders from challenging his ownership. He knew Samsung Electronics well, having joined it in 1991, become its president in 2009 and vice chair in 2013. With his father still alive, though, he needed to increase his stockholdings so that he could be considered a controlling shareholder of Samsung. To this end, he engineered a controversial merger between two Samsung affi liates, Samsung C&T and Cheil Industries, in 2015. Activist investor Paul Singer, who owns the US hedge fund Elliott Management, tried unsuccessfully in a South Korean court to block the merger, which went against the interests of minority shareholders. But soon after the merger took place, Lee Jae-yong was investigated and found guilty of bribing Park Geun-hye, the former president of South Korea from 2013 to 2017. A judge sentenced him to five years in prison; several Samsung executives were also convicted. He spent nearly a year in prison before an appeals court reduced and suspended his sentence in February 2018, releasing him from jail a week before the opening of the Winter Olympics. As for Park Geun-hye, she was convicted in April 2018 of graft, abuse of power, coercion and bribery and sentenced to 24 years in prison. It remains to be seen whether the former president will have her sentence suspended as was the case with Lee Jae-yong. With an estimated net worth of $7.8billion, and not yet 40 he still has his options open as he gradually returns to his duties of running Samsung, while wisely keeping a low profi le. He even disappointed many of his fans by not attending the Winter Olympics. However, the 2015 marriage that he officiated between Samsung C&T and Cheil Industries served him well. He now has a large enough stake in Samsung to make him the controlling stakeholder; furthermore, his stake will increase when he inherits his father’s shares. Thus, the colossal enterprise, consisting of about 62 business units that are involved in dozens of economic sectors, from 42 Ethical Boardroom | Spring 2018

telecommunications to fashion, from pharmaceuticals to heavy industry, can push ahead with some big deals that were put on hold while the de facto chair was in prison. Most western consumers know Samsung for its consumer electronics division, but how many would guess that it owns the exclusive The Shilla hotel in Seoul, one of the most luxurious hotels in Asia. Lee Boo-jin, the 47-year-old sister of Lee Jae-yong, has run it since its opening in 1979. Samsung’s 16 publicly-traded companies dominate the South Korean stock exchange (Kospi), accounting for about 30 per cent of the total market capitalisation. Lee Jae-yong was not the only chaebol leader who was convicted of bribing former president Park Geun-hye. In February 2018, Lotte Group chairman Shin Dong-bin stepped down as head of the chaebol to start serving a sentence of 30 months in prison. Like Samsung, Lotte operates business activities in many sectors of the South Korean economy. His resignation, however, could lead to a major succession crisis in the Shin family, as his older brother has threatened to launch a renewed bid for power.

Some critics, however, have argued that Samsung was too ubiquitous at the Games to the extent that many Olympic experts are now demanding that corporate sponsors of future Games keep a neutral posture before and during the event Constitutional reforms

Meanwhile, the pressure is still on the government to shake up a system that is a holdover from previous pro-chaebol administrations. At the constitutional level, President Moon wants to decentralise power away from the presidency, where power has been concentrated since an independent South Korea was established after World War Two. President Moon has submitted proposals to amend the constitution to create an American-style presidential system with a four-year presidency and a two-term limit. He also wants to lower the legal voting age from 19 to 18 and delegate more power to the office of the prime minister. The debates leading up to these political reforms have been driven by the long-running abuses of power at the Blue House, the home to South Korean presidents. Nearly all former presidents have been accused of corruption, but the country’s reputation for poor corporate

governance is changing for the better. And Paul Singer of Elliot Management is back again. He recently bought a $1billion stake in Hyundai Motor Group, so that he could put pressure on the auto giant to improve its corporate governance.

Reforming the chaebols

Chaebols are where social and economic power have resided in Korea ever since WW2. During his presidential campaign, President Moon promised to reform the chaebols. The top five chaebols, Samsung, Lotte, LG, Hyundai, SK – are worth by some estimates more than half of the country’s export-driven economy. As conglomerates, the chaebols consist of hundreds of affi liates whose brands dominate almost all sectors of the South Korean economy, to such an extent that they suffocate entrepreneurial activity. Each operates like a mutually exclusive partnership, making it difficult for start-ups to enter the supply chain. Even on the inside, the chaebols are known to negotiate lopsided terms with their external contractors that render it difficult for them to expand their scope and size. To make the playing field more level between the chaebols and their contractors has been one of President Moon’s main goals. In June 2017, he appointed as chair of South Korea’s Fair Trade Commission, a man who holds that the fruits of economic growth should be evenly distributed. Kim Sang-jo, otherwise known as the ‘Chaebol Sniper’, has called upon chaebols to end their exploitation and voluntarily improve the lives of contractors, small business owners and start-ups.

Déjà vu for nut-rage lady

His job will not be easy. Take the case of Heather Cho, the eldest daughter of the chair of Hanjin Group, a chaebol that owns Korean Air among many other businesses. In 2014, she made headlines as the ‘nut-rage heiress’ while on a plane owned by her father. Unhappy with the crew’s way of serving macadamia nuts, she struck a flight steward and demanded the aircraft return to its terminal in New York. She was convicted of a violation of aviation laws, sentenced to a year in jail and was released after a few months following a ruling by an appeals court. Four years later and Heather Cho has recently been named the CEO of Hanjin’s hotel chain. Now that Lee Jae-yong is back, Samsung will benefit from his leadership but will also reap the rewards of his father’s hard work at attracting the Winter Olympics to Korea. Some critics, however, have argued that Samsung was too ubiquitous at the Games to the extent that many Olympic experts are now demanding that corporate sponsors of future Games keep a neutral posture before and during the event. Perhaps the Chaebol Sniper would agree with this proposal.

Hosted by

Premier partner

ICGN Annual Conference Milan 2018

UniCredit Pavilion, Milan 25 – 28 June ICGN is delighted to hold our Annual Conference across four days this summer in Milan. The event will convene over 450 of the world’s most influential investors and companies to discuss critical corporate governance issues.

MEET & HEAR FROM 100 + INTERNATIONAL SPEAKERS Rajeev Vasudeva Chairman, Egon Zehnder Patrizia Grieco Chairman, Italian Corporate Governance Committee and Chairman, Enel Gian Maria Gros-Pietro Chairman, Intesa Sanpaolo Barbara Novick Vice Chairman, BlackRock Andrea Sironi Chairman, Borsa Italiana and Board Member, London Stock Exchange Group

REGISTER Ethical Boardroom is thrilled to be a media partner of this event and offer exclusive reduced* rates. Register via ICGN website Select: Non-Member Select: Delegate

Choose: Conference only OR Conference & Focus On Italy

Input Discount Code: M18EBCA (Conference & Focus on Italy £1125 + IVA) OR M18EBCO (Conference only £940 + IVA) *Standard Non-Member rates are: £1275+ IVA (Conference & Focus on Italy) or £1125+ IVA (Conference only)



For delegate and booking queries please contact:

Board Governance | Executive Pay INSIGHT INTO COMPENSATION New reforms in the US reduce corporate and individual tax rates

Kelly Malafis & Takis Makridis

Kelly is a founding Partner of Compensation Advisory Partners (CAP) in New York. Takis is the President and CEO of Equity Methods

Executive compensation performance metrics and tax reforms Five important lessons to learn from the rollout of the Tax Cuts and Jobs Act Just in time for the new year, President Trump signed the Tax Cuts and Jobs Act, which presents the most sweeping changes to the US tax code in decades.

As finance chiefs rushed to incorporate changes in their year-end financials, compensation leaders were assessing the effects on incentive plan payouts for performance periods ending in 2017. The considerations before them included whether to allow financial windfalls or shortfalls stemming from tax reform to impact payouts on bonus plans and long-term incentive plans (LTIPs). They also needed to give thought to incentive plans measuring performance beginning in 2018 under the new tax regime. The issues that tax reform presented during the fi rst few months of 2018 offer 44 Ethical Boardroom | Spring 2018

important lessons for the compensation professional. They cut across a number of important areas, such as how to measure performance on outstanding performance plans when there are unplanned exogenous shocks, set performance goals amid uncertainty and draft incentive plan language that confers an appropriate degree of flexibility. In this article, we share five important lessons, along with their broader implications for managing both short-term and long-term incentive plans that are linked to corporate performance.


Exogenous shocks create pressure to adjust performance goals

Tax reform is an exogenous shock because it could not have been contemplated in advance. It also disrupts what a company

thought would be reasonable operational performance. Th is means that currently outstanding performance plans – namely, the short-term bonus plan in effect and all outstanding LTIPs  may be impacted in some way. An accounting standard change is an exogenous shock as well. For example, in 2018 most companies will adopt the new revenue recognition accounting standard (called Accounting Standard Codification No. 606, or ASC 606 for short). For many fi rms, this new standard will substantially slow down their ability to record revenue. Because tax code and accounting standard changes are outside company or executive control, the consensus is that executives should be insulated from the positive or negative effects of such changes. Tax reform, for example, had negative year-one

Executive Pay | Board Governance

implications for companies that maintained more deferred tax assets than deferred tax liabilities. Importantly, these firms did nothing wrong; the short-term reduction did not result from any decisions they made. Small wonder that more than 80 per cent of companies we surveyed decided to adjust their performance metrics to remove any positive or negative effects of tax reform.

performance 2 Adjusting metrics might trigger

onerous accounting

Tax reform prompted many companies to conclude they needed to adjust their performance metrics upward or downward, only to discover that these adjustments would trigger problematic accounting on any outstanding LTIPs. In particular, adjusting performance targets could be construed as an ‘award modification,’ resulting in a large unplanned accounting charge. Worse, an award modification could invalidate the favourable tax treatment of outstanding awards grandfathered under Section 162(m) of the tax code, thereby costing a company potentially tens of millions of dollars in tax deductions. But this unfavourable scenario affects only some companies and not others. Why? An award agreement may specifically state that

performance metrics will be adjusted in the event of tax code changes. If that’s the case, then adjusting performance metrics up or down is not a modification to the terms but rather an action entirely consistent with the terms already in place. Unfortunately, it’s not uncommon for award agreements to contain boilerplate language that says performance metrics will be adjusted in the event of an accounting standard change without mentioning the same for tax code changes. As a result, firms are studying their award agreements to identify any missing considerations that could require adjustments to calculated performance or the metrics themselves. Their intent is to structure award agreements, so they automatically permit adjustments as necessary to neutralise the effects of undesirable exogenous shocks. This shift

The issues that tax reform presented in the first few months of 2018 offer important lessons for the compensation professional

towards more flexible language will also likely show up in stock plans being submitted for shareholder approval.

be too liberal in adding 3 Don’t discretionary problems

Some companies took stock of the prior lesson and changed their LTIP award agreements to provide near-limitless flexibility for discretionary adjustments in response to unforeseen future events. This accomplished the goal of not triggering an award modification. However, it created an even worse accounting problem. By inserting so much subjectivity regarding the available adjustments, it became impossible to specify an accounting grant date upfront at the point of award issuance. To have an accounting grant date, the key terms of an award need to be locked down so that recipients clearly understand what they must do to earn the award. If the terms are so flexible that the compensation committee has almost limitless discretion to make adjustments down the road, it’s not possible to claim an upfront meeting of the minds. Deferring the grant date triggers mark-to-market accounting that many companies aim to avoid.

Spring 2018 | Ethical Boardroom 45

Board Governance | Executive Pay The most effective approach, as we note below, is a Goldilocks one: not too hot, not too cold. Companies must provide for the right pockets of discretion without embedding excess subjectivity into how payouts are determined. One outcome of tax reform may be an increased use of discretion in annual cash bonus plans. With the elimination of the performance-based compensation exemption from Section 162(m), companies may choose to use more qualitative measures, such as individual performance or strategic milestones. They also may add some elements of discretion in determining annual cash incentives since these awards do not have the same accounting limitations as stock-based awards. While objective measures are no longer required for tax purposes, companies will likely continue to provide transparency to annual incentive plan decision-making, a practice many institutional investors and proxy advisory firms have come to expect. A shift towards more discretionary language in long-term, stock-based awards is likely but requires much more careful and deliberate calibration of the language to avoid triggering mark-to-market accounting. Since there aren’t bright lines to follow, any changes to the award agreement language should involve considerable socialisation with internal stakeholders and external auditors.

metrics adjusted to factor in the now-known ramifications. For example, an LTIP award issued in 2016 that covers fiscal year performance in 2016, 2017 and 2018 will be influenced by the year-one effects of ASC 606. That said, when performance metrics were set in early 2016, the impact of ASC 606 was not yet known. The natural solution then is to disentangle the effects of ASC 606 from the performance measurement process. That’s easier said than done. For some companies, ASC 606 alters how quickly they recognise revenue across hundreds of thousands of customers’ contracts. Once companies adopt the accounting standard and make the associated systems changes, they no longer have a parallel universe revealing what revenues would be had they not adopted the standard. In short, it may be conceptually simple to adjust out the exogenous shock of adopting ASC 606, but mechanically, there might not be a straightforward way to do this. The problem therefore is twofold. It’s not clear how to forecast the full aftermath of an

proposed decisions are compliant. Tax teams have to identify potential tax penalties or lost deductions. Accounting teams have the job of flagging adverse financial effects and modelling performance adjustments. The compensation committee must understand all of this activity so they can balance shareholder and executive interests. And, of course, executive LTIP recipients need to feel that their treatment is fair. As we reflect on how firms have responded to tax reform, the ones that had the most successful outcomes were not necessarily those with the most flexible language in their award agreements. Neither were they the ones who avoided the negative effects of tax reform. Rather, they were the firms that demanded strong collaboration among their functions. This resulted in compensation committees that felt adequately prepared and executive recipients who had advance insight into compensation decisions. Said differently, success depends not so much on the actual problems than on a strong, integrated process to deal with them.

TRUMP’S TAX REFORM BILL Changes to US legislation will impact executive compensation

one thing to know that 4 It’s an adjustment is necessary.

It’s quite another to know what adjustment to make

In mid-January, we spoke with some companies who said they needed to delay their annual When it comes to LTIP award because they were still trying to model the structuring and expected multi-year effects of documenting tax reform. “They were able incentive award to back out the immediate exogenous shock. Neither is effects of tax reform on agreements – and it easy to gauge what would awards paying out, however, have happened without the coping with they felt unprepared to set shock. The most pragmatic goals for new awards due to surprises – leading approach may be to develop remaining uncertainty about a financial model that organisations the long-term effects of tax untangles the effects of reform. Weeks later, with whatever exogenous shock measure twice uncertainties mounting, is of concern. The earlier and cut once many of those companies set this is done, the easier it is to performance goals anyway acquaint key stakeholders with for the simple reason that they could delay no the model and document the assumptions longer. What this situation illustrates is that that play into year-end decision-making. the need to take exogenous events into Better answers account does not guarantee clarity in how come through crossprecisely to do so. departmental collaboration The new accounting revenue recognition The problems we’ve discussed so far affect standard, ASC 606, presents a similar multiple functions. Compensation teams dilemma. It’s clear that performance need to manage the decision-making awards granted prior to the release of this process. Legal teams must make sure that accounting standard should have their


46 Ethical Boardroom | Spring 2018

Putting it all together

In this article, we’ve chronicled five lessons from the rollout of the Tax Cuts and Jobs Act as it relates to performance measurement and compensation plans. We’ve also shown how the same lessons apply to adjacencies such as the revenue recognition accounting standard ASC 606. The takeaway? When it comes to structuring and documenting incentive award agreements – and coping with surprises – leading organisations measure twice and cut once. They take care to balance flexibility with accounting rules. They also assemble cross-functional teams that can anticipate and manage the issues that come up. With these elements in place, companies are well-positioned to withstand exogenous shocks so that their leadership can continue making the most effective decisions for their shareholders and executives.

Chart Chartthe theright rightcourse coursefor for your yourboard boardgovernance. governance.

Discover Discover The The Meridian Meridian Difference. Difference. With our experience, With our experience,knowledge, knowledge,independent independent thinking and trusted thinking and trustedadvice, advice,we wehelp helpour our clients make informed clients make informedbusiness businessjudgments judgments onon executive pay executive payand andgovernance governancematters. matters. Experience the difference Experience the differencefor foryourself. yourself. Contact usus atat Contact

Independent advice. Effective solutions. Independent advice. Effective solutions.


Board Governance | Cloud Services

Patrick Velay

Patrick is an internal auditor

Cloud governance within financial institutions How internal audit can address the risks of Cloud software and infrastructures in the boardroom Since the Seventies and the widespread adoption of computers, technological innovation has been considered to be one of the most influential developments affecting the financial sector. Cloud services are already part of the professional life of many board members who are using, for instance, remote access to board materials, agendas, calendars and supporting resources. Cloud services are becoming a key business enabler to deliver value to customers. Cloud services, also known as Cloud computing, usually refer to a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.1 Th is includes, for example, private, public or hybrid Cloud, as well as infrastructure as a service (IaaS), such as datacentre, platform as a service (PaaS) and software as a service (SaaS). Legal and regulatory considerations

The cloud services lifecycle

Cloud services come with the promises of cost savings and flexibility. Due to the complexity of the matter, addressing key aspects of Cloud services may appear to be a challenging task. Th is article introduces the reader to the Cloud services lifecycle. Th is tool allows board members to have comprehensive discussions with senior management on the risks associated with Cloud services. A key characteristic of this approach is to look at Cloud services as outsourced services.


Legal and regulatory matters In many countries, recourse to Cloud services cannot result in the delegation of the bank’s management responsibility. The credit institution should determine and document that no legal and regulatory requirements might be circumvented by using Cloud services. The board of directors should ensure that the inventory of legal and regulatory requirements has

Risk assessment

Vendor selection

Implementation /transition


48 Ethical Boardroom | Spring 2018

Vendor oversight

been reviewed in light of the Cloud strategy. Th is fi rst step may lead to the identification of legal and regulatory conditions impacting the feasibility of the Cloud services. assessment 2 Risk The ultimate responsibility for

the proper management of the risks associated with Cloud services lies with the outsourcing institution. Since risk is the effect of uncertainty on objectives, the risk assessment should start with a business perspective. 2 The board should ensure that management has determined and documented whether: ■■ The Cloud service is essential or critical to achieve the business objectives of the bank ■■ The bank has the capability to select and monitor the Cloud services provider Recent data leakages involving Cloud services have involved deficiencies from the customers of Cloud services. 3 The board should therefore require senior management to review the IT risk assessment including, among others: ■■ Connectivity – connections and access points to Cloud services, including management interfaces, should be identified, mapped and assessed ■■ User access controls – physical and logical access controls should be reviewed ■■ Network controls – networks should have secure boundaries that are properly segmented and monitored The board of directors should ensure that the risk and control assessments of the bank are periodically reviewed.

Cloud Services | Board Governance TAKING TO THE CLOUD Companies that allocate resources to outsourced computing must assess risk

Cloud services come with the promises of cost savings and flexibility. Due to the complexity of the matter, addressing key aspects of Cloud services may appear to be a challenging task.

Spring 2018 | Ethical Boardroom 49

Board Governance | Cloud Services CLOUD STRATEGY ASSESSMENT Boards must regularly evaluate and control the actual results of the Cloud Strategy

selection 3 Vendor The vendor selection process is

fundamentally influenced by the needs and requirements identified in the two previous steps. The due diligence includes the typical evaluation of the reputation and financial performance of the provider. However, when it comes to Cloud services by a financial institution, it is important to include other factors, such as: ■■ Full right of access, whether by the bank, the supervisors, or anyone appointed by them, to the premises and data used for providing the services ■■ Unrestricted rights of inspection and auditing by the bank, the supervisors, or anyone appointed by them ■■ Appropriate level of confidentiality, integrity, availability, continuity and traceability of data and systems ■■ Assurance over the geographical location of the data storage and processing ■■ Guarantees over the conditions of manual processing within the provider ■■ Transparency with respect to chain outsourcing (sub-outsourcing) ■■ Exit arrangements without undue adverse effects on the bank or its customers

THE LOCK-IN EFFECT Be aware that not all Cloud services providers have capabilities to make data or systems portable from one provider to another. In some cases, migration to another provider or back in-house has never been performed or tested. The risk of dependency should be considered during the selection of the Cloud services providers.


Implementation and transition The introduction of a new Cloud provider can be a source of risks, failures and disruptions. The board should determine whether the below topics have been considered: 50 Ethical Boardroom | Spring 2018

■■ Negotiation of contracts and technical details, including the fall-back (exit) plan ■■ Notification of supervisors if applicable ■■ Update of controls and procedures relevant to, for instance, risk management, compliance, IT security, outsourcing or business continuity ■■ Training of relevant employees, including the board and senior management when relevant4 ■■ Access to subject matter experts at all levels of the organisation ■■ Anticipate and manage corrections, adjustments and disruptions ■■ Test of the services and related controls and safeguards

HOW INTERNAL AUDIT CAN SUPPORT THE BOARD AND THE AUDIT COMMITTEE ■ Assess the company’s governance process for planning, selecting, implementing, monitoring and exiting Cloud services ■ Surface deficiencies in the design of the policies and procedures that support the Cloud services lifecycle ■ Provide assurance regarding the effectiveness of policies and procedures ■ Evaluate controls associated with each step of the Cloud services lifecycle ■ Ensure the existence and reliability of reports in case of material adverse events (such as breaches or disruptions) ■ Drive continuous improvement through periodic testing and evaluation

oversight 5 Vendor The board should ensure that the

institution monitors the performance and condition of services, including incidents, on an ongoing basis. Oversight duties should be allocated within the institution from the operational to the strategic levels. Monitoring of the provider and the services goes beyond the services provided to: ■■ Major changes affecting the provider, e.g. ownership or profitability, may impact services received by the institution. These changes should be identified, assessed and acted upon ■■ Regulatory changes may affect the conditions of delivery of the Cloud services The level of monitoring should be proportionate with the level of criticality of the services provided. decision 6 Exit Services received may deteriorate.

The bank should develop and implement contingency and exit plans that are comprehensive, documented and tested as appropriate. Also, a bank may fail. The Cloud services may be required by law to

be organised so that it does not hinder the orderly wind-down of the institution or add more complexity.

Conclusion: the outsourcing policy

Some institutions may decide to create a Cloud services policy to communicate their expectations with respect to the control and management of these services. However, since the bank’s approach and processes for outsourcing are usually described in an outsourcing policy, it may be more efficient to revise this policy in light of the Cloud services strategy. Whatever the approach, the board should ensure that the policy describes the key controls covering the services from their inception to the end of the contract. NIST SP 800-145 : detail/sp/800-146/final 2ISO 31000:2018 “Risk management – Guidelines” 3For example: https://www. -by-cyber-attack-revealing-clients-secret-emails 4 See for instance the Circular No. SRD TR 03/2015 issued by the Monetary Autority of Singapore requiring to train the board on IT risks and cybersecurity. 1


Visit The IIA’s Stakeholder Resource Exchange to gain an in-depth understanding of internal audit best practices. Sign up for a free subscription to Tone at the Top, a bimonthly publication with concise information and perspective on top-of-mind issues and guidance for boards, audit committees, and senior management.


© Mohammed


Global News North America

Musk declines ‘bonehead’ analyst questions listening to the call. Following the unusual conference, Tesla’s stock fell by five per cent. Jeremy Owens, tech editor at MarketWatch, said that ‘Elon Musk acted like a jerk and Tesla stock paid the price’, adding: “Tesla has the chance to be a world-changing and profitable company that pushes us to a more sustainable and cleaner future, mostly because of Elon Musk. It also has the chance to be an unmitigated disaster that collapses under the weight of outlandish ambitions and debt, mostly because of Elon Musk.”

Xerox boss ousted in Fujifilm merger row

US tax reform boosts shareholder activism

Jeff Jacobson has agreed to step down as chief executive of Xerox after the US printer and copier maker reached a deal with two of its largest shareholders. The boss of Xerox and six board members said they would resign after the firm reached a deal with major shareholders who opposed a takeover by Japan’s Fujifilm. Investors Carl Icahn and Darwin Deason, who together own 15 per cent of Xerox, argued that the $6.1million (£4.5million) merger undervalued the company. Xerox said it planned to appoint six new members to its board of directors: Keith Cozza, Nicholas Graziano, Scott Letier, Jay Firestone, Randolph Read and John Visentin.

US companies with more cash on their balance sheets, thanks to tax reform, are coming under greater scrutiny from activist investors, according to an investment banker at Goldman Sachs. John Waldron, co-head of the Investment Banking Division at Goldman Sachs, made the comments during the Milken Institute 21st Global Conference in California in April. According to shareholder advisory firm Lazard, 73 new campaigns were initiated in the first quarter of 2018 — the highest quarterly activity on record. The quarter saw major campaigns by emerging activists, such as SailingStone, Jericho Capital and Vulcan Value. Waldron believes US tax reform was a driver behind the rise in such campaigns. “There’s excess cash for most companies laying on the balance sheet and shareholders are going to press for answers of what they are going to do with it,” Waldron told the Milken Conference.

Cambridge Analytica, the political consultancy at the centre of the Facebook data-sharing scandal, has ceased most of its operations and filed for bankruptcy. The company has been accused of using the personal data of millions of Facebook users to sway the outcome of the US 2016 presidential election and the UK Brexit referendum. British and US lawyers have launched a joint class action against Facebook, Cambridge Analytica and two other companies for allegedly misusing the personal data of more than 71 million people.

BlackRock wants regulators to address standards BlackRock, the world’s largest asset manager, has called for regulators to be tasked with setting corporate governance standards rather than relying on index providers. Barbara Novick (below), BlackRock’s vice-chair, said regulators, in collaboration with listing exchanges, should be ‘the arbiters of corporate governance standards for publicly listed companies’. Novick made the comments in a letter to index provider MSCI, which said it was considering adjusting the index weighting of stocks to account for unequal voting structures. According to the Council of Institutional Investors, among 124 initial public offerings in 2017, 23 had unequal voting rights, although some would give outside investors more voting power over time, reports Reuters. ckRock © Courtesy of Bla

Elon Musk (inset), the chief executive of electric car maker Tesla, has been described as acting ‘like a jerk’ during an earnings conference call in April. The technology entrepreneur cut off analysts asking about profit potential and said ‘boring bonehead questions are not cool. Next’ in response to one on a capital requirement. He then declined to answer any more ‘boring’ and ‘dry’ questions. Instead, Musk answered queries from YouTube vlogger Galileo Russell who was

Scandal-hit Cambridge Analytica shuts down

52 Ethical Boardroom | Spring 2018


CORPORATE GOVERNANCE Understanding the Changing Agenda


Get your ticket today and join a remarkable lineup of leading CEOs, directors and shareholder activists for discussions of the best strategies for managing companies to maximize shareholder value. KEYNOTE SPEAKERS INCLUDE

Paul Singer Founder, Elliott Management

Nelson Peltz Founding Partner & CEO, Trian Fund Management

Steve Mollenkopf Chief Executive Officer, Qualcomm

Register Today at

Makan Delrahim Assistant Attorney General, Antitrust Division U.S. Department of Justice


Special rate of $495 for senior management and board directors at listed companies


Activism & Engagement | Shareholder Activism

The hypocrisy of hedge fund activists Activists will go to great lengths to demonstrate their virtuous desire for corporate change: but who actually benefits? In virtually every activism campaign, hedge fund activists don the mantle of the shareholders’ champion and accuse the target company’s board and management of subpar corporate governance. Th is claim to having ‘best practices of corporate governance’ at heart is hollow – even hypocritical – as evidenced by at least three examples: hedge fund activists actually undermine the shareholder franchise, they weaken the independence and diversity of the board, and they waffle on their anti-takeover protection stance.

the 1 Undermining shareholder franchise

Shareholders have a significant interest in maintaining their franchise: the right to elect directors, approve significant transactions such as a merger or the sale of all or a substantial part of the assets, or amend the charter of a corporation. Hedge fund activists promote themselves as ferocious proponents of this franchise and of ‘shareholder democracy’. In their campaigns, they demand shareholder votes on any matter that allegedly touches on shareholder rights, including areas where corporate law and the bylaws bestow authority on the board. Yet, in most activism situations, activists seek to influence board decisions and obtain board seats through private settlement negotiations. The price of peace for the corporation is often accepting the addition of one or more activist representatives to the board to avoid the cost and disruption of a proxy contest. Notably, hedge fund activists will accuse directors of ‘entrenchment’ if a board does not settle and instead opts to let the shareholders decide at the ballot box. Th is practice of entering into private settlements

54 Ethical Boardroom | Spring 2018

Kai Haakon E. Liekefett

Chair of the Shareholder Activism Defense Team, Sidley Austin LLP to appoint directors without a shareholder vote is, of course, directly contrary to the shareholder franchise. For this reason, major institutional investors have called publicly on companies to engage with a broader base of shareholders prior to settling with an activist. In the same vein, activists habitually accuse directors of ‘disenfranchising shareholders’ when they refresh the board in the face of an activist campaign, arguing that a board must not appoint new directors without shareholder approval. Remarkably, all these concerns for the shareholder franchise quickly disappear once a company engages in settlement discussions with an activist. In private negotiations, activists commonly insist on an immediate appointment to the board. A board’s request to delay the appointment and allow shareholders to vote on an activist’s director designees at the annual meeting is usually met with fierce resistance.

There are numerous examples of corporate governance ‘best practices’ that activists tend to ignore in connection with their campaigns Note also that in these private settlement negotiations, activists almost always seek recovery of their campaign expenses and companies typically agree to some level of payment. These demands for expense reimbursement are almost never submitted to shareholders for approval. While the proxy rules expressly require dissidents to disclose ‘whether the question of such

reimbursement will be submitted to a vote of security holders’, an activist hedge fund’s interest in the shareholder franchise evaporates once the fund’s own wallet is concerned. All too often, it appears that the activists’ concern for the shareholder franchise is merely for public consumption.

board 2 Weakening independence and diversity

The main target of most activist campaigns is the composition of a company’s board of directors. The business model of hedge fund activism is to identify undervalued public companies whose intrinsic value is substantially higher than the share price on the stock exchange. And if the stock market undervalues a company, then it is only fair to look to those in charge of the company: the board of directors. Consequently, activists often argue that a board needs a refresh, typically calling for ‘shareholder representatives’ and ‘industry experts’ to be appointed as directors. Of course, activists are not interested in just any type of ‘shareholder representative’ in the boardroom. The preferred director candidate is a principal or employee of the activist hedge fund itself. The reason is that activists intend to use the influence in the boardroom to push aggressively for their own agenda. And, in most cases, that agenda is to push the company to take some strategic action that will return fi nancial value to the hedge fund in the near-term – such as a quick sale at a premium – irrespective of the company’s long-term potential. Often, an activist will also identify the need for more ‘industry experts’ to join the board and propose experts affi liated with the activist to be added. Activists may give lip service to the need for independent director candidates but when they have to choose between placing an independent candidate or themselves on the board, their preferred candidate is an activist principal

Shareholder Activism | Activism & Engagement

LITTLE WHITE LIES Activists will claim to be passionate about corporate governance to influence voters

or employee. Frequently, even if they passionately argued for ‘much-needed industry expertise’ beforehand, activists are quick to drop their independent board nominee in favour of a 30-something activist employee who lacks any significant relevant experience. This is particularly true for smaller activist hedge funds but is also evident at larger companies. Last year, ISS and the Investor Responsibility Research Center Institute (IRRC) published a study of the impact of activism on board refreshment at S&P 1500 companies targeted by activists. The study found that activist nominees and directors appointed to boards by activists via settlements were nearly three times more likely to be ‘financial services professionals’ compared to directors appointed unilaterally by boards. Moreover, while proxy advisory firms and key institutional investors increasingly demand more gender and ethnic diversity in boardrooms, most activist slates exclusively feature white, male director candidates. According to last year’s ISS/IRRC study, women comprised only 8.4 per cent of dissident nominees on proxy contest ballots and directors appointed via settlements with activists, and only 4.2 per cent of those candidates and directors were ethnically or racially diverse. There are numerous other examples of corporate governance ‘best practices’ that activists tend to ignore in connection with their campaigns: ■■ Overboarding ISS, Glass Lewis and most institutional investors agree that a director should not sit on too many boards (in particular if the director is also an executive in his ‘daytime’ job). For activists, this seems to be a non-issue when it comes to themselves or their fund-nominated candidates. In addition, the practice of funds nominating the same people for various campaigns raises

independence concerns. As noted in the aforementioned ISS/IRRC study: “Many of these ‘busy’ directors appear to be ‘go-to’ nominees for individual activists. The serial nomination of favourite candidates raises questions about the ‘independence’ of these individuals from their activist sponsors”. ■■ Director tenure Directors who sit on the same board for 10 years and more typically end up in the crosshairs of activist hedge funds, which argue that such directors are entrenched and cannot provide objective oversight. However, it is not uncommon for activist directors to remain on the board for many years if they cannot push the company into a sale. ■■ Mandatory retirement age Young activists frequently decry the high average age of boards and may target older directors as part of a campaign. By contrast, one rarely hears a call for age limits on the board from the more seasoned activists of the 1980s, who are pushing 70 years and beyond. In some campaigns, activists nominated director candidates who were 75 years old, 80 years old or even older.

Spring 2018 | Ethical Boardroom 55

Activism & Engagement | Shareholder Activism

on 3 Inconsistency takeover defences

Activists love to attack companies for their takeover defences and perceived lack of ‘shareholder rights’. They crucify boards who dare to adopt a poison pill in response to a hostile bid or activist stake accumulation. They condemn bylaw amendments for ‘changing the rules of the game after the game has started’. And they deride classified boards as an outrageous entrenchment device whose sole purpose is to shield incumbent directors from the ballot box. Against this backdrop, it is fascinating and educational to observe what sometimes happens once activists join a board. Activists claim to hate poison pills unless, of course, they were able to acquire a large stake of 15 to 25 per cent before the pill was adopted. In these cases, an activist is sometimes perfectly fine with capping other shareholders at 10 per cent or less because it ensures that the activist remains the largest shareholder with the most influence.

re-election every year. Activists are fierce governance all that much. So why are opponents of classified boards. Classification activists so focussed on corporate makes it harder for them to win a proxy governance in their campaigns? For the same fight. For example, it is more difficult to reason why politicians kiss babies during win an election contest for three board political campaigns: it plays well with the seats on a nine-member board if only three voters. Most institutional investors and the board seats are up for election and not all proxy advisory firms ISS and Glass Lewis nine directorships. Activists also like the care deeply about governance issues. That is intimidation factor of threatening a proxy because they believe, with some justification, fight for control of a board. It makes it easier that good corporate governance will create to settle for two or three seats if the activist shareholder value in the long-term. The starts by demanding seven or more seats. long term, of course, is rarely the game of Everything changes, of course, once an activist hedge funds. Most of these funds activist is on the board. Then, have capital with relatively many activists are perfectly short lock-ups, which means Activists have comfortable with with it that their own investors will been able to being a classified board. In be breathing down their neck settlement negotiations, if they do not deliver outsize cloak themselves activists often fight hard to returns within a year or two. in the mantle of be in the director classes that Many activists will are not up for re-election in admit after a few drinks that shareholder the near term. Occasionally, their professed passion for champion while they even suggest a governance is only a means ‘reshuffling’ of the director privately pushing to an end. Activists preach

to increase their own influence

UNLOCKING VALUE Activist hedge funds want to deliver outsize returns within two years

It is also not usual for an activist-controlled board to maintain the very same bylaws the activist previously voraciously attacked in the campaign. Sometimes, activists will limit shareholder rights even further. The rights to act by written consent and call special meetings tend to be among the victims. If shareholders can act by written consent or call special meetings to remove the board, insurgents do not have to wait for an annual shareholder meeting to wage a proxy fight. However, once activists are in charge of a boardroom, these shareholder rights primarily constitute a threat to their own control. The last example is the classified board (aka ‘staggered board’). In a company with a classified board, only a fraction (usually, one third) of the board members are up for 56 Ethical Boardroom | Spring 2018

classes to achieve this. Activists also often refuse to leave a classified board after a standstill expires, arguing that they need to be allowed to serve out their three-year term – even if they previously campaigned for annual director elections. In other words, when it comes to takeover defences, activists’ perspectives depend on whether they have control of the boardroom or not. When activists are successful in ‘conquering the castle’, there is sometimes little reluctance on their part to pull up the drawbridge.

The true reason why activists love corporate governance

These examples make clear that most activists really do not care about corporate

so-called ‘best practices of corporate governance’ in every proxy fight because it is an effective way to smear an incumbent board and rile up the voters who do care about governance issues.


Hedge fund activists have been able to cloak themselves in the mantle of a shareholder champion while privately pushing to increase their own influence. Institutional investors and proxy advisory firms should not look to activist hedge funds as promoters of good corporate practices. Activists are no Robin Hoods. They care about good corporate governance just as much as they care about taking from the rich and giving to the poor.

Activism & Engagement | Governance

Sabastian V. Niles

Partner at Wachtell, Lipton, Rosen & Katz

Getting board ready Shareholder activism, governance and the hunt for long-term value – 15 themes and action items for the next two years As the spotlight on boards, management teams, corporate performance and governance intensifies and articles such as the Bloomberg and Fortune activist profiles of Elliott Management1 become required reading in every boardroom and C-suite, activist campaigns against successful companies of all sizes will increase worldwide.

Below are 15 themes I expect will impact boardroom, CEO and investor behaviour and decision-making over the next two years.


The CEO, the board and the strategy The relationship of the CEO with fellow directors the board as a whole will remain the most important, overriding corporate relationship a CEO has. Strengthening that relationship, addressing disconnects openly and directly, and ensuring internal clarity and alignment between board and management before an activist, takeover threat or crisis emerges, are required actions. Boards will become more actively involved with management in developing, adjusting and communicating the company’s long-term strategy and operational objectives. Boards will spend more time with management, understanding – and debating – strategic assumptions, judgments, alternatives and risks. preparedness grows up 2 Activism Instead of a check-the-box housekeeping

exercise, companies will pursue real readiness for activist attacks. Activism 58 Ethical Boardroom | Spring 2018

preparedness will be integrated into crisis preparedness, strategic planning and board governance. This will include periodic updates for the board by expert advisors working with management; non-generic break-glass plans; a philosophy of continuous improvement and rejecting complacency; training, simulations and education informed by live activism experiences; expert review of bylaws and governance guidelines; and cultivating third-party advocates early. Most importantly, deep self-reflection and self-help will identify opportunities for strengthening the company and increasing sustainable value for all stakeholders, mitigating potential vulnerabilities, getting ahead of investor concerns and ensuring that the company’s strategy and governance is well-articulated, updated and understood. The CEO and other directors will be prepared to deal with direct takeover and activist approaches and handle requests by institutional investors and activists to meet directly with management and independent directors. standing up, 3 Companies playing offence and showing

conviction without capitulation Well-advised companies will take a less reactive posture to activist attacks, find opportunities to control the narrative, strengthen their positioning and leverage with key investors and stakeholders, and understand investor views beyond the activist. Directors and management will maintain their composure and credibility in the face of an activist assault and not get distracted or demoralised. Companies will proactively take action and accelerate previously planned initiatives with wide

support to demonstrate responsiveness to investor concerns without acceding to an activist’s more destructive or short-sighted demands. If a legitimate problem is identified, consider whether the company has a different (better) approach than the one proposed by the activist and if the activist’s idea is a good one, co-opt it. Companies with iconic brands and a track record of established trust will protect – and appropriately leverage – their brands in an activist situation. Negotiating and engaging with an activist from a position of strength rather than fear or weakness will become more common. standing down 4 Activists Through deft handling and prudent

advice, more activist situations will be defused and never become public battles, including where the activist concludes they would be better served by moving on to another target. Companies who move quickly to pursue the right initiatives, maintain alignment within the boardroom and engage in the right way with key shareholders and constituencies will achieve beneficial outcomes, gain the confidence of investors beyond the activist and, where deal-making with an activist is needed, find common ground or obtain favourable settlement terms. awe & ambush’ meets the 5 ‘Shock, power of behind-the-scenes persuasion

Until activism evolves, boards and management teams will continue to grapple with activists who mislead, grandstand, goad, work the media, threaten and bully to get their way. But major investors will increasingly reject such irresponsible engagement and more interesting flavours of

Governance | Activism & Engagement

SETTING GOALS Companies need to formalise a more long-term approach

activism will emerge, led by self-confident and secure funds who value thoughtful, private discussions as to how best to create medium-to-long-term value, respect that boards and management teams may have superior information, expertise and valid reasons for disagreeing with an activist’s solutions, and pursue collaborative, merchant-banking approaches intended to assist a company in improving operations and strategies for long-term success without worrying about who gets the credit. In some situations, working with the right kind of activist and showing backbone against misaligned activist funds and investors will deliver superior results. index IR and not 6 Better taking the passives (or other

investors) for granted BlackRock, State Street and Vanguard will continue to bring their own distinctive brands of stewardship, engagement and patient pressure to bear in the capital markets and at their portfolio companies. Companies will increasingly recognise that a classical ‘governance roadshow’, which promotes a check-the-box approach to governance without a two-way dialogue, is a missed opportunity to demonstrate to these funds that the company’s strategic choices, board and management priorities, and substantive approach to governance deserves support from these investors. More sophisticated and nuanced approaches for gaining and maintaining the confidence of all investors will emerge. Engagement for engagement’s sake will fall out of favour and targeted, thoughtful and creative approaches will carry the day. earnings and rituals 7 Quarterly While quarterly earnings rituals will

remain, for now, a fact of life in the US, companies and investors will explore alternatives for replacing quarterly rhythms

with broader, multi-year frameworks for value creation and publishing new metrics over timeframes that align with business, end market and operational realities. In the UK and other jurisdictions that permit flexibility, more companies will move towards non-quarterly cadences for reporting and issuing guidance and seek to attract more long-term oriented investor bases by publishing long-term metrics. In all markets, companies will increasingly discuss near-term results in the context of long-term strategy and objectives, more management time will be spent discussing progress towards important operational and financial goals that take time to achieve and sell-side analysts will have to adapt to a more longer-term oriented landscape or find their services to be in less demand.

Engage with an activist — and other shareholders — from strength rather than fear or weakness the new paradigm 8 Embracing and long-termism

The value chain for alignment towards the long-term across public companies, asset managers, asset owners and ultimate beneficiaries (long-term savers and retirees) – each with their own time horizons, goals and incentives – is now recognised as broken. Organisations and initiatives, such as Focusing Capital on the Long Term, the Coalition for Inclusive Capitalism, the World Economic Forum’s The New Paradigm: A Roadmap For An Implicit Corporate Governance Partnership Between Corporations And Investors To Achieve Sustainable LongTerm Investment And Growth, until activism evolves, The Compact For Responsive And Responsible Leadership: A Roadmap For Sustainable Long-Term Growth And

Opportunity, The Conference Board, The Strategic Investor Initiative and The Aspen Institute’s Business & Society Program and Long Term Strategy Group and others will increasingly collaborate and perhaps consolidate their efforts to ensure lasting change in the market ecosystem occurs. Additional academic and empirical evidence will be published, showing the harms to GDP, national productivity and competitiveness, innovation, investor returns, wages and employment from the short-termism in our public markets. In the absence of evidence that private sector solutions are gaining traction, legislation to promote long-term investment and regulation to mandate long-term oriented stewardship will gain traction worldwide. on ESG and sustainability 9 Convergence Companies will increasingly own

business-relevant sustainability concerns, integrate relevant corporate social responsibility issues into decision-making and enhance their disclosures, while resisting one-size-fits-all approaches delinked from long-term business imperatives. ESG-ratings services will come under heightened pressure to improve their quality, achieve consistency with peer services, eliminate errors and proactively make corrections or retract reports and ratings. Activist hedge funds will continue to experiment with ESG-themed or socially responsible-flavoured campaigns to attract additional assets under management, drive a wedge between companies and certain classes of ESG-aligned investors and try to counter their ‘bad rap’ as short-term financial activists who privilege financial engineering and worship the immediate stock price. Mainstream investors will increasingly try to apply ESG-focussed screens and processes to their investment models. Spring 2018 | Ethical Boardroom 59

Activism & Engagement | Governance with the proxy 10 Dealing advisory firms

While proxy advisory firms will increasingly become disintermediated, including through efforts by, for example, the US Investor Stewardship Group (ISG), and increased investments by active managers and passive investors in their own governance teams and policies, proxy advisors will retain the power to hijack engagement agendas and drive media narratives. More scrutiny will be brought to bear when advisory firms overreach, where special interests drive a new proxy advisory firm policy and if investors reflexively follow their recommendations. Especially in contested situations, winning the support of the major proxy advisory firms is valuable, but well-advised companies will succeed in convincing investors to deviate from negative recommendations and, in special cases, persuading advisory firms to reverse recommendations. Negative recommendations will be managed effectively without letting the proxy firm dictate what makes sense for the company. culture, corporate 11 Board culture and board quality

Leaders who promote a board culture of constructive support and engaged challenge and who foster a healthy and inclusive corporate culture will outperform. Vibrant board and corporate cultures are valuable assets, sources of competitive advantage and vital to the creation and protection of longterm value. Board strength, composition and practices will be heavily scrutinised, including director expertise, average tenure, diversity, independence, character and integrity. Nuanced evaluations of the ongoing needs of the company, the expertise, experience and contributions of existing directors, and opportunities to strengthen the current composition will be integrated into proactive board development plans that are designed to

enable the board’s composition and practices to evolve over time. Failure to evolve the board and its practices in a measured way will expose companies to opportunistic activism and takeover bids. Boards and management teams who know how to navigate stress, pressure, transition and crisis will thrive. allocation 12 Capital Investors will have more heated debates

among themselves and with companies about preferred capital allocation priorities, both at individual portfolio companies and at an industry level. Companies will be more willing to reinvest in the business for growth, pursue smart and transformative M&A that fits within a longer-term plan to create value and make the case for investments that will take time to bear fruit by explaining their importance, timing and progress. Prudently returning capital will remain a pillar of many value, creation strategies but in a more balanced way and with more public discussion of trade-offs between dividends and share repurchases and alternative uses. Investors may not agree with choices made by companies and will disagree with each other.

as investor relation officers 13 Directors While management will remain the

primary spokesperson for the company, companies will better prepare for director-level interactions with major shareholders and become more sophisticated in knowing when and how to involve directors – proactively or upon appropriate request – without encroaching upon management effectiveness. Directors will be deployed carefully but more frequently to help foster long-term relationships with key shareholders. However, directors will need to be vigilant to ensure the company speaks with one voice and guard against attempts by investors to pursue inappropriate one-off engagements and foster mixed messages.

general counsel as 14 The investor relations officer

The general counsel (or its designee, such as the corporate secretary or other members of the legal staff) will play an increasingly central role in investor relations functions involving directors, senior management and the governance and proxy voting teams at actively managed and passive funds alike. Board and management teams will look to the general counsel to advise on shareholder requests for meetings to discuss governance, the business portfolio, capital allocation and operating strategy, the board’s practices and priorities, and to evaluate whether the demands of corporate governance activists will improve governance or be counterproductive. nature of corporate governance 15 The Questions about the basic purpose

of corporations, how to define and measure corporate success, the weight given to stock prices as reflecting intrinsic value, and how to balance a wider range of stakeholder interests (including employees, customers, communities and the economy and society as a whole) beyond the investor will become less esoteric and instead become central issues for concern and focus within corporate boardrooms and among policymakers and investors. Measuring corporate governance by how many rights are afforded to a single class of stakeholder – the institutional investor – will be seen as misguided. Corporate governance will increasingly be viewed as a framework for aligning boards, management teams, investors and stakeholders towards long-term value creation in ways that are more nuanced and less amenable to benchmarking and quantification. The World’s Most Feared Investor – Why The World’s CEOs Fear Paul Singer And Whatever It Takes To Win – How Paul Singer’s Hedge Fund Always Wins. 1

Leaders who promote a board culture of constructive support and engaged challenge and who foster a healthy and inclusive corporate culture will outperform 60 Ethical Boardroom | Spring 2018



Sept. 29—Oct. 2, 2018 | The Marriott Marquis | Washington, DC

CULTURE Register by June 30 and save $1,000 Join more than 2,000 directors from around the globe at the largest and most successful director forum in the world, where directors are empowered to TRANSFORM their organization’s strategy, culture, and boardroom.


Activism & Engagement | Editorial content

Forging a culture 62 Ethical Boardroom | Spring 2018

Stewardship | Activism & Engagement

As one of the world’s largest asset managers, State Street Global Advisors strongly believes in a culture of shareholder accountability. After all, we are the stewards of other people’s money and we take that role with equal measures of seriousness and diligence. One of these accountabilities to shareholders – the most important, some may argue – is we help them achieve the financial security that aligns with their long-term objectives. Th is we do, in part, by developing and offering a range of innovative investment strategies, powered by a global network of more than 500 long-tenured investment experts. The second, less obvious, but critically important responsibility, which strongly supports our primary investment objective, is one of stewardship. Contrary to the argument that the rise of flows into index-based strategies results in weakened governance standards, our strongly active stewardship programme is aimed at helping companies strengthen their approach to environmental, social and governance (ESG) issues that can impact the long-term returns that our clients need to achieve their goals. Constructive, persistent and transparent engagement is the hallmark of our stewardship approach. We regularly publish our views on important shareholder issues and measure and monitor the impact we are having. In 2016 we focussed on governance issues around board independence and effectiveness and in 2017 we called on companies to incorporate environmental and social sustainability into their long-term strategies. We have already seen significant impact from these two initiatives, with companies strengthening board quality to align with our guidance as well as improving their disclosure on sustainability practices. Last year’s campaign on gender diversity at board level was a direct result of our emphasis on board quality and the evidence showing that diverse boards make better decisions. In 2018, we are focussing our strategic stewardship priorities on best practices related to diversity, governance and sustainability issues in the US and across the world. Specifically, it’s this year’s efforts that I want to outline in this

The importance of finding better ways to achieve investment goals

world with a call to action for companies in the US, UK and Australia to add at least one woman to their board, taking voting action against directors on those boards that did not take action on the issue. The rationale for encouraging the addition of women at Rakhi Kumar board level is not purely to help balance the Senior Managing Director and diversity equation. There’s a solid financial Head of ESG Investments argument to be made for this as research and Asset Stewardship, State shows that companies with women on their Street Global Advisors boards outperform companies without article, since you’ll likely be hearing more women at board level. about them as the year progresses. In the year since Fearless Girl was installed, Each year, State Street Global Advisors State Street Global Advisors identified and develops its own strategic stewardship reached out to more than 700 companies in priorities that drive engagement at the US, UK and Australia that had no women companies in which we invest. Our latest on their boards through direct engagement, priorities are representative of the universal our letter-writing campaign or using our challenges facing every environmental, social vote to address their lack of board diversity. and governance (ESG) focussed agenda. In the end, State Street Global Advisors This year, in addition to gender diversity, voted against more than 500 companies for we are focussing efforts on executive failing to demonstrate progress on board compensation and climate reporting. In diversity. In addition to the 152 companies addition, we’re paying special attention that added a female board member, another to companies in the retail 34 companies committed to In 2018, we (food, apparel, distribution), adding at least one woman to pharmaceutical and their board in the near term. are focussing materials sectors. In 2018, we have expanded our strategic Th roughout the our diversity mission to programme, there will be Canada and Japan, where stewardship a special emphasis on any representation on priorities on best female long-term, sustainable ESG boards continues to be commitments having direct practices related low, with 38.5 per cent of ties to measurable goals. TSX-listed and 55 per cent of to diversity, And our stewardship role in Topix 500-listed companies governance and the global capital markets having no women on their extends beyond proxy boards at all.1 sustainability As an additional step voting and engagement with issues in the towards corporate gender issuer companies. It also equality, we announced includes promoting investor US and across in March that we expect protection for minority the world companies to now disclose shareholders in global gender diversity at all levels of management, markets and working with investee not just at the board level. As part of that effort, companies to encourage adoption and we will begin screening and engaging with disclosure of ESG practices. companies in the STOXX 600 and FTSE 350 Spotlight on gender diversity indexes. During this engagement, we will seek As many people know, State Street Global to understand company practices that promote Advisors has led the asset management diversity throughout all levels of management. industry in its encouragement of gender Investor Stewardship Group diversity at the corporate board level. In January 2017, State Street Global Advisors, We’ve just celebrated the fi rst anniversary as part of the Investor Stewardship Group of Fearless Girl, the iconic statue that (ISG), published the fi rst ever investor-led became an overnight global sensation. Stewardship and Governance Principles for We located her in the heart of New York the US market. The Principles, which are City’s financial district with the expressed based on the commonalities of the public purpose of calling attention to the lack of proxy voting guidelines of the founding ISG female representation on corporate boards. members, went into effect in January 2018. We underscored her introduction to the

of accountability

Spring 2018 | Ethical Boardroom 63

Activism & Engagement | Stewardship I wrote about the formation of ISG and its mission in the Spring 2017 issue of Ethical Boardroom, but as a refresher, the six core principles for US listed companies are: Principle 1: Boards are accountable to shareholders Principle 2: Shareholders should be entitled to voting rights in proportion to their economic interest Principle 3: Boards should be responsive to shareholders and be proactive in order to understand their perspectives Principle 4: Boards should have a strong, independent leadership structure Principle 5: Boards should adopt structures and practices that enhance their effectiveness Principle 6: Boards should develop management incentive structures that are aligned with the long-term strategy of the company

So what’s new for this year?

Beginning with the 2018 proxy season, companies are being encouraged to articulate how their governance structures and practices align with the ISG’s Corporate Governance Principles and where and why they differ in approach. ISG signatories believe companies can best decide on how and where to disclose their alignment with the principles, for example, through investor relations, boards of directors or corporate governance websites or, as is most common, their proxy statement.

State Street Global Advisors’ ISG Compliance Screen

The ISG Principles are not intended to be prescriptive or comprehensive in nature. Clearly, there’s a multitude of ways in which a principle can be applied. As guidance, however, ISG has provided the rationale and expectations that underpin each principle on its website ( To identify companies for engagement, we recently created the State Street Global Advisors’ ISG Compliance Screen that identifies 13 voting guidelines encompassed in the six Principles. Companies that fail three or more of the 13 voting guidelines will be

targeted for further review and engagement. This year, we will apply the ISG Compliance screen to the S&P 500 companies. Based on the 2017 proxy filings of companies, we found that: ■■ 199 companies, or 40 per cent of the S&P 500, fully comply with our ISG Compliance Screen ■■ Lack of proxy access is the most common reason for non-compliance with the Principles – an additional 81 companies would be in full compliance, but for giving shareholders proxy access ■■ Other common reasons for companies screening out include: – Lack of annual director elections – Inadequate board refreshment practices – Board is not sufficiently independent Because of this new screen, we are now proactively monitoring companies for compliance with our voting guidelines on a comprehensive basis. The screen helps us engage and review company governance practices in a holistic manner against the expectations of a multitude of investors that back the ISG. In addition, it helps our firm, as an institutional investor, meet and demonstrate our commitment to the ISG Principles by holding portfolio companies accountable. In March 2018, we began reviewing governance practices at S&P 500 companies for their adherence to the Principles and will proactively engage with organisations to better understand the reasons for non-compliance. If these companies fail to adequately explain their governance structures, we may hold the board accountable by taking voting action against select independent directors. Figure 1, below, shows the distribution, of companies that screen out against State Street Global Advisors ISG Compliance screen.

Potential proxy vote implications for omitted companies Since the Compliance Screen is based on existing proxy votes and engagement guidelines, there are no new

Monitoring excessive corporate compensation has been a focus of State Street Global Advisors for many years. In the past, however, we simply voted ‘for’ or ‘against’ pay. In 2018, however, we’re stepping up our discomfort, either with a one-time payment or an entire pay structure, by abstaining from voting. Often it’s the case that when we vote against companies, they think they must go back to square one, but that’s not always necessary. What an abstain vote is intended to say is that your proposal is not all bad, but there are some things that are making us less than comfortable with it. For perspective, last year we voted against some 600 of 5,200 pay proposals and we had concerns over an additional 300. We believe that including the abstain option in our arsenal of responses increases transparency and will be more effective than our ‘for’ or ‘against’ model. The independent chair, lead independent director or most senior independent director up for election in that order


80 60

100 40 50




2 3 4 5 # of non-compliant governance structures

64 Ethical Boardroom | Spring 2018



Percentage of Companies

100 Source: ISS Analytics as of November 2017

Count of companies

Executive compensation under review




governance-related expectations being set in the market. The screen, however, allows us to proactively monitor corporate governance practices at portfolio companies and to assess if they are aligned with our long-term interests and market expectations. To be sure, we don’t believe in a one-size-fits-all approach to corporate governance and, therefore, our preference is to drive meaningful engagement with companies to better understand their perspectives for their internal governance structure not meeting minimum investor expectations. We encourage companies to proactively evaluate, disclose and explain their level of compliance with the Principles and have provided a framework to help directors assess their position on said Principles. In instances of non-compliance, when companies can’t explain the nuances of their governance structure effectively, either publicly or through engagement, our team will vote against the independent board leader for non-compliance with the Principles.1


We’re the Voice of Corporate Governance The Council of Institutional Investors is a U.S.-based association of pension funds, endowments and asset managers, with assets exceeding US$25 trillion. CII is the leading U.S. voice for effective corporate governance, strong shareowner rights and fair and vibrant capital markets—with the aim of enhancing shareholder value for the long-term.

Activism & Engagement | Investors

Mandy Offel

Director of Corporate Governance at D.F. King

Why non-executive directors have nothing to lose and everything to gain from regular investor engagement

How to sleep in on a Sunday morning I was recently woken by a phone call early on a Sunday morning. A company had been targeted by an activist investor and was about to announce they would let one of their management team go to pre-empt an open proxy fight. Would this solve the activist situation?

I asked whether their other investors supported the dissident’s requests and learned that investor relations were aware of several concerns around performance and communication of the company. Outside of some off hand remarks by a few very unhappy fund managers, succession planning had never been discussed. Non-executive directors had, in fact, never interacted with investors – except for the activist, obviously – and, unsurprisingly, investors had not raised any substantial concerns with management during their regular roadshow meetings. Th is company is not an exception. Directors rarely communicate with shareholders on a regular basis, leaving themselves and their companies vulnerable to persistent investor misconceptions regarding the fulfi lment of their supervisory role, the verdict of proxy advisory fi rms or activist attacks.1 It is time for directors to overcome their hesitation and realise the benefits of a long-standing relationship between themselves and their shareholders.

Evolution of the director role

Directors have an established role in agreeing strategy, monitoring risk management and supervising the execution of what has been agreed, while management updates 66 Ethical Boardroom | Spring 2018

shareholders on the strategic development of a company. This traditional split of roles is still dominant across all markets, with the exception of the financial sector and this is not by accident. Starting with banks and insurance companies in a post-financial crisis environment, risk management has become an increasingly comprehensive concept, first extending to classic corporate governance and more recently expanding to environmental and social governance (ESG). The ideas of ESG, sustainable investment or corporate citizenship are not new, but their inclusion in day-to-day conversations between corporates and their investors is. As engagement topics evolve, so do expectations on engagement participants; investors expand their stewardship teams and financial analysts shift their focus to include ESG performance. Issuers increase the responsibilities of their investor relations and communication teams and review their annual reporting to reflect non-financial performance indicators. Other corporates however, have been slower to adapt their direct investor engagement at the decision-maker level. If directors decide on executive succession planning, remuneration or environmental targets, why do they not explain their reasoning to investors the same way that management would on M&A, divestments or mid-term guidance? I have been given numerous reasons over the years relating to fundamental arguments in the context of stakeholder vs shareholder theory, the differences between one and two-tier boards, or if shareholders can rightly be considered owners of a company. All of these debates are interesting and may impact how you view or manage your company in many ways. But you do not need

answers to these questions if you want to decide if and how to engage with shareholders. In fact, the argument is simple: building trust and sharing information increases efficiency, develops corporate governance capital for the company and, ultimately, creates gains for all stakeholders.

Example of what you can learn from your investors through regular engagement: Executive compensation and disclosure: best practice examples and suggestions for measurable performance criteria as well as targets that are meaningful in the context of your company Diversity policies: implementation and effectiveness at and below board level CEO-employee pay ratio: how it could be measured and what the ratio could mean to third parties Non-financial reporting: useful performance indicators and best-practice reporting examples Integrated reporting: what the benefits are, the costs and how to implement it

Benefits of direct engagement

Engagement is not about justifying your action to your shareholders. It is about letting them know that you consider their perspective on your company when making decisions. In turn, this exchange allows two important benefits: you benefit from their knowledge and experience beyond securing support of individual shareholders while they gain insight into how the board takes strategic decisions. Learn from them You know most details regarding your company better than your investors, but they know other companies as well. Use them and their research to review and develop what best practice means for you and your company.

Investors | Activism & Engagement Gain independence from proxy advisors Proxy advisors exist because governancespecific research is costly. Most shareholders will have general views and policies of their own. Researching and monitoring compliance, but particularly weighing the reasons for allowing an exception to their policy is demanding. Despite the rhetoric around stewardship, many investors are not equipped with sufficiently scoped governance departments. Engagement will help investors to understand your specific company situation, rather than follow third-party views on general best practice. Feel prepared Ongoing engagement provides you with the overview you need to understand major concerns and expectations within your investor base. This mutual understanding is the basis for sleeping soundly at night when activists are targeting your sector or home market.

Taking the investor perspective

Investment horizons and strategies play a major role in investors’ engagement interest. Knowing your investors will allow you to understand their constraints and therefore adjust your expectations, form and content of engagement as well as refine your target audience. Index investors operate on the premise that they will be with you for the very long term. They may not know your sector or financial position as well as stock pickers. Instead, their expertise lies in corporate governance. They can be helpful in providing insights into new non-financial reporting standards, compensation disclosure, or even what an effective whistleblowing policy could look like. However, not every one of your counterparts at index investors may understand the individual situation of your company. Plan extra time to explain, for example, why certain executive performance criteria or board skills are relevant in your context. Sovereign wealth and pension funds often outsource their investment but not their vote decisions to external asset managers. Most sovereign wealth funds do not vote at all, while pension funds tend to default to proxy advisor recommendations. Active investors choose their portfolio. The combination of more traditional financial and sustainability research can make engagement with active investors particularly valuable for directors. As a positive side effect, compelling engagement with active shareholders can positively impact their investment decision. Hedge funds and activists typically have a short investment horizon. They frequently focus on balance sheets, M&A or divestments, although corporate governance-related demands have become increasingly popular, presumably to gain more traction with traditional investors for their campaigns. These investors choose their targets well. As part of

their preparation, they conduct shareholder surveys and lead one-to-one conversations with your long-term investors. Their suggestions or demands can echo opinions held throughout your investor base – but they may also exaggerate their role as a representative of wider shareholder opinion. One important consideration when engaging with activists is that they are under extreme pressure to deliver change quickly. If they encounter resistance by the company they may extend their campaign to the public, including notes on their previous engagement with the issuer.

Example of investor expectation from non-executive directors’ engagement:

Executive compensation decisions and underlying compensation policy Social and environmental performance, related targets and performance measurement Executive and non-executive succession planning in the short and long-term Current and target board profile, including skills, experience, independence and diversity Board performance review, methodology, findings and follow-up actions

Risks of direct engagement

You may not tick all boxes for each investor you talk to. In fact, it is highly unlikely that you will. But, in general, surprisingly many directors do the ‘right things’ behind closed doors, leaving investors unaware of their actions. What are the risks that directors see in telling their story? Uncomfortable questions Some directors may be hesitant to step out of their traditional role and engage with external parties. Investors want to get to know you and your idea of your company’s future. Shareholders will, of course, take the opportunity to comment if you let them – sometimes even if you don’t. But, ultimately, minority shareholders want to trust you to represent them, not make your decisions for you. Not agreeing on all subject matters is to be expected. Investors will be glad to hear that you consider their opinion going forward or your reasons for differing. Not knowing all the details Questions may start on a general level and quickly evolve into detailed queries regarding, for example, your CO2 emissions target in South-East Asia last year. It is natural to offer a follow-up call or meeting with the relevant experts within the company on specialised topics. Excessive workload Investor engagement requires substantial preparation. Investors have to be selected and previous vote behaviour, individual investor policies as well as contacts have to be researched. A clear agenda must be set for each engagement, ideally accompanied by a presentation. Information has to be collected from various company divisions. The first engagement exercise can seem like a daunting task. However, the effort will align

Sample of bad practice in director engagement:

Leaving detailed explanations or fully scripted engagement calls and meeting presentations to advisors of working level staff Being accompanied by executive directors when the agenda contains governancespecific discussion items, e.g. executive compensation or succession planning Group meetings Engaging only in proxy season, in emergency situations or on topics relevant to your upcoming shareholder meeting Limiting engagement topics to the status quo without reflecting on upcoming initiatives and reviews of company practice Remaining in ‘listen-only’ mode and not having a clear outline of the items that you would like to discuss internal work streams, making future engagement much easier. Equal treatment Selecting some investors but not others for engagement may raise concerns regarding equal access to information for all shareholders. Publishing the engagement presentation on the company website, summarising your engagement activity and major takeaways in your annual report as well as allowing investors who were not invited to approach you, helps to mitigate this concern. Coordination with management Directors from companies with dual-board structures are often hesitant to engage with investors in the absence of management in order to avoid inconsistencies in external communication. Investors will respect your role as a nonexecutive director and abstain from asking detailed questions within the clear remit of management. They will, however, expect you to be familiar with the company’s long-term strategy, key milestones and fundamental risks.

The final result

The evolution of governance engagement is a work in progress for both investors and companies. It represents a great opportunity for your company to develop corporate governance capital through constructive dialogue over-time. Long-term shareholders are increasingly taking to the public domain, advocating for further dialogue before an activist comes knocking, but directors are still hesitant to take them up on this invitation. I firmly believe that the risks from direct exposure of directors to investors are easily that the risks can be tremendous. It will enable you to make better decisions as a director, your shareholders to avoid wasting precious resources on public or even legal battles and me to sleep in on Sunday mornings in the comforting knowledge that my clients are not just talking to the three per cent of their shareholder base that makes the most noise, but to the 97 per cent who actually matter. 1 For ease of terminology, I will use ‘director’ referring to nonexecutive directors, including supervisory board members.

Spring 2018 | Ethical Boardroom 67

Global News Africa

Africa leads way on gender diversity More African businesses have women in senior leadership roles, but a meaningful gender balance remains elusive, according to Grant Thornton’s annual Women In Business report. The global study found that Africa came out top for gender diversity performance — 89 per cent of businesses have at least one woman in senior management. Nigeria has 95 per cent of businesses with at least one woman in senior management and 30 per cent of senior roles are held by women. In South Africa, 80 per cent of businesses have at least one woman in senior management and the highest proportion of senior roles held by women in a decade at 29 per cent. Francesca Lagerberg at Grant Thornton International said: “While it’s hugely positive that women are in senior roles at more businesses, it’s disappointing that they are being spread so thinly. This suggests businesses are concentrating on box-ticking at the expense of meaningful progress.”

Ghanaian banks need to focus on ethics Poor corporate governance in the financial sector is to blame for the collapse and struggles of many banks and savings and loans companies in Ghana, a chartered economist has said. Speaking at the Corporate Governance and Ethics in Business Forum, organised by the Kwame Nkrumah University of Science and Technology, Dr Williams Abayaawien Atuilik said that board members do not take board meetings seriously and are not independent-minded during board meetings. Dr Raziel Obeng-Okon, a senior

lecturer of the Ghana Institute of Management and Public Administration, also commented that to ensure sustainability, Ghanaian banks must align their good corporate governance concepts with corporate objectives.

Kenya firms ‘should turn to stock exchange’ Kenya’s deputy president William Ruto (right) has challenged private companies to raise money from the stock exchange instead of borrowing from financial institutions. Speaking in Nairobi during the seventh Building African Financial Markets seminar in April, Ruto said capital markets were a ‘key pillar in economic development and should help to promote asset ownership and wealth creation’. According to Ruto, Nairobi Securities Exchange (NSE) should do more to ensure more companies get listed at the bourse. “The NSE is supposed to help us support more companies, especially the big ones, so that they can go to the stock exchange, and instead of borrowing money, they can list and raise capital for their expansion,” he said.

68 Ethical Boardroom | Spring 2018

KPMG facing Africa backlash Barclays Africa has severed ties with auditing firm KPMG amid a deepening scandal in South Africa over the firm’s work linked to the politically controversial Gupta business family. As well as Barclays, JSE-listed companies, including Deneb Investment, Sygnia Asset Management, Sasfin Bank and Hulisani, have all recently parted ways from KPMG. The South African government’s auditor-general terminated its services with the auditor in March. KPMG has come under fire for work it did for a company owned by the Gupta family, who are alleged to have used their links to former president Jacob Zuma to amass wealth. The auditor has said it is cooperating with authorities and addressing its shortcomings.

Aviation unions bemoan poor governance A lack of good corporate governance in Nigeria’s aviation sector is ‘impeding growth’, according to the country’s industry union. Takeovers of airlines Arik Air and Aero Contractors were a result of their managements’ failure to effectively run their affairs, said the Air Transport Senior Staff Services Association of Nigeria (ATSSSAN). Illitrus Ahmadu, president of ATSSSAN, shared the view while speaking at the 2018 May Day Ceremony in Lagos — a rally organised for workers in the sector. The Asset Management Corporation of Nigeria, which took over the airlines, has said it will not return Arik Air and Aero Contractors to their original owners until the airlines clear their indebtedness to the corporation.

Tomorrow’s Legacy, Grown Today

Introducing JSE Green Bonds, home to Africa’s Green Capital Market Green financing has a home with the Green Bond segment from the JSE. Now your organisation can unlock funds for sustainable, future-focused projects, while building a green brand and a more sustainable green economy. We are committed to growing Africa’s green capital for a smart, clean and climate resilient future. Partner with the JSE and make your green mark.

JSE. Driven for your growth. Find out how to list your Green Bond or how to invest on the Green Bond segment by visiting today. 011 520 7000 |

E+I 5151

Johannesburg Stock Exchange Ts & Cs Apply

Africa | Board Performance

Boards must embrace the 21st century

Aligning strategy and the business environment in today’s fast changing market Governance of corporate entities over the past 100 years is essentially rules-based. Since the Great Depression thousands of rules have been set for companies to guard the public from investment loss and economic collapse.

Th is follows the 20th Century belief that rules restrain human nature to yield to greed and hence, given the opportunity, the high likelihood that leaders put personal gain over their public responsibility. Despite the rules, hundreds of listed corporates and state-owned enterprises have collapsed, causing holes in pension funds, institutional and private investors’ portfolios, as well as job losses and overall negative economic impact. In South Africa, African Bank, Steinhoff, the ‘state capture’ and Eskom scandal, and rumours in the banking sector of misleading financial practices are just some of the latest sagas. In the UK, the collapse of Carillion is top of the list. In the Eastern economies, various admissions of fake quality information and bribery charges caused stock prices to decline. Germany has its VW scandal and, in the US, Wells Fargo is battling along after creating millions of fake

Karola McArthur

Director at M&D Associates customer accounts and charging customers undue insurance premiums. Of course, the circumstances in each collapse are different, but with the unfolding stories of financial acrobatics to enhance profits, designed within the rules and signed off by auditors, we have to wonder if rule-based ethics are the panacea to protect investors and economies, or if we need to review our governance approach to fit current and future realities.

Corporate governance guidelines have recognised the need for change

The King Report and Code on Corporate Governance provide guidelines for the governance structures and operation of companies in South Africa. Compliance is a requirement for companies listed on the Johannesburg Stock Exchange, but also applies to unlisted large companies and the public sector, and is subscribed to in most of Sub-Saharan Africa. Unlike other corporate governance codes, such as Sarbanes-Oxley, the code is non-legislative and is based on principles and practices that promote an ‘apply and explain’ approach. The overriding philosophy of the code is to achieve sustainability, i.e. the

medium- and long-term survival of a company and its environment, underpinned by effective, ethical leadership and transparent reporting. In light of external disruptive factors, deteriorating ethical leadership and in the face of failing public and private enterprises, the King IV Code became effective from April 2017, making, in our opinion, significant changes to the board’s authority. Keeping with the previous directive to steer organisations by setting the strategy and defining the governance approach thereof, it is now making the board responsible for: ■■ Approving policies and plans to effect organisational strategy ■■ Oversight and monitoring of the execution and resulting performance of the strategy ■■ Enhanced ethical and transparent reporting on performance and sustainable value creation, including the publishing of initial audit findings and mitigating actions taken Thus, the board’s role moved from the pure oversight of outcomes to also include the oversight and ongoing monitoring of inputs, i.e. the effective execution of strategy through ethical leadership, supported by enhanced transparency.

Obstacles to implementation

Faced with the new codes, many board directors question if additional governance

STRENGTHENING OVERSIGHT Boards must assess if they have the right competencies and can manage risk efficiently 70 Ethical Boardroom | Spring 2018

Board Performance | Africa mechanisms are needed and, if so, how this should be practically implemented, given the limited time independent directors typically have, the heavy burden of sub-committees and reports, and the complexity of tighter strategic execution oversight envisaged. In our discussions with various independent directors across different industry sectors and some with international appointments, we found that none of these reported on any significant changes made to their governance processes or systems since 2010 (King III directives). This is despite the fact that most agreed with the following statements: ■■ A financial audit does not adequately address the long-term sustainability of a business, e.g. ticking the box of ‘licence in place’ doesn’t address the question of ‘is the licence sustainable going forward?’ ■■ Internal auditors also often neglect the issue of long-term business viability as they typically focus on current procedures, processes and compliance ■■ While management must focus on a chosen strategic path, the board‘s responsibility is to question the strategic path itself, yet, at the most three days per annum of pondering subjective strategic proposals from management are dedicated to this ■■ Monitoring of strategic execution has thus far been limited to assessing outcome-based metrics, mainly financial and market share performance. Board directors have little or no insight to more detailed strategic execution of the plan

■■ The board’s understanding of execution progress on agreed critical strategies relies entirely on what management decides to report ■■ There is a lack of an integrated view linking strategy, risks, capability gaps, performance management, market and financial outcomes. Typically, sub-committee discussions in risk, people and finance forums have very little in common because their integrated natured is not understood nor transparent Discussing the practicality of implementing tighter strategy and execution oversight for medium and long-term sustainability, the respondents cited challenges, such as not wanting to impact the excellent relationship they have with management, the lack of deep insights into the industry, time constraints to provide meaningful strategic alternatives and the complexity of the company strategy itself as it stretches from consolidation to diversification, from IT to HR, and tackles a myriad of strategic market issues. We ’get’ all of the above, particularly the need to maintain an excellent relationship with management. But in the case of Steinhoff or VW, for example, almost all directors interviewed cited that this was facilitated by an ‘extremely charismatic CEO’ misleading the board. Is this truly a good excuse? Dominant charismatic leaders might require even more oversight and careful assessment of their assertive and persuasive proposals. They need to be balanced with a considerate and analytical chairperson and the involvement of more industry experts on the board asking pertinent questions.


RESULT MONITORING Clear metrics defined for each strategic objective and programme. Reporting is done through clear result boards, focussing on factual outcomes achieved and progress made on a real-time basis RISK ASSESSMENT Risks are identified from the strategy and the various executive-aligned programmes, then consolidated into a company risk board

EXECUTIVE RESPONSIBILITIES Each programme breaks down into projects aligned to an executive. The projects are clearly defined with resources and time horizons. Prioritisations are set and progress is updated as management progresses against these

ORGANISATION-WIDE INPUT Providing contact between the board and the organisations. Everyone can contribute ideas, issues and concerns to achieve the strategy, using a structured mechanism

The solution of a ‘strategic audit’ was rejected by most of the interviewed directors. They advocated that this added another committee, it lacked dynamic insights if done once a year, causing high audit cost and additional organisational disturbance. We therefore turned our attention to alternative practical and dynamic oversight mechanisms, leveraging technology. Understanding that the board has to focus its time and attention, priority must be given to the critical strategies, outcomes and elements in the organisation that determine sustainability. If examined closely, only four to six core strategies are truly essential to ensure sustainability. These are, typically, strategies to ensure that key assets are safe, to sustain the ‘licence to operate’, to increase cash flow return on investment, to meet customers evolving needs, to attract and retain employees, and to be a responsible corporate citizens. With the focus on these key strategies, boards then need the capability to examine the organisational alignment to these and assess whether the company has the right competencies in place, can manage associated risks and monitor if the desired impact is being achieved. The key requirement to executing good governance is having an integrated, objective and real-time view of the organisation’s actions (lacking in many companies). That can be established using software available on the market. Implementing the software makes the process efficient, using a cascading approach. This is illustrated below.


THE STRATEGIC PATH Objectives of strategic focus areas are captured, aligned to contributing business units or functions and key programmes to achieve the defined outcomes

Further cascade levels for management to link into the organisation on task level, keeping integrity of the strategy and objective bottom-up monitoring intact

We have tools that help governance in the 21st Century

Graphic © ScientrixTM

PRIORITY BOARD ISSUES The combined elements allow for structuring the board debate around key issues arising from the strategy and the organisational progress made towards its achievement. It determines the issues for each sub-committee without losing the integrated perspective EXECUTIVE KEY PERFORMANCE AREAS Executive KPIs are clearly linked to the strategic pursuit, management of risks, and results achieved, with ongoing monitoring Spring 2018 | Ethical Boardroom 71

Africa | Board Performance The technology and structured view allows board directors to drill into areas of their individual expertise without losing the overall picture of the organisation’s strategic pursuits. It allows the board to focus the organisation on its strategic priorities and provides deep insights of where the organisation progress stands, without elaborate, subjective management reports. Implementing software is seen as difficult by more technologychallenged individuals and often deemed costly, when you take into account licence fees, training and the change management required to achieve the discipline of effective usage. However, the ‘return on management time invested’ is manifold, taking the organisation and its governance into the digital age and creating meaningful insights.

What are the key interrogations we are missing at board level? Assuming the integrated drill-down system is in place, we further investigated what the missing key questions are that board directors should interrogate annually or on a quarterly basis in a strategic sustainability review. In our discussions with directors, we narrowed down on the following, currently missing, investigations to prevent collapses due to mismanagement or lack of ethical conduct:

In-depth annually review


Are the fundamental basics in place or at risk to operate sustainably For example, are the basic capabilities required to operate at required standards and to be competitive, in place? Boards assume this is in good order, but do you know? Are executives’ KPIs explicitly linked to the strategic pursuit and to ethical behaviour? If only linked to financial results, this may detract them from pursuing the strategy and seeking easier or more opportunistic ways to success, especially if the ‘how’, i.e. the desired behaviour, has not been specified Has the board validated that the majority of income streams and profit growth are indeed coming from the core business pursuit. Has it assessed alignment of the overarching financial goal with ‘the business we are conducting’? If income growth is not coming from the core, the business pursuit may be wrongly stated to investors (e.g. it’s a financing business not a trading one), raising suspicion of financial acrobatics. Steinhoff is a good example of this missing investigation



the governance approach and board 4 Iscomposition in line with the fast pace

of the 21st Century, enabling agility, demanding transparency, ensuring ethical conduct, being alert to market changes and swiftly acting on critical issues? When last did the board critically review its own conduct and assess its effectiveness in view of the changed environment? Is the board construct aligned to balance the executives’ strengths and weaknesses?

Quarterly review


Does the board have integrated, objective reporting on key programmes and a transparent view of risks, progress and outcomes? Is the board truly comfortable with the level of objective knowledge it has on how the company is run, management actions taken, focus on strategy execution, risk mitigated and outcomes achieved, at all times? Has the board become too close to management and hence lost objectivity? Signs of discomfort are if non-execs continuously


defend executive members, close off discussions on management behaviour, or are kept deliberately from contact with lower levels in the organisation. Statements, such as ‘we have to trust management’ are not in line with the trust investors place into boards to be their eyes and ears on the ground Is the broader strategy and the underlying assumptions still right? Given fast-changing markets, doing this once a year seems no longer sufficient. You need to give effect to the statement that the board needs to continuously assess if the chosen strategic path is right. Industry expertise on board level is non-negotiable and board meetings should include regular, external expert inputs on key business issues Does the board have the right priority programmes in place to achieve sustainable outcomes? Are new needs arising and should others be closed, despite sunk cost, to free capacity for more relevant programmes? Has the board listened to the concerns on the ground floor? What actions have been taken by management and the board to correct the course of key programmes in light of recent market dynamics or underperformance? Is a re-prioritisation required and is the board acting with the agility the market demands without losing caution?




In conclusion, it seems that although boards have come far to strengthen oversight, boards and governance approaches still need to go a long way in adapting to the new dynamics and tools available in the 21st Century, while learning from the many corporate collapses where boards were found wanting. Key questions remain unasked, technology to create transparency has not been sufficiently embraced and boards remain in the dark with regards to the true ongoings in the organisation. For those seeking change, also mitigating their risk of reputational damage or legal pursuits, this article aimed to provide guidance.

Assuming the integrated drill-down system is in place, we further investigated what the key missing questions are that board directors should interrogate annually or on a quarterly basis in a strategic sustainability review 72 Ethical Boardroom | Spring 2018


World-class, university level director education delivered to you completely online. • Work at your own convenience and pace to earn your Professional Director™ designation! • Gain confidence to meet the responsibilities expected of today’s board member • Build corporate governance knowledge in your business and sector

contact us today! | PROMO CODE for 10% off: ETHICAL

Africa | Governance in Nigeria

Soji Apampa

Executive Director for the Convention on Business Integrity and also serves as a Consultant on CBi projects

Nigeria’s aim to transform business The Corporate Governance Rating System sets clear goals to help correct the idea that all Nigerian businesses are corrupt In 1960, Nigeria’s gross domestic product (GDP) was $4.2billion while that of South Korea was $4billion.

By 2016, Nigeria’s GDP had grown about 100 times to $402billion but that of South Korea had grown some 350 times to $1.4trillion. According to rating agency Fitch, the sovereign credit rating for South Korea is AA- (considered a ‘high-grade investment’ category) while Nigeria’s rating is B+ (four notches below investment grade, in the ‘highly speculative’ category). The Global Competitiveness Report, published by the World Economic Forum, suggests that Nigeria is challenged by inadequate infrastructure, corruption, poor access to fi nancing, political instability and inefficient government bureaucracy, among other things. Greater investment in infrastructure, preferably by the private

sector; greater effort to prevent corruption, preferably by strengthening business and public integrity; the consequent attractiveness of Nigeria to international capital (e.g. via private equity fi rms); smoother political transitions continuing in 2019 and beyond (preferably with governments having a higher ratio of professionals to politicians than the country has had); and a reduction in government red tape, e.g. by further improving on its ease of doing business rankings, could possibly place Nigeria on the road to closing some of the gap between it and South Korea – its erstwhile comrade.

Nigeria’s needs

According to Nigeria’s Infrastructure Concession Regulatory Commission, the country’s infrastructure financing gap amounts to $100billion over the next six years or about $10billion annually, which a number of experts believe should come from the private sector.1 Sadly, according to a 2016 report by PwC Nigeria, ‘Countries with higher corruption are associated with lower

investment… Corruption threatens property rights, discouraging investment that requires high capital expenditure as businesses are unwilling to place high capital at risk”.2 The report goes further to suggest that if Nigeria were to lower its corruption levels to those found in Malaysia, by 2030, the country could add another $534billion to its GDP. The country has recently moved up 24 points on the World Bank’s ‘ease of doing business rankings’ and is putting great effort into reducing government red tape. 3 Within Nigeria itself, perceptions of corruption limit access of businesses to finance, markets and know-how. In work done by the UN Global Compact Local Network in Nigeria in collaboration with the Nigeria Economic Summit Group and the Convention on Business Integrity, it was discovered that to overcome the damage done by the perceptions of corruption, it was necessary to demonstrate a clear governance and controls framework and quality of regulatory compliance in addition to business proposition to stand a chance of attracting any form of financing.4 In frontier markets, such as Nigeria, the link between business success, business

In frontier markets, such as Nigeria, the link between business success, business sustainability and ethical conduct is not always understood by businesses who have to compete in less than ideal conditions

74 Ethical Boardroom | Spring 2018

Governance in Nigeria | Africa sustainability and ethical conduct is not always understood by businesses who have to compete in less than ideal conditions – regularly fighting to fend off crooked staff of some regulatory agencies, fighting to get a shot at business opportunities when some others already have and use their undue advantage, fighting to turn a healthy profit despite having to supplant government in its role of providing basic public goods and services, such as in meeting the energy needs of the business – 5.17 million Nigerian households and businesses run on generating sets and spend about $21.9billion annually on fuel to run these generators. 5 It then appears something of a hard sell in such contexts to say that the first priority of business should not be survival by any means necessary.

The Corporate Governance Rating System (CGRS)

Business integrity is the strict adherence to a moral code (an ethical, accountable system for making decisions, carrying out actions and other interventions) through which business discharges its commitments and obligations to each of its stakeholders, reflected in levels of transparency, honesty and corporate harmony. Integrity is increasingly one of the most sought-after qualities not only of individual employees, but also of companies globally. However, as suggested above, this cannot be divorced from the prevailing levels of ethical conduct in the context of where business operates. The Corporate Governance Rating System (CGRS) is an attempt by the Nigeria Stock Exchange at triggering business transformation. Business transformation suggests a total departure from the prevailing negative order to a new, positive order with deliberate effort over a medium to long term to yield visible, positive outcomes – it is the attempt to create market-wide change involving significant alteration, over time, in behaviour patterns, business cultural values and norms. The CGRS incentivises listed companies in Nigeria to choose the paths of integrity over ‘survival mode’ using the behavioural insight of relative ranking that ‘we are influenced by how our performance compares with others’, especially

those with similar characteristics as ourselves”.6 It uses a rating system (based on that designed originally by CBI for use by its signatories) to gather compliance information and, by linking it to instruments of the stock exchange, such as the new Premium Board and Corporate Governance Index, it promises a direct connection between quality of board decisions and the fortunes of the listed company, thereby working towards a mechanism for behaviour modification. The CGRS rates companies across some 39 indicators across five thematic areas. Companies need to reach or exceed the 70 per cent threshold in:

The Board is a platform for showcasing companies who are industry leaders in their sectors. The Premium Board features companies that adhere to international best practices on corporate governance and meet the Exchange’s highest standards of capitalisation and liquidity. A Premium Board listing gives a company access to a global pool of investors who are focussed on companies managed in conformity to the highest standards in their target markets. Companies seeking admission to the NSE Premium Board are required to satisfy one set of listing standards (i.e. standard A or B or C) for the NSE main board, as well as comply with the following:

■■ Business ethics and anti-corruption ■■ Transparency and disclosure ■■ Internal and external audit & control ■■ Stakeholder and shareholder rights ■■ Board structure and responsibilities

■■ The company must meet the minimum market capitalisation requirement of NGN 200billion on the date the exchange receives its application (or at the time of listing – for new listings)

These areas are tested in several ways – via an independently verified self-assessment made by the companies; fiduciary awareness testing of directors across those dimensions; feedback of stakeholders taken at random across the five themes; and the blind construction of scores for a company across these dimensions by a group of analysts working from a blank sheet of paper, based on what they know of the actual market behaviour of a company under review. Details of the methodology and how it is applied are available at

The Premium Board

The Premium Board is the listing segment for the elite group of issuers that meet the Exchange’s most stringent corporate governance and listing standards.

Spring 2018 | Ethical Boardroom 75

Africa | Governance in Nigeria ■■ The company must be evaluated under the NSE-CBI’s Corporate Governance Rating System and achieve a minimum rating score of 70 per cent ■■ The company must satisfy either: – A minimum free float requirement of 20 per cent of its issued share capital, or – The value of its free float shares is equal to or above NGN 40 billion on the date the Exchange receives its application to list

The Nigeria Stock Exchange Corporate Governance Index The CGI tracks the performance of the all CGRS rated companies listed on the Exchange. The CGRS is a prime requirement for eligibility of companies for admittance to the CG index. The importance of the CG index is to:

■■ Showcase companies with good corporate governance ■■ Show the level of corporate governance practices in Nigerian companies ■■ Reward companies on their corporate governance policies ■■ Increase investor confidence in companies that make their CG practices and culture of internationally accepted levels ■■ Help investors make an informed investment decision ■■ Raise the national corporate governance ceiling by complementing the existing national corporate governance framework of law, regulation and codes

CGRS implementation progress

The CGRS was launched in November 2014 after a successful pilot with a handful of companies. By 2015, three criteria for listing on the Premium Board were approved by the Nigerian Securities & Exchange Commission to include the CGRS score for the applicant. In 2016, the CGRS was made mandatory for all other listed companies by the Nigeria Stock Exchange and they got rated as a big batch through 2017. So far, of 155 equities eligible to participate, 117 started the process but only 66 had completed the process by first cut-off for compiling ratings. Forty of these made the mark and 35 have had their ratings confirmed while another 77 are still in various stages of the process and 38 are yet to start. Of 1,443 directors of listed companies, 505 have taken the fiduciary awareness training and 435 have been certified. The ratings round has now been reopened in 2018 against which the Corporate Governance Index will next be rebalanced. The Pareto principle (also known as the 80/20 rule) seems to apply even in the case of the CGRS. The 35 companies whose CGRS scores have been confirmed represent 22.5 per cent of the listed companies and about 85 per cent of value of the Nigeria 76 Ethical Boardroom | Spring 2018

Stock Exchange by market capitalisation as at 4 April 2018. This level of participation came as news filtered through directors that their peers had started taking the FACT (Fiduciary Awareness Certification Test) and passing, this fact setting up a descriptive norm – since ‘we use other people’s behaviour as a cue for what’s acceptable and desirable”.7 See the CGRS chart below).

Outlook for the future

Strengthening the CGRS The immediate outlook is to improve public access to declarations made by companies and increase the transparency of the ratings by ensuring that the public can follow the processes to see how a company was awarded what rating. We are also putting together an ISO-certifiable process to ensure the ratings process can be replicated, not only by a successor entity to the CBi in case of any unforeseen eventualities, but also in order to share a standard that could be replicated across Africa. Deepening the influence of CGRS in the private sector According to studies by the International Finance Corporation,8 96 per cent of Nigerian businesses are SMEs compared to about 53 per cent in the US or 65 per cent in Europe.9 This is a population of roughly 17.4 million entities. As an independent facilitator of collective action against corruption for SMEs, appointed by the Nigeria local network of the UN Global Compact, the Convention on Business Integrity has developed a self-assessment guide and tool for SMEs, based on the 2013 COSO Framework for Internal Controls.10,11 This was launched March 2018. It promises to help SMEs (who do not yet see the need to be constrained by business integrity principles, nor fully see its value) gain better perspective through its instrumentality to their accessing finance (as most banks are participating in the CGRS and have come to value the work done by CBi and will thus trust this initiative). And it should help multinationals, too, to reduce exposure to corruption risks from the SMEs in their

supply chains. Framed as an anti-corruption effort, there was little interest, but framed as a set of tools to help SMEs gain access to the finance they desperately seek, we are seeing keen interest. According to the Behavioural Insights Team, ‘we react differently to the same information, depending on how it is framed’. We are also taking the power of ratings a little further by applying it against the standard operating procedures and compliance at government agencies at sea and air ports in Nigeria. It is a way of increasing levels of transparency and stimulating public demand for accountability of those institutions. A group of professionals are also now studying how to apply such ratings to their practices in order to signal more ethical ways to do business successfully in a frontier market, such as Nigeria.


Nigeria is desperately in need of major financial investments and the bulk of this needs to be raised through its capital market. Capital market reforms in Nigeria are growing and the CGRS is one of them. The achievement of CGRS has enabled the establishment of a Premium Board of the Nigeria Stock Exchange and a tradable corporate governance index. The CGRS is probably the first of its type across most geographies of the world and certainly in Africa. It is a standard worth emulating and replicating and 85 per cent of the Nigeria capital market by value is now participating in the process. 1 2 pdf/impact-of-corruption-on-nigerias-economy.pdf 3https:// 4https://www.proshareng. com/news/MSME---Conference,-Events---Fairs/UN-GlobalCompact-engages-Nigerian-SMEs-/38716 5https://guardian. ng/news/nigerians-spend-n3-5tr-generating-their-ownelectricity-yearly/ 6Behavioural Insights Team 7Behavioural Insights Team 8 articles/growing_the_nigerian_economy.pdf 9https:// 10 Documents/990025P-Executive-Summary-final-may20.pdf 11


Financial services 33%

Healthcare services 0%

Industrial goods 37%

Services 1%

Powering The Growth of Africa’s Largest Economy


Africa | Governance in Nigeria

The calm after the storm Strategic leadership will boost the economy and provide Nigeria with a much-needed steady hand

In February 2018, 437 top business executives representing 35 leading companies listed on the Nigerian Stock Exchange (NSE), gathered at the waterfront Civic Centre in the highbrow Victoria Island district of Lagos, Nigeria. The prestigious venue, with its backdrop of luxury boats anchored at the jetty, is well accustomed to hosting high-profile events. Nonetheless, there was something special about this one. It was not just another event. This particular occasion held special significance for the growth and future of corporate governance in Nigeria. It was the certification ceremony hosted by the Nigerian Stock Exchange and The Convention on Business Integrity (CBi) for those 35 companies and 437 directors that had made it over the 70 per cent threshold score for the Stock Exchange’s Corporate Governance Rating System (CGRS). The companies were awarded the CGRS certification while the directors were awarded certificates for success in the Fiduciary Awareness Certification Test (FACT), a key component of the CGRS. The buoyant mood in the hall was a confirmation of the positive outlook held by the certified companies and individual directors. It is a bold step towards sustaining the high level of corporate governance demanded of companies that have signed up for the scheme.

Important investor tool

There was more to celebrate. The Corporate Governance Index (CGI) of the Nigerian 78 Ethical Boardroom | Spring 2018

Victor Banjo

Corporate Governance and Board Effectiveness Coach Stock Exchange was unveiled on the same day. The Index will track the performance of the 35 CGRS-rated companies using their market capitalisation, free float and corporate governance rating scores. The GRI will be reviewed on a bi-annual basis at which point other companies that have become CGRS rated in the interim may be added to the Index or companies that have had their ratings suspended or withdrawn may be removed. It is expected that this Index will be an important tool for investors keen on investing in well-directed Nigerian companies and companies that are keen to distinguish themselves by leveraging corporate governance. Speaking on the newly introduced Index, Oscar Onyema, the visionary chief executive officer of The Nigerian Stock Exchange said: “The launch of the Corporate Governance Index is an important milestone to strengthening listed companies by tracking their corporate governance practices. Th is index will increase transparency in our market and provide investors additional data points upon which to make sound decisions”. He added that “the companies that have successfully completed the process will be more positively looked at whilst trying to raise and access capital within or outside of our jurisdiction.” The CGRS certification is an indication that progress has been made in the quest to entrench better corporate governance practice in Nigeria. Corporate governance commentators believe there is cause to celebrate while expressing cautious

optimism after the seismic events of 2016 followed by the almost complete absence of activity around corporate governance in 2017. During a visit to the Lagos headquarters of the Financial Reporting Council in April 2017, the once bustling office was quiet like a ghost town. Officials said there was little happening since the unified code of corporate governance was suspended in October 2016.

Troubled times

The year 2016 goes down in history as the most turbulent period for Nigeria when the history of corporate governance was written. It was the year during which we witnessed the attempt by the Jim Obazee-led Financial Reporting Council (FRC) to roll out a new unified national code of corporate governance without adopting an inclusive, win-win approach. The code was issued by the FRC on 17 October 2016 but was suspended by the Federal Government on 28 October 2016 following concerns raised by a cross section of the private and not-for-profit sector. The Obazee train spun out of control and crashed amid a barrage of criticism of high-handedness and disregard for the opinion of key stakeholders. It left behind distrust and a deep sense of betrayal. Obazee forgot that corporate governance is a joint effort between the government (as the regulator) and the regulated (private and not-for-profit sector). In the wake of that blunder, Nigerian President Mohammadu Buhari dissolved the board of the FRC and removed the executive secretary/chief executive, Obazee from office. President Buhari reconstituted the FRC board under the leadership of

Governance in Nigeria | Africa Adedotun Sulaiman as chairman and Daniel Asapokhai as executive secretary/ chief executive officer. In an article published in the Spring 2017 edition of Ethical Boardroom magazine, I predicted that the Nigerian Financial Reporting Council would need to pull itself out of controversy and start a healing, consultative process with stakeholders following the suspension of the unified code of corporate governance issued by the council in October 2016. On Thursday 4 May 2017, Honourable Minister of Industry, Trade and Investment, Dr Okechukwu Enelamah, inaugurated the new board of the Financial Reporting Council of Nigeria. The board, made up of 23 members, has a highly respected technocrat in Sulaiman as chairman. He holds a first-class degree in business administration from the prestigious University of Lagos and is a graduate of Harvard Business School. Sulaiman is perfect for the role. His choice has been commended by stakeholders across various sectors. He is seen by key operators in the private sector as being ‘one of them’, while also highly respected by the public sector, having served as engagement partner on major government transformation projects. Sulaiman served as managing partner of Arthur Andersen Audit and Management Consulting Practices and country MD of Accenture in Nigeria. He has more than 28 years’ experience in transformational engagements in strategic plan development, financial management and business ethics. Sulaiman belongs to the private sector, FRC’s key stakeholder group that felt they were dealt a rough hand by the previous FRC leadership. He has served or is serving as chairman of several organisations, including Accenture Nigeria, IHS Towers, Secure ID, Nextzon Business Services, InterSwitch, MoneyBox Africa and Cornerstone Insurance Plc, and is non-executive director of Cadbury Nigeria. That is the kind of experience the FRC board will need to navigate through numerous challenges ahead.

New leadership

The new FRC executive secretary, Daniel Asapokhai also has what it takes to succeed in the role. He comes to the office with a rich consulting background. Prior to his appointment, he was a partner and a financial reporting specialist at PwC Nigeria. He struck the right tone after assuming office by jettisoning the confrontational hard stance preferred by his predecessor. Unassuming, urbane and self-assured, his approach is working. Adversarial swords have been sheathed… for the time being. Reintroducing the controversial National Code of Corporate Governance, remains a priority for the council, according to Asapokhai. Speaking at a KPMG-hosted

forum for Nigerian CFOs in October last year, he publicly acknowledged efforts made by the previous leadership of the FRC, saying “a lot of work went into the suspended code... I think within six months we should be in a position where we can expose the document for consideration.” In January 2018, he began to make good on that promise with the announcement of a technical committee, chaired by Muhammad K. Ahmad, a public sector executive with more than 35 years of experience who oversaw the growth of the pension industry in Nigeria from nought to an asset base of N4.7 trillion under management. Apparently aware that stakeholders are still wary of the council’s intent, the new leadership has said that the approach of the current board of the FRC would be significantly different from that used by the previous board within the next six months and a board committee to supervise that work had already been established. What can we expect in 2018? Following its inauguration in May 2017, the new FRC board spent seven months crafting a new strategic direction, priorities and plan for the Council in the short and long term. FRC’s short-term priorities include review and reissuance of the national code of

The Nigerian corporate governance watchdog should tap fully into the rich portfolio of advice, solutions and training that the IFC has to offer corporate governance, conducting a post-implementation review of International Financial Reporting Standards (IFRS) adoption in the country and introducing ‘IFRS-Lite’ for the Small and Medium Enterprises for the SME sector. One of the areas identified is to work with primary regulators, such as the Central Bank of Nigeria, the Nigerian Pension Commission, National Insurance Commission and Nigeria Communications Commission and others to help push its agenda. In a clear indication of the FRC board’s direction, the new chairman has stated that the absence of a National Code of Corporate Governance provided a vacuum, which industry regulators filled by introducing various sectoral codes within their respective spheres of regulatory purview. The new national code, he said, would harmonise and streamline those various sectoral codes. The committee has been directed to ‘produce an exposure draft of the code ready for release within the first quarter of this year’. The FRC has been encouraged by the strong support from international development partners. Asapokhai noted that the body

has received a much-needed boost with the pledge by the International Finance Corporation (IFC) and other financial institutions to support the work of the committee. IFC has always maintained that corporate governance practices are still insufficiently known and poorly implemented in some West African countries. Through its Africa Corporate Governance Programme, IFC, with the cooperation of Switzerland’s State Secretariat for Economic Affairs, is committed to helping Nigerian businesses adopt good corporate governance practices. IFC believes such adoption can help companies enhance operational and financial performance, mitigate risk, safeguard against mismanagement and help companies attract new investments and capital to finance their growth. The Nigerian corporate governance watchdog should tap fully into the rich portfolio of advice, solutions and training that the IFC has to offer.

Better awareness

A 2016 report titled the State of Corporate Governance in Africa: An Overview of 13 Countries published by the African Corporate Governance Network and NEPAD Foundation, reported an increasing awareness of the importance of sound corporate governance as a major factor in the quest to attract foreign direct investment into Nigeria. It predicted that corporate governance will drive economic performance and growth of the economy. We are beginning to see that. We expect increased advocacy with the entrance of a new professional membership body called the Association of Corporate Governance Professionals of Nigeria. Formed in June 2017, it has the vision to become the national reference point in corporate and organisational governance. This new addition will bring added dynamism to the vibrant scholarly leadership that the Society for Corporate Governance Nigeria has championed for more than 10 years. With the successful launch of the Nigerian Stock Exchange Corporate Governance Index, I expect greater adoption of best-inclass corporate governance practices. Stakeholders are looking to the board of the Financial Reporting Council of Nigeria to provide strategic leadership that will boost the economy. The board, which has representatives from seven government agencies (including the central bank and the Inland Revenue service) and 12 professional membership associations representing chartered accountants, stockbrokers, estate surveyors and valuers and chambers of commerce, will need the collective knowledge and wisdom offered by its diverse membership to navigate the tortuous road ahead. Now that the storm is over, the FRC ship can be steered safely to shore as it sails in calmer waters. Spring 2018 | Ethical Boardroom 79

Africa | Board Organisation

Nigerian directors and board effectiveness A review of corporate governance that endeavours to instill values-based principles in every boardroom is to be welcomed It is no longer news that good corporate governance has direct correlation to board effectiveness, fi rm success and sustainability.

Directors have similarly been acknowledged as being among, if not the key participants and stakeholders in the corporate governance value chain. In Nigeria, the awareness of corporate governance and the importance attached to it is taking on increasing significance. Thus, the roles of directors as a collective, that is as the board of directors and as individuals in the life of a company, cannot be over-emphasised. Given their joint as well as several responsibilities, it is no surprise that directors take interest in better understanding their roles as well as what makes for enhanced board effectiveness, hence the increasing attention to corporate governance awareness and training.

Defining directors

Nigerian law defi nes directors as ‘persons duly appointed by the company to direct and manage the business’ (section 244[1] the Companies and Allied Matters Act Cap C20 Laws of the Federation of Nigeria 2004 [CAMA]). However, by virtue of section 245(1) CAMA, notwithstanding that they were not ‘duly appointed by the company’, a person in accordance with whose directives the directors of a company are accustomed to act, is also deemed to be a director of the company albeit a ‘shadow director’. In addition to these, however, CAMA makes further provisions regarding those who either hold themselves to be, or are held by the company to be directors, leading unsuspecting third parties to believe that they were indeed duly appointed by the company. Section 244(2) states: “in favour of any person dealing with the company there shall be a rebuttable presumption that all persons who are described by the company as directors, whether as executive or otherwise, have been duly appointed’. Section 244(3)(4) makes it an offence for a person not duly appointed to act as though he/she had been and for the company to hold him/her to be as such. It also empowers members of the company to take action against both the director and the company to stop the 80 Ethical Boardroom | Spring 2018

Nechi Ezeako

Executive Director, Institute of Directors Nigeria Centre for Corporate Governance illegality. Section 250 exonerates the company from liability or consequences for the acts of a person who, though not duly appointed, purports to act on behalf of the company; the person is personally liable in such a case. The section, however provides that if it is the company that holds him/her to be a director then his/her actions shall bind the company. The definition of directors, as per section 244(1), envisages two elements. The fi rst relates to the appointment or mode of appointment of the directors, which must have passed through due process. Thus, they must be ‘duly’ appointed by the company. Th is, therefore, raises the question, ‘what is due process in the appointment of directors or how can a director be duly appointed by the company?’.

Appointment process

In practice, apart from the first directors –whose names are usually mentioned in the company registration documentation – the appointment of directors is usually down to the board. The articles section of the memorandum and articles of association of a company (MemArt) usually stipulate the minimum and maximum numbers of board members a company can appoint. Provided that the maximum board size has not been attained, the board of directors is empowered by virtue of section 249(1) CAMA to appoint directors to fi ll any ‘casual vacancy’ arising on the board due to death, resignation, retirement or removal. Indeed, section 249(3) CAMA empowers the directors to make fresh appointments to the board not occasioned by any of these events, but within the limits set in the articles. However, the appointments so made by the board are subject to approval by the next annual general meeting (AGM) of the shareholders (section 249[2]). Any director whose appointment is not confirmed at the next AGM ceases to be a director of the company. It is noteworthy that although their appointments are required to be approved by the next AGM, such directors, when

appointed by the board, are deemed to be duly appointed and can act on behalf of the company for any period prior to the next AGM. Furthermore, even if a particular director is not approved and therefore removed by the AGM, the acts of the director on behalf of the company prior to the AGM remain binding on the company. Although the board of directors cannot expand the board size beyond the provisions of the articles, the shareholders at the AGM can increase or reduce the number of directors generally (section 249[3]) and can indeed amend the provision of the articles. Thus, the process of appointment to the board commences with the board and ends with the AGM. In some industries/ sectors in Nigeria, directors’ appointments are also subject to the approval of a regulator. A case in point is the financial services sector, where the appointment of board members is subject to the approval of the Central Bank of Nigeria (CBN). Indeed, notwithstanding any other process that the company may have undertaken in that regard, no director of a bank can be appointed without meeting the CBN guidelines on fit and proper persons regime (CBN Code of Corporate Governance for Banks and Discount Houses in Nigeria 2014) as well as the written approval of the CBN. Where any bank purports to appoint a director, or any director holds out himself/ herself as having been so appointed without CBN approval, stringent consequences will flow against the bank and the director from the regulator. The second element of the defi nition in section 244(1) CAMA deals with the purpose for which directors are appointed; ‘to direct and manage the business’. Companies are created to be run on a going concern basis, which outlives even their founders. They are expected to deliver specific service for which they were set up to their stakeholders and to provide returns and benefits to their shareholders. To achieve these objectives, companies must be run efficiently and in a sustainable manner. As stated earlier, the sustainability of a company is directly correlated to corporate governance practices in the entity and the effectiveness of its directors and the board. So, what is board effectiveness?

Board Organisation | Africa

Companies are created to be run on a going concern basis, which outlives even their founders. They are expected to deliver speciďŹ c service for which they were set up to their stakeholders and to provide returns and beneďŹ ts to their shareholders

BECOMING A DIRECTOR Appointments begin with the board and end with the AGM

Spring 2018 | Ethical Boardroom 81

Africa | Board Organisation

Board effectiveness

To contextualise board effectiveness in this discourse, we take notice of the two key words that make up the phrase. The word board refers to a board of directors or other governance body by whatever name it is called. The King IV Report on Corporate Governance for South Africa 2016 adopted correctly, in this writer’s view, the expression ‘governing body’ to mean ‘the structure that has primary accountability for the governance and performance of the organisation’. This includes a board of directors, a board of governors, a governing council or any other phrase that an organisation or institution may use in addressing its governing body. Simply put, a board of directors is a group of persons elected or appointed with the responsibility for providing oversight and direction in the management of a company. The word ‘effectiveness’ is usually and most appropriately defined through a comparison between output and purpose. Thus, Wikipedia defines effectiveness as ‘the degree to which something is successful in producing a desired result’. Some of its synonyms are success, efficacy, productiveness, fruitfulness and potency. In the context of the board of directors, therefore, effectiveness must take into account the purpose of the company. Given the going concern basis that is foundational to company law, including Nigerian company law, the extent to which the board is able to enhance and assure the company’s sustainability would, in this writer’s view, point to the effectiveness of the board. Sustainability connotes several concepts, chief among which, is long-term viability – the ability to support or maintain an activity or process over the long term. In business, the concept of sustainability is often looked at from the perspective of the ability to manage the triple bottom line of people, planet and profits (Financial Times). The primary responsibility for directors to maintain sustainability of their company places on them the duty of implementing the key corporate governance concepts introduced by the Cadbury Report 1992, established and adopted by the Organisation for Economic Cooperation and Development (OECD) (1999 and 2004), which are: ■■ Accountability ■■ Responsibility ■■ Transparency/honesty/openness ■■ Integrity and ethical conduct ■■ Independence/objectivity and absence of influence ■■ Reputation/reputational risk ■■ Fairness Various parameters aid the assessment of whether a board is effective and how effective it is. Whether the board meets all or any of these parameters helps in assessing its 82 Ethical Boardroom | Spring 2018

effectiveness. They include the following. An effective board: ■■ Develops and promotes its collective vision of the company’s purpose, its culture, its values and the behaviours it wishes to promote in conducting its business ■■ Provides direction for management ■■ Demonstrates ethical leadership, displaying and promoting throughout the company behaviours that are consistent with the culture and values it has defined for the organisation ■■ Creates a performance culture that drives value creation without exposing the company to excessive risk of value destruction ■■ Makes well-informed and high-quality decisions, based on a clear line of sight into the business ■■ Creates the right framework for helping directors meet their statutory duties under the Companies & Allied Matters Act, and/or other relevant statutory and regulatory regimes ■■ Accountable to stakeholders, particularly those that provide the company’s capital ■■ Thinks carefully about its governance arrangements and embraces evaluation of their effectiveness A critical factor that assists in ensuring board effectiveness is board evaluation and appraisal. Experience shows that board evaluation exercise when deployed by independent professionals tends to be much more objective and effective in determining the way forward for the board, including areas for improvement, than when conducted by in-house persons. However, due to the fact that the Securities and Exchange Commission Code of Corporate Governance for public companies in Nigeria 2014 (SEC Code), required that boards conduct an annual evaluation exercise of their performance but did not expressly stipulate that the exercise should be conducted by independent consultants, some companies are more inclined to carry out internal evaluation of their boards by the company secretary or other officer. They do this in order to be seen to have fulfilled the letter of the code, thereby treating the issue as a mere checkbox activity.

National Code of Corporate Governance

Not surprisingly, when the now suspended National Code of Corporate Governance 2016 came into being on 17 October 2016 – with its mandatory provisions requiring boards to undertake a ‘formal and rigorous annual evaluation’ of the performance of the board, its committees, the chairman and each individual committee member and that the performance evaluation exercise be carried out by external consultants at least once in every three years – some organisations

started to comply. This again confirms the tendency for some boards to adopt a checklist approach to governance. They carry out the minimum required exercises largely due to the fact that it is a regulatory requirement. However, as this writer has previously opined, a mere checklist compliance approach to corporate governance does not in itself amount to or assure board effectiveness. True corporate governance goes beyond compliance to adopting the spirit of good practices and entrenching them as an organisational culture with the leadership – the board of directors or other governance body, setting the tone. The tone at the top is critical to corporate sustainability and success. The Financial Reporting Council of Nigeria has set up a technical committee charged with responsibility for reviewing the suspended National Code of Corporate Governance. The technical committee had until 31 March 2018 to present its report to the board of the FRC and held various public hearings to get the input of stakeholders into the process. That deadline has now been extended. The approach adopted by the technical committee in engaging with stakeholders so as to get the buy-in from those who will be responsible for implementation of the code when released, is a welcome strategy. Some of the areas of concern being addressed by the code review include: ■■ Mandatory vs voluntary The need to aim to exceed mere check-box compliance and aspire to attain an apply-and-explain philosophy (similar to that adopted by the King IV Report), which sees corporate governance not merely as a mindless act of compliance but as a deliberate values-based corporate culture ■■ Code application Clarity is needed as to which organisations are to be governed by the code, including sectoral codes, such as private sector, public sector and not-for-profit codes ■■ Identifying and situating Addressing the conflict between controlling shareholders and minorities as the dominant corporate governance challenge in the Nigerian context as distinct from the Anglo-Saxon problem of the agency theory, which highlights the conflict between shareholders and managers ■■ Monitoring Emplace appropriate mechanisms for implementation and monitoring including in collaboration with such appropriate organisations as IoD, ICSAN and IIA Although, in this writer’s view, the initial timelines that the technical committee was expected to work with was rather short, the commencement of this review is very welcome indeed as it is expected to produce national codes that will address governance practices and help entrench values-based corporate governance standards in the country.



For enquiries and feedback, kindly contact For enquiries and feedback, kindly contact ZenithDirect, our 24hr interactive Contact Centre: ZenithDirect, our 24hr interactive Contact Centre:

+234 1 278 7000, +234 1 292 7000, +234 1 278 7000, +234 1 292 7000, +234 1 464 7000, 0700ZENITHBANK +234 1 464 7000, 0700ZENITHBANK

Corporate Governance Awards | Introduction

The benefits of good corporate governance Middle East & Africa Winners Corporate governance defines the responsibilities of key decision-makers within an organisation and sets the foundation for business performance. Practices and rules are customised to local conditions and expectations, with a clear linkage between good corporate governance and economic development. Historically, a lack of infrastructure, poor communication and scant guidance has hindered development and growth in Africa, but the emergence of codes and good practices in a number of African countries has led to a boost in investor confidence and there are signs of encouraging growth. The Nigerian Stock Exchange (NSE) powers the expansion of Africa’s largest economy. In 2015, it launched a new listing platform – the Premium Board – for those publicly listed companies that meet its most stringent corporate governance and listing standards. Companies aspiring to be listed must achieve a minimum score of 70 per cent on the rating system. Most recently, Seplat Oil, Access Bank, United Bank for Africa and Lafarge satisfied the standard set by the NSE, joining Dangote

Cement Plc, FBN Holdings Plc, and Zenith International Bank Plc, which migrated to the list in 2015. On joining the Board, Seplat Oil’s co-founder and CEO Augustine Avuru said: “If you make the best practice of corporate governance as a culture, you will ultimately see the result and that is what you are seeing. Every time I talk about governance as a matter of a culture and being imperative for us to deliver long term and sustainable good performance – we really do believe in it.” In South Africa, investors say business confidence is improving. In a recent interview with MoneyWeb, Investec’s Chris Freund said the arrival of President Cyril Ramaphosa, in office since February, has spurred optimism among stock traders who are already noting changes in Africa’s most industrialised market. He beleieves

corporate governance has a ‘much higher importance now than it did a year ago, essentially because people have had a very vivid example of how much damage bad corporate governance can do’. In the Middle East, business leaders also stress the role of corporate governance in maintaining the highest standards of ethical conduct and promoting commitment to effective oversight, leadership and reporting. The key message at the inaugural Governance in Focus forum, which took place in Riyadh in April, was that collaboration between private sectors and government is fundamental to boosting corporate governance frameworks and enhancing the region’s economic growth. Discussions at the forum highlighted the changing expectations of investors and the actions required of regional companies to adopt effective environmental, social and governance practices to boost investment opportunities. The Ethical Boardroom Corporate Governance Awards recognise and reward outstanding companies that have exhibited exceptional leadership in the area of governance. The awards highlight the important role that corporate governance plays in dictating a company’s success and a board’s contribution to the creation of long-term value. Ethical Boardroom is proud to announce its Corporate Governance Awards Winners in Africa and the Middle East.

In the Middle East, business leaders stress the role of corporate governance in maintaining the highest standards of ethical conduct and promoting commitment to effective oversight, leadership and reporting

84 Ethical Boardroom | Spring 2018

The Winners | Corporate Governance Awards


Telecoms Bahrain Telecommunications Company BSC Bahrain

Conglomerate Saudi Basic Industries Corporation Holdings Savola Group Mining Ma’aden (Saudi Arabia)

Construction Materials Lafarge Africa Plc

Transportation & Logistics Aramex

Food & Beverage Nigerian Breweries Plc

Utilities (State-owned) Dubai Electricity & Water Authority (UAE)

Financial Services Zenith Bank Plc Holdings FBN Holdings Plc (Nigeria)

Financial Services Abu Dhabi Commercial Bank PJSC

Conglomerate The Bidvest Group Ltd Industrial Services ArcelorMittal South Africa Insurance MMI Ltd Mining Kumba Iron Ore Ltd Pulp & Paper Sappi Ltd Real Estate Investment Trust Redefine Properties Ltd Telecoms Vodacom Group Ltd (South Africa)

Spring 2018 | Ethical Boardroom 85

Global News Middle East Aramco names first female director

Saudi women dispute the ‘skills myth’ More than half of women in Saudi Arabia say the perception that they are not equipped with the necessary skills to work is hindering their success and employment. Research from professional networking firm LinkedIn found that 52 per cent of women feel held back by the ‘myth of a lack of skillsets’. Findings from LinkedIn’s study did show that more than 60 per cent of Saudi women and recruiters agree there is great progress and effort being made in the kingdom towards achieving Saudi Arabia’s vision to increase women’s participation in the workforce from 22 per cent to 30 per cent by 2030.

Saudi Aramco, the world’s largest oil company, has appointed a woman to its board for the first time, in a milestone move for Saudi Arabia. In Saudi Arabia, only one-fifth of women work and there are very few women executives. Lynn Laverty Elsenhans, who previously served as the chairwoman, president and chief executive of US oil refiner Sunoco Inc, is among five new members added to Saudi Aramco’s board. Other new members also include Peter Cella, former president & CEO of Chevron Phillips Chemical Co, and Andrew Liveris, director of DowDuPont Inc and the CEO of the Dow Chemical Company. The Saudi government plans to float around five per cent of Aramco in an initial public offering — the world’s largest — later this year or in early 2019.

UAE banks address crime compliance

Good governance will ‘drive Saudi growth’ Pearl Initiative, the Gulf-based non-profit organisation, held its first Governance in Focus forum in April with an emphasis on good corporate governance and ethical conduct. Co-hosted by oil giant Saudi Aramco, the forum attracted an audience of business leaders, executives, officials and experts from across the Gulf Cooperation Council region. Badr Jafar, founder of the Pearl Initiative, said: “The Governance in Focus forum has brought together multi-stakeholder

86 Ethical Boardroom | Spring 2018

leaders from across the region and internationally to deliberate some of the most pertinent issues affecting our business environment today. “The forum marks the beginning of the Pearl Initiative’s strategic relationship with Saudi Aramco, an invaluable member of our growing network of partner companies from across the gulf region committed to a vision of thriving economies underpinned by a private sector that embraces good governance as a pillar of sustainable growth.”

Banks in the Middle East are becoming increasingly proactive about financial crime compliance, according to Deloitte’s second annual regulatory review. The consulting firm’s Middle East 2018 Financial Services Regulatory Barometer reveals the top ten regulatory priorities for banks in the UAE, from recovery and resolution planning to financial crime compliance. It says the ‘vast majority’ of banks now have a dedicated unit to address compliance and conduct enhanced due diligence in-house with a proactive approach important ‘to identify and address vulnerabilities, maintain awareness of regulatory requirements, and ensure communication channels remain open between all concerned parties’. Other regulatory priorities for banks in the Middle East include cross-border compliance, capital calibration, risk and compliance culture, data and regulatory reporting.

Bridging Corporate Governance Global Experiences October 3-9, 2018 Join Hawkamah’s 3 International Corporate Governance Study Tour to: rd

• Understand the governance trajectory in Singapore and Malaysia that enabled their growth and innovation • Expand your international network of regulators, institutions, decision-makers, and corporate governance drivers in these markets • Gain a better understanding of the challenges and opportunities for corporate governance in Singapore and Malaysia, and reflect on the viability of their initiatives in our region For more information, contact:

Middle East | GCC Governance

Board effectiveness in the Gulf The GCC Board Directors Institute (GCC BDI) undertakes a biannual board effectiveness survey. Our 10th anniversary survey of GCC boards has highlighted significant progress realised in the institutionalisation and effectiveness of boards in the region, fostered primarily by the evolution of the regulatory standards for listed companies and banks and of the Companies Law for privately held companies. While there has been a convergence in the regulatory standards, which in the future may facilitate initiatives aiming to unify regulatory frameworks across the region, the challenges facing directors across the GCC remain diverse. They vary not only by sector and company ownership, but also based on the legal responsibility placed by local regulators on boards. The approach of regulators in terms of rule-making and enforcement has also been an important determinant of the effectiveness of GCC boardrooms. Based on the results of the survey and interviews conducted by GOVERN on behalf of GCC BDI in preparation of the survey, GCC BDI has made as series of recommendations for both regulators and board members to guide governance reform in the region. While some recommendations are policy-oriented, others are aimed at boards to help guide further governance improvements. Ultimately, these recommendations are aimed at advancing the state of corporate governance implementation in the region, to facilitate capital raising by companies and to attract investment.

Regulators should maintain dialogue with the private sector

While the body of corporate governance regulations has been developing impressively over the past decade, board members feel that regulators should maintain an active dialogue with boards and senior executives to ensure that governance requirements produced by securities, banking and other regulators are aligned and to seek private sector feedback on specific provisions. While recent revision of corporate legislation in some GCC countries has eliminated certain discrepancies, board members feel that inconsistencies remain, notably in regulations applying to listed companies and banks. In particular, directors are concerned that in some countries the speed of governance

88 Ethical Boardroom | Spring 2018

A decade of change in GCC boardrooms: progress and challenges ahead Jane Valls

Executive Director, GCC Board Directors Institute reforms has been excessively rapid for boards to effectively integrate the required changes, especially in the current context where boards have to also ensure compliance with a number of regulatory requirements concerning tax, labour and other laws. In this regard, the transition of corporate governance codes from ‘comply or explain’ to a mandatory approach has its risks as board members are concerned that not all provisions are relevant and appropriate for companies of all sizes and sectors. These observations underscore the need for better public-private dialogue, which can be facilitated by regulatory consultations allowing companies and industry associations to provide feedback. Such consultations may help address specific

Whilst GCC companies are increasingly operating beyond their borders in order to conquer new markets, the composition of their boards is rarely international, with the exception of blue-chip-listed companies that have realised the benefit of international expertise

concerns of board members, such as remuneration limits. In addition, survey participants thought that enhanced dialogue among regulators is necessary to ensure regulatory expectations are aligned.

Family–owned companies need to be better incentivised and supported

The governance of private, family-owned companies has been much discussed, but remains largely unaddressed, except in the recent revision of corporate legislation in the UAE, Saudi Arabia and Kuwait where it strengthens provisions bearing on board level governance as well as shareholder rights and transparency. At the same time, many of these companies in the GCC remain ‘too big to fail’ and the consequences of their governance deficiencies might have an impact beyond their own sustainability. Further measures are needed to improve the governance of family companies by creating positive incentives for families to adopt good governance and integrity practices. Considering many large, family-owned companies interact with the government as suppliers or contractors, governments have an opportunity to request that its suppliers have appropriate governance structures in place, including at board level. Non-binding recommendations and toolkits to support the implementation

GCC Governance | Middle East of such practices, ensuring their compliance with domestic laws, can be produced by government entities or governance NGOs operating in the region. For instance, board evaluation templates can be provided to boards of family companies through Chambers of Commerce or industry associations. Case studies of leading family companies that illustrate how the adoption of good governance practices is implemented by boards and at the operational level would be useful.

SOE governance requires custom governance approaches

While some state-owned enterprises (SOE) in the region, especially those with publicly -listed equity, operate according to world-class governance standards, others lag significantly behind the private sector, especially in terms

of their transparency. Many state-owned enterprises continue to operate without boards or do not constitute boards for their subsidiaries (Amico, 2017). In order to encourage private sector development in the region, governments need to ensure that SOE boards are subject to standards similar to those prevalent in the private sector. State-owned companies, whether wholly or partially state-owned, should be encouraged to adopt formal governance structures and processes that are explicit about board nomination processes. Director appointments to boards of state-owned companies should be subject to a rigorous qualifications standard and it might be useful to limit the number of mandates that a given board member might hold on SOE boards, as has been done for listed companies. As recommended by the OECD, the incidence of public servants and high-level decision-makers, such as ministers and secretaries of state, serving as directors on boards of state-owned enterprises should be limited. However, to the extent that they are appointed to represent the interests of governments on boards of SOEs, they should be remunerated.1 Furthermore, directors appointed by the state should be equally responsible before the law as any other directors and SOEs should not be exempt from the relevant governance standards that apply by virtue of their listing or other activities.

Board diversity in the GCC needs to be proactively fostered

As highlighted by the survey results, GCC boardrooms remain quite undiversified. The persistently low representation of female board members in the GCC, as well as

Good governance in the Gulf Boards need to evaulate their effectiveness and keep an eye on governance tools

lack of diversity from the perspective of age and nationality, is noteworthy. While GCC companies are increasingly operating beyond their borders in order to conquer new markets, the composition of their boards is rarely international, with the exception of blue chip listed companies that have realised the benefit of international expertise. As large GCC companies are increasingly operating across the region, it is advisable for them to recruit talent from other jurisdictions. Indeed, despite the close cultural similarity of GCC countries, the presence of GCC country nationals on boards outside their home country is rather low. This is unfortunate, considering the limited pool of directors in individual countries and the potential benefit that boards could derive from the expertise of nationals of neighbouring countries as well as international experience. Seeking to address gender imbalance remains an important corporate and policy objective as female representation on boards in the GCC remains one of the lowest globally. While some progress has been realised due to the efforts of organisations, such as the 30% Club and REACH, most jurisdictions in the region have decided not to introduce quotas requiring female representation on boards. Requiring boards to demonstrate that they have considered female candidates for any new board openings can foster a culture of gender inclusiveness and this approach is currently being experimented with in the UAE. It is recommended that other regulators in the region adopt similar non-binding approaches, including voluntary quotas and reporting, and requiring companies to disclose measures that have adopted to improve board diversity, including in terms of gender.

Board and executive appointment, remuneration and succession planning requires attention Aligning executive and board remuneration with corporate performance has been an important governance topic in the wake of the financial crisis. Although, given the controlled structure of GCC companies, compensation arrangements have been less controversial in the region than internationally, a number of regulators in the region have introduced limits on board member compensation, which the private sector feels constrains the recruitment of qualified board members who are increasingly expected to be held accountable.

Spring 2018 | Ethical Boardroom 89

Middle East | GCC Governance Board members feel that limitations on board remuneration are detrimental to attracting qualified talent to the region’s boards. Considering that the majority of board representatives on boards are appointed by or are indeed the controlling shareholders, the agency risks are relatively low. On the other hand, significantly constraining the remuneration of board members can limit the ability of GCC boards to recruit international talent, especially in light of the growing legal responsibilities placed on board members. Succession planning for executives and board members requires more careful reflection. As regulators have introduced additional provisions that link board tenure and independence, at least for listed companies and banks, the relatively long tenure of GCC board members will likely shorten. This will require an active approach by GCC boards to recruit talent and will require putting in place board evaluation mechanisms to determine gaps and proactively seek board members with the required profile.

Risk management processes need to be reviewed and reinforced

Risk management involves the establishment of accountability for managing risks, specifying the types and degree of risk that a company is willing to accept in pursuit of its goals and how it will manage the risks it faces. In light of the multiplication of risks that board members say they face, it is critical that suitable and scalable risk management processes are introduced. In high-tech and sophisticated industries, such as banking, further processes to manage risks may be necessary and it is recommended to introduce the role of a chief risk officer reporting to the board. Board charters and manuals should clearly set out board responsibility in overseeing the risk management system to ensure companies comply with the applicable laws and regulations, including environmental, labour, tax and other sector specific requirements. The responsibilities of audit and risk management committees should be made clear and these committees should feature a sufficient number of non-executive and independent directors in line with international best practices. For companies with international operations, charters and manuals should specify how risks will be addressed and reported enterprise-wide, including in subsidiaries. A number of large SOEs and family conglomerates have established subsidiary boards in order to cascade the responsibility for strategy and risk management. It is important to empower these boards in order to hold them accountable for performance at the subsidiary level. 90 Ethical Boardroom | Spring 2018

The ownership structure of GCC companies requires strong conflict of interest provisions and disclosure

The controlled ownership structure of GCC corporates necessitates the introduction of strong conflict of interest provisions, which need to be integrated in board charters and other relevant documents governing the board interactions. While conflict of interest situations have been addressed in detail by regulators for listed companies and banks, further attention is required to ensure that board members are not conflicted and when conflicts of interest emerge, adequate procedures are in place to address them. The introduction of rules governing related party transactions (RPTs) are crucial in this regard as is the role of the audit committee in overseeing RPTs. The introduction of a lead director role is also a potential way forward to reinforce board independence in the GCC. For these provisions to be effective, members of the board, key executives and controlling shareholders should have an obligation to inform the board where they have a business, family or other special relationship outside of the company that could affect their judgement with respect to a particular transaction or matter affecting the company. Disclosure of the ownership structure, as well as the profile of the board, including executive and nonexecutive members, is critical in this regard as it allows shareholders to get insight into the company governance practices.

As a result of the recent revision of corporate governance codes and corporate laws in the region, the minimal frequency of board meetings is set by the relevant legislation Improving disclosure of privately-held companies is important as it remains limited to financial information only and often does not include management discussion and analysis. Large companies and those operating in regulated sectors should be required to produce a corporate governance report that does not merely indicate board and committee composition but presents, in a meaningful manner, key corporate decisions and the rationale underpinning them.

Conduct of board meetings requires further formalisation and support by a board secretary* Although board dynamics cannot be regulated and need to stem from a corporate culture that is conducive to good governance and accountability, it is important that board interactions are structured around key issues that the board is accountable for,

while limiting any intervention of the board in the day-to-day operations, which should remain the prerogative of the management. As a result of the recent revision of corporate governance codes and corporate laws in the region, the minimal frequency of board meetings is set by the relevant legislation. While the actual dynamics and conduct of board meetings are difficult to control through regulatory provisions, the introduction of a dedicated board secretary professionalises the interactions among board members and ensures that the board remains focussed on crucial issues. Directors report that in light of the challenging global macro-economic climate and region-specific challenges, they are required to spend more time on the exercise of their duties. It is therefore important to channel their time to the most value-adding activities. A dedicated board secretary who is not a member of the executive team (i.e. head of the legal department) can help professionalise board discussions and other crucial functions, such as organising board evaluations. As highlighted in this report, board evaluations are increasingly being introduced across GCC companies and need to be harnessed as a method to identify weaknesses in board performance and actively address them, not only by provision of training to board members.


GCC BDI’s fifth report shows that board effectiveness and corporate governance have come a long way in the GCC in the past 10 years. Corporate and system failures globally, and an increasingly complex regulatory environment regionally, have sharpened the focus on good governance. From being an honorary role a decade ago, the report shows that director responsibilities are taken more seriously in the region today. While there has been much improvement in the last 10 years, there is still more to do and our report shows that the key area of focus for improvement is still board composition and directors’ capabilities. In addition to better board composition, regulators are increasingly recommending that boards introduce the role of a professional board secretary and conduct annual board evaluations. These are both subjects that need more focus and attention as GCC boards still do not fully understand the benefits of a professional board secretary and a well-executed external board evaluation as key drivers of board performance and effectiveness. For a copy of the GCC BDI’s 5th Board Effectiveness Report, please see our website * In this report we assume the term board secretary and company secretary to have the same meaning. In some GCC countries, such as Kuwait, legal provisions prevent civil servants appointed on boards of SOEs from being remunerated.


Download the App, experience the brand RAK Insurance mobile app is now available for download. It offers: • Easy access to your medical network • A wide range of insurance products online • Exclusive customer portal • Emergency contact services • Simple and hassle-free guidelines on how to make a claim We believe that a beautiful tomorrow begins with a wiser today.

800 RAKI (7254)

Global News Australasia Directors quit Moon Lake board of directors Five non-executive directors have resigned from Australia’s largest dairy after disagreeing with its Chinese owner over the company’s future direction. Moon Lake is owned by Chinese businessman Xianfeng Lu following his purchase of the Van Diemen’s Land Company (VDL) dairy farms in north-west Tasmania in 2015. Former deputy chair Dr David Crean and non-executive directors Keith Sutton, Rob Poole, Bruce Donnison and Simon Lyons resigned en masse. Evan Rolley,

chief executive of Moon Lake’s subsidiary company VDL Farms, will not extend his contract beyond 30 June 2018. Dr Crean told the Australian Dairy Farmer that the resignations were in response to Xianfeng Lu’s rejection of the board’s advice on corporate governance restructuring and refusal to invest in new dams and irrigation across 24 Tasmanian properties. Lu said the company’s restructure had been approved by the foreign investment review board and ‘needed to change’ in order to best achieve strategic goals.

Women In Governance Awards axes sponsor Governance group Women On Boards cancelled a major sponsorship deal with Russell McVeagh, following allegations of sexual misconduct at the New Zealand law firm. Women On Boards, a membership organisation and a business unit of Governance New Zealand, decided it was ‘not appropriate’ for the law firm to sponsor its annual awards in ‘view of the recent controversy’. Russell McVeagh chief executive Gary McDiarmid confirmed that the firm had received ‘serious allegations’ about events in Wellington

more than two years ago and that the ‘subjects of the allegations had left the firm after an investigation’. The Women In Governance Awards, which took place in Auckland on 10 May, recognise and celebrate innovation, excellence, creativity and commitment to diversity by both organisations and individuals. The University of Waikato replaced Russell McVeagh as an award sponsor.

CBA ‘sorry’ over governance failings Commonwealth Bank of Australia (CBA) has apologised after a damning report slammed its ‘inadequate oversight’ and ‘widespread sense of complacency’. The Australian Prudential Regulation Authority (APRA) commissioned a report into Australia’s largest bank. following allegations that CBA had breached money-laundering laws. The report found that, despite CBA’s financial success, the bank had ‘fallen from grace’ in the eyes of the Australian public due to the bank

92 Ethical Boardroom | Spring 2018

being ‘reactive’ to issues and having a ‘tin ear’. APRA chairman Wayne Byres said the inquiry’s findings showed CBA’s governance, culture and accountability frameworks and practices were in need of considerable improvement. The bank’s recently appointed chief executive, Matt Comyn, said: “We let down our customers, we let down our regulators and, as management, we let down our people. I am sorry and can assure you that I am committed to doing what it is necessary to put things right.”

Stock exchange proposes gender diversity rules ASX Ltd, which operates Australia’s main stock exchange, wants businesses to formulate and disclose diversity policies. The fourth edition of the ASX Corporate Governance Council Principles and Recommendations, due to commence in July 2019, calls for listed companies to produce measurable objectives for achieving gender diversity in the composition of its board, senior executives and workforce. Companies in the S&P/ASX 300 Index should have at least 30 per cent of each gender represented on their boards, according to a draft consultation posted on the ASX website. Among Australia’s 200 biggest public firms, women hold 27 per cent of board seats with 74 companies meeting the 30 per cent target, according to recent figures from the Australian Institute of Company Directors.

Brenner steps down as AMP chair

Catherine Brenner (above) has resigned as chairwoman of AMP, Australia’s largest-listed wealth manager, after the company admitted misleading the Australian Securities and Investments Commission. A public inquiry found that the Australian financial services company systematically charged customers fees when it provided no services and misled the corporate regulator on at least 20 occasions. Craig Meller, AMP chief executive, has also resigned. Mike Wilkins, AMP’s acting chief executive, has taken over as executive chairman until replacements are appointed. The board fees of all directors will be cut by 25 per cent in 2018 in recognition of the collective governance accountability for the issues arising at the inquiry, AMP announced.

Regulatory Compliance | Responsibility

Changing corporate cultures Companies can make a big impact in communities by engaging with issues that matter to them and to society at large The brave and bold disclosures of The Silence Breakers, the global attention on the #MeToo movement and the call to action of the #TimesUp initiative have inspired a moment of intense cultural reckoning – and undeniable opportunity for progress. As these stories continue to come to the surface and move through both the justice system and the court of public opinion, the personal sacrifices of these individuals must be met with an active desire for progress and accountability.

94 Ethical Boardroom | Spring 2018

Sally Afonso

Sally is a compliance advisor within the ďŹ nancial services industry Necessarily, the focus so far has been on individuals, through protecting those who speak up; encouraging others to speak out; punishing people who committed abuse and did harm; and engaging communities in challenging conversations about consent, disclosure, harassment, abuse, power, authority and privilege. Listening to, believing and learning from survivors and those who wish to bear the new societal norms of a safer, fairer future must continue. While the public discourse thus far has focussed on hearing and supporting individual disclosures, now is the time for

decisive organisational action. Society is ready to hold institutions responsible for doing better and organisations must do the hard work of preparing to meet and exceed this challenge. All too often, the courageous narratives of individuals who have spoken out about their stories have revealed that the people that hurt them did so in abuse of their power and prominence within the institutions that at best did not identify or stop them, and at worst protected and promoted them. Furthermore, survivors were frequently prevented from advancing in their professions or working at all, in many cases with employment opportunities withheld or oppressive, coercive working conditions imposed.

Responsibility | Regulatory Compliance

As corporate social responsibility initiatives by organisations on a variety of political and social issues have shown, organisations can make a major impact in communities by engaging in the issues that matter to them and to society at large. Corporations and their leaders are responsible for rejecting indifference or ambiguity and, instead, must express their values and position their business strategies and identities in relation to them. Routine statements by human resources officials, quiet leaves of absence or resignations from wrongdoers, and unconvincing denials of knowledge and expressions of regret by executives will no longer suffice. Organisations can’t ignore that the pursuit of justice demands decisive and impactful change within their own ranks. Executive boards have to make commitments to organisational change and set their intentions towards an authentic standard for corporate social justice. This requires corporate boards and senior management to provide institutional responses to the misconduct of individuals and the power structures that empowered them. Organisational leadership must acknowledge that they are accountable for previous inaction in stopping, identifying or punishing abusers and move toward fixing or changing the organisational power structures that allowed misconduct to persist. In order for organisational justice to be truly valued and promoted at all levels of corporations and institutions, the most visible and powerful individuals inside these companies need to commit seriously – in statements, actions and ongoing dedication of resources – to progress. Therefore, executive boards and senior leadership must be at the forefront of providing concrete support for corporate change amid the current cultural reckoning about sexual harassment and abuse in the workplace. Board members, leaders and senior managers of organisations can and must lead this transformation with their statements and their actions, publicly and internally. Corporate compliance programmes should have a direct line to executive boards to lead the way in correcting and improving the failed or inadequate corporate control and defence structures, which must be repaired in order to promote organisational justice and accountability. Leadership can focus on five concrete areas for systemic corporate change. First, the tone at the top in response to these discussions must address the risks present in the organisation and connect directly to the business values that support its culture. This tone has to be backed up with material conduct, also from the top, to operationalise change and imbed the principles behind it. Second, the tone expressed and conduct

modelled must be backed up by consistent, visible enforcement in the event of discovery or disclosure of violations, or self-analysis in the case of inadequate controls or a culture of non-compliance. Third, executive boards should advocate for concrete, values-based policies that address the real, relevant risks. Fourth, these policies must be complemented by concise, accessible procedures that all employees can find, understand and use. Fifth and finally, leaders must consider innovative methods of employee education in order to go beyond training, to establish authentic awareness and create organisational fluency with compliance themes and requirements. Together, and guided by these five major concentrations, executive boards and corporate compliance programmes can lead the way in fixing broken or insufficient organisational structures and drive continuing disclosures in order to refine and improve change initiatives. These principles are necessary areas of emphasis from a corporate governance, compliance and risk management perspective to actively

A reliable expectation of accountability is the most important factor for encouraging individuals to speak up and out. Empty promises, false assurances and routine responses only serve to stifle expression and feed fear influence and improve corporate culture in order to help necessary change take root, firstly within the executive boardroom and then at all levels.

Not just tone, but also conduct at the top

The message executive boards present to employees and to the public is more important than ever. Executive boards must use their platforms to speak loudly and boldly, as bravely as individuals have already, about the need for change and the way they intend for it to take place. Board members must take advantage of their very visible roles at the top of corporations and their platforms within the public discussion to broadcast key moment messaging and make important statements that reflect cultural and behavioural standards within the organisation and the community. More than that, the words of the executive board must have meaningful action behind

them. It’s not just about the conduct to back it up. The tone at the top should be positioned not as a routine statement or a public relations obligation, but rather as a call to action. Therefore, concrete conduct by the board, with resource commitments to back it up, must follow to bring to life principles and practices based upon the values and ideals expressed. Whether it’s money to spend on personnel and programmes to support additional controls, or leadership support to make necessary changes to promote justice, organisations must put integrity and reform at the top of their planning, with financial and management support behind it. This can require radical transparency – organisations need to accept the necessity for change, despite the stakes that could be involved. Executive boards must engage in self-criticism and working past wrongdoing, even when that requires making personnel changes, exposing deep failures and misconduct and struggling to identify with demanding standards for honesty and truthfulness.

Consistent, visible enforcement

A reliable expectation of accountability is the most important factor in encouraging individuals to speak up and out. Empty promises, false assurances and routine crisis management-style responses by executive board members only serve to stifle expression and feed fear of negative attention. Instead, disclosures must be followed by investigations and then, in turn, by real enforcement actions. Through consistent, visible enforcement that is applied in response to all substantive reports of wrongdoing, corporate boards can demonstrate the responsiveness and accountability that injured employees need to allow them to step forward. Executive boards must be proactive in addressing misconduct and impacting corporate culture to allow for necessary and progressive organisational change. Whenever possible with respect to confidentiality or legal privilege, results should be shared from the highest level. The effect of this is two-fold. First, it serves the goal of transparency – in recognition of the commitment to the organisation’s values and to demonstrate to individuals who want to escalate issues that they will be taken seriously and treated with dignity and respect. Second, it aims toward deterrence –to show through disclosure of violative conduct and attitudes that future instances will not be overlooked, dismissed or tolerated. Both of these impacts from visibility of enforcement outcomes can help change to feed forward, by recognising positive progress as well as drawing bright lines for future behavioural and cultural expectations.

Spring 2018 | Ethical Boardroom 95

Regulatory Compliance | Responsibility

Concrete, values-based policies Executive boards must support compliance programmes in overhauling existing policies or creating new ones. Policies should clearly tie in with organisational values, making concrete the importance of these underlying principles to the business mission and identity and connecting that to expectations of behaviour in everyday employee activities and organisational strategy. Board members should urge policy creation that supports a corporate culture with protection of the vulnerable and punishment for the violators. Policies need to respond to real risks, by actively addressing the concrete problems rather than just giving lip service and sweeping the true inadequacies in the organisation aside. Executive boards can contribute to these policies by calling for organisational self-assessments and then being willing to hear about and act upon inadequate controls or insufficient systems. These policies must be linked to well-defined organisational principles, rather than just ticking the box and ignoring the real root causes and cultural practices.

Concise, accessible procedures

The above policies must be accompanied by practical procedures. The creation of reliable expectations for investigation and enforcement follow-through, and the provision of policies that are tailored to both values and risks, come together for the average employee to see and experience in the procedures. All employees should be able both to find the applicable procedures to read them and then to execute them when they need to use them. If the procedures employees rely upon to follow these important policies are too hard

to find, too impractical to execute, or impossible to understand, then they will not be useful or effective. Executive boards should insist that procedures are accessible enough to find and retrieve, possible to follow and easy to understand for all employee audiences and without undue burden. It’s especially important to consider the needs of the audience when planning delivery of the procedures to remote or diverse groups of employees, collaborating with compliance as well as line management to ensure that employees have engaged with them and ensuring that they are both simple and constructive.

With senior leadership enthusiastically and authentically modelling conduct as well as taking action to make defensive processes uniform and coherent, organisational change can move towards practices that respect and protect everyone, responsibly and effectively Go beyond training

While there will always be a place for webinars, pamphlets and classroom sessions, providing these can’t be the only response anymore, no matter how innovative their content and structure or how much money and time is spent on them. Organisations that value true progress will focus on effective communication and dilemma discussion, not just repeating generic principles and ticking the box to prove that compulsory training was provided. Executive

boards should consider more direct and interactive ways to reach employees, doing more than training by reaching instead for awareness and dialogue. Board members should encourage ongoing discussions rather than directives and decrees, conversations instead of campaigns. Awareness communications always need operational aspects, but these dialogues should share knowledge and give a voice to organisational sentiment, even – or especially – if it’s hard to hear. Consider enhancing relevance through targeting, by mixing theoretical and practical information to suit the audience members and, their levels or needs from their daily work. With the above principles as priorities, change to corporate cultures can emanate from the executive boardroom and from there, efforts to implement reform will have the necessary support and profile to be successful and sustained. Organisational cultures that ignore, enable, or even protect abusers or harassers must be regarded with zero tolerance and responded to with a real commitment to responsibility, transparency and serious reform. Following the above priorities puts executive boards in a position to empower individuals at all organisational levels to speak up and out about cultures of non-compliance and seek substantive and reliable justice. Executive boards must credibly commit to take on these tasks in order to give employees the necessary expectation that investigation, enforcement and action for reform will take place when needed. With senior leadership enthusiastically and authentically modelling conduct as well as taking action to make defensive processes uniform and coherent, organisational change can move towards practices that respect and protect everyone, responsibly and effectively.

SETTING TONE FROM THE TOP Enthusiastic leaders will ensure companies are respectful and responsible 96 Ethical Boardroom | Spring 2018


PLACE YOUR ADVERT HERE It’s the best way to

reach your audience that is spread over

60 countries to know the latest in

Board Leadership • Board Governance Technology • Activism & Engagement Regulatory & Compliance • Risk Management “Essential reading for boards who want to stay ahead of the governance curve”

Contact: Guy Miller email:

Regulatory & Compliance | Wells Fargo

Wells Fargo: Corporate board lessons learned? The Federal Reserve’s strong rebuke of the US banking giant highlights the need for a compliant culture For more than 150 years, Wells Fargo has been part of the US’s financial foundation. But on 2 February 2018, the bank suffered one of its lowest moments in corporate history. In an unprecedented move, the Federal Reserve publicly announced a first-of-its-kind enforcement action against Wells Fargo for its corporate governance failures and slow, if not glacial pace, of remediation. Perhaps not just a coincidence but 2 February was also the then-chairwoman Janet Yellen’s last day at the Federal Reserve. In a capitalist system, the government rarely, if ever, intervenes and shackles a corporate business from free and fair participation in the marketplace. Yet, in the face of a string of compliance disasters, culminating in dysfunctional corporate board governance and oversight of senior management and corporate operations, the Federal Reserve froze Wells Fargo from growing its business for at least a year, and possibly longer, while the bank implements governance improvements and risk management reforms. The message from the

98 Ethical Boardroom | Spring 2018

Michael Volkov

CEO, The Volkov Law Group Federal Reserve to Wells Fargo, from the top to the bottom, was to clean up the company, improve your board oversight and senior management operations and enhance your risk governance capabilities. Until Wells Fargo does so, its business is frozen. The Federal Reserve’s action, blocking Wells Fargo’s growth, is perhaps the strongest condemnation of a company’s overall leadership and direction that the government can impose. There is clearly a complete lack of trust right now between the government and the bank.

The road to perdition

The genesis of this debacle began years ago when Wells Fargo implemented a controversial sales incentive programme for its community bank. The programme was built on the simple phrase ‘eight for one’, meaning the goal of each Wells Fargo sales representative was to sign up each customer for eight separate accounts, including individual retirement accounts, credit cards, certificate of deposit accounts, and other retail banking products.

When the programme was designed and implemented, no one inside of Wells Fargo, at any level, raised a question about the risk of creating such an incentive programme. The CEO and the board later claimed that they were not aware of the programme nor did anyone ask their opinion of it. In a nutshell, the fundamental question has to be asked, ‘Why not?’. Wells Fargo did not need to consult with a risk and compliance programme specialist to understand the implications of the scheme. A sales incentive programme is built on incentivising sales and punishing those who do not meet the requirements. As I like to say, this was not a question of rocket science. Th is was a new programme that fundamentally called into question the board of directors’ commitment to its duty of care. If the board was not aware of the programme, that was a problem in its reporting and oversight of senior management. If the board was aware of the programme and approved it, that was a problem in its ability to assess risk and make informed decisions relating to the business. All in all, the Wells Fargo fiasco called into question the board of directors’ commitment to its duty of care.

Wells Fargo | Regulatory & Compliance

Looking back with perfect 20-20 hindsight, there are numerous questions to be asked, few that have been really answered, and more work that needs to be done to restore any semblance of trust between Wells Fargo, the government and its customers. Wells Fargo’s sales incentive programme had the immediate and disastrous impact that one would expect – personnel created nearly two million (yes, two million) fake accounts to meet the eight for one stringent sales targets. At the same time, employees in the community bank’s division were being terminated at an unprecedented rate, totalling nearly 5,000 employees over the first five years of the sales incentive scheme. Consumer frustration grew into complaints to state, local and federal government regulators. The City of Los Angeles quickly responded and initiated an investigation and was joined by the US Consumer Financial Protection Bureau (CFPB). The Office of Comptroller of the Currency later joined the investigation. Wells Fargo employees complained about the sales programme and the resulting sales pressure and increasing misconduct, strong-arm sales tactics and outright fraud. In perhaps one of the most telling aspects of the fiasco, eight whistle-blowers who reported misconduct ended up being fired for raising concerns in the company and several have brought active whistle-blower retaliation lawsuits against the company. The CFPB and the City of Los Angeles settled with Wells Fargo for a penalty of $185million. The OCC entered into a consent order for the bank to improve its corporate risk and governance functions.

The absence of board oversight and monitoring

In the face of these swirling corporate storms, the fundamental question is to be asked – where was the corporate board? What was it doing, if anything, to investigate and learn about this boiling problem within Wells Fargo? After much hand-wringing and delays, Wells Fargo’s board launched a major internal investigation of the incident, including serious issues raised about its handling of whistle-blowers. Former CEO John Stumpf, who denied knowing about the problems with the sales programme, has to answer for internal documents which show he was notified about the problem but failed to act. It is not clear whether Stumpf read the internal documents but there are real issues surrounding his knowledge and failure to act. Furthermore, Stumpf has to answer for something he definitely did do – he allowed Carrie Tolstedt, the senior executive responsible for overseeing the cross-selling

programme, to retire and collect a bonus of $124million. Stumpf has never answered for allowing this to occur after the scandal broke. Independent directors in April 2017 issued a scathing report around the Wells Fargo scandal. Based on its findings, Wells Fargo’s independent board took steps to clawback an additional $75million from Stumpf and head of community banking Tolstedt for sales abuses resulting from the sales programme. The independent directors found that the root cause of the sales practice failures was a decentralised management structure, coupled with an aggressive sales programme directed and controlled by senior management in the community banking operation. As a result, employees sold unwanted and even unauthorised accounts to customers to meet management sales targets. While the report lays blame in Wells Fargo’s decentralised management structure, a closer read shows how senior corporate executives, including Tolstedt, were able to resist oversight and accountability, while Stumpf and the board of directors failed to exercise proper oversight and accountability to uncover and prevent the disturbing sales

The question is whether Wells Fargo can make a real commitment to change. Even with the commitment of a new senior leadership team, Wells Fargo’s cultural damage has occurred at every level of its operations — from branches to mid-level managers and to the C-Suite practices, the termination of numerous employees for failures to meet stringent standards or engaging in misconduct to reach applicable targets. Stumpf, in the end, is called out on his failures to intervene, to blindly rely on Tolstedt, and avoid meaningful oversight and review of relevant information. Stumpf’s attitude was overly optimistic and reflected a wholesale denial in the face of real and serious questions about problems created by the sales incentives programme. His failure to act is perhaps the most damning portrait of all. Tolstedt is described, along with her executive colleagues, as a leader who resisted inquiries, management oversight and questioning of her authority. She deliberately misled the board by understating problems resulting from the cross-selling programme. The independent directors report,

however, casts fair criticism on the risk management committee of the board, the nascent and immature oversight of risk within the bank and failures to delve into information about the number of terminated employees in response to the sales incentives programme. The risk committee’s failure to ask for basic information was highlighted by one simple and glaring omission – it never knew the number of terminations of employees, which was more than 5,000 and a major red flag, in response to the sales incentives programme, until Wells Fargo settled its initial enforcement action.

Wells Fargo’s path back to redemption

The Federal Reserve’s action now puts into place a comprehensive remediation programme that Wells Fargo must satisfy before being permitted to regain its status in the marketplace. The new Consent Order between Wells Fargo and the Federal Reserve sets forth a comprehensive plan for the bank to improve its board governance and its risk management and compliance function. The question is whether Wells Fargo can make a real commitment to change. Even with the commitment of a new senior leadership team, Wells Fargo’s cultural damage has occurred at every level of its operations – from branches to mid-level managers and to the C-Suite. Acknowledging a problem is one step but implementing wholesale change is another. The Federal Reserve’s consent order requires Wells Fargo to submit three separate written plans. The first is to improve its board of directors’ effectiveness. The second is to improve its firm-wide compliance and operational risk management programme. The third requires Wells Fargo to conduct and complete by 30 September 2018 an independent review of its board’s improvements in effective oversight and governance and enhancements to its compliance and operational risk management programme. Following the integration of the improvements required by the order, the bank is required to conduct a second independent review to assess the efficacy and sustainability of the improvements.  With respect to the board of directors, Wells Fargo has to design and implement a plan to enhance the board of directors’ effectiveness to: ■■ Ensure the bank’s strategy and risk tolerance are aligned with the bank’s risk management capacity ■■ Ensure the board’s composition, governance structure and practices support its strategy and are aligned with its risk tolerance

Spring 2018 | Ethical Boardroom 99

Regulatory & Compliance | Wells Fargo CRACKDOWN ON CORPORATE AMERICA The Federal Reserve’s decision to cap Wells Fargo’s growth was an unprecedented move

■■ Ensure the board’s roles and responsibilities are not unfi lled for an undue period of time following departure of any board member ■■ Improve the board’s oversight of senior management ■■ Ensure senior management’s ongoing effectiveness in managing the bank’s activities and related risks ■■ Ensure that senior management establishes and maintains: (i) an effective and independent fi rm-wide risk management function; (ii) an effective risk tolerance programme; (iii) an effective risk identification and escalation framework; (iv) a comprehensive and effective risk data governance and management framework ■■ Ensure that compensation and incentives are consistent with risk management objectives and measurement standards, including consequences for violation of its policies, laws and regulations and adverse risk outcomes ■■ Ensure that comprehensive reporting will enable the board to oversee management’s execution of its risk management responsibilities, including measures taken to comply with the consent and provide the board with sufficient information to evaluate the operational and compliance risk management functions The list of requirements imposed on the board appear to be reinforcing basic corporate governance and oversight 100 Ethical Boardroom | Spring 2018

Building a new culture can only be done with the commitment of the board and senior management. To implement such a new approach, the board and senior management have to empower and unleash independent ethics and compliance functions to follow through on their commitment principles. It is a testament to how far the Wells Fargo board fell below basic governance performance. Many of you may brush these requirements aside as superfluous or unnecessary, but in the context of this scandal and Wells Fargo’s failure to act, these remedial requirements have to be satisfied before Wells Fargo can move forward.

Building Wells Fargo’s ethical culture

Wells Fargo stands as another testament to the consequences of ignoring ethics and compliance. The damage to its reputation is staggering and the ability of the bank to recover will depend on a sustained commitment to ethics and compliance and careful management of its business practices. In this situation, Wells Fargo would be wise to ensure that ethics and

compliance considerations are given appropriate deference and consideration in the future. While we look through the rubble of past corporate scandals, it is easy to see how instilling business ethics would inform corporate governance and protect a company from deviating from corporate governance norms. I am consistently amazed at how so many large companies with successful business records ignore the value and necessity for business ethics and compliance. A culture of ethics and compliance is an invaluable asset and very few companies have demonstrated a commitment to ethics and compliance as a long-term strategy for financial sustainability. Wells Fargo’s corporate culture was premised on circling the wagons and managers responded with defensive denials, almost a groupthink of delusions. Its culture did not embrace reports of wrongdoing but punished those who raised concerns in order to continue with a culture premised on a misunderstanding and paranoid strategy of preservation. Building a new culture can only be done with the commitment of the board and senior management. To implement such a new approach, the board and senior management have to empower and unleash independent ethics and compliance functions to follow through on their commitment. Such a process will take years of hard work, acceptance and commitment. Whether Wells Fargo can accomplish such a task remains to be seen.

At Home or Abroad, We Have You Covered Our trusted legal and business advisors can help you: Navigate the vast regulatory requirements of cross-border trade and supply chain security, and defend foreign companies in antidumping and countervailing duty investigations in the U.S. Anticipate U.S. sanctions that may apply, enforcement against non-U.S. companies, and changes under the Iran Agreement. Identify the rules and procedures of the many arbitral bodies, working within those structures to help clients resolve the disputes associated with cross-border transactions. Provide insurers, investors and brokers with insurance regulatory, transactional, tax advice and support. Enhance cross-border competitive positions through vigilant protection of copyrights, patents, trade secrets and other branding interests. LONDON Drinker Biddle & Reath (U.K.) LLP CALIFORNIA | DELAWARE | ILLINOIS | NEW JERSEY NEW YORK | PENNSYLVANIA | WASHINGTON DC | WISCONSIN Drinker Biddle & Reath LLP. A Delaware limited liability partnership.

Regulatory & Compliance | Culture

Compliance culture and excellent sheep In January 2018, three managers employed by a financial institution (FI) agreed to a settlement with the US regulator, the Financial Industry Regulatory Authority (FINRA). The settlement was reached in relation to FINRA’s allegation that the three managers had violated FINRA Rule 2010. Th is rule requires that in the conduct of business, its members ‘shall observe high standards of commercial honour and just and equitable principles of trade’.1 The managers had worked for the FI for several years and held positions in which they headed up specific product divisions within the securities line of business. They each had previously worked for other financial institutions. As with other regulated businesses, the FI was required to ensure that the managers and other staff received and took part in ongoing training. Similar to other global FIs, this training was delivered via an intranet-based e-learning system. Employees log on and work through a module, after which the employee needs to successfully complete a short exam to evidence their understanding of the materials. Records are kept by the FI, in part so that evidence can be given to their regulator that this training requirement has been satisfied.

‘Proxy’ trainees

Rather than complete each of the modules themselves, the managers, over several years, provided their log-in credentials to different administrative assistants and requested 102 Ethical Boardroom | Spring 2018

A cautionary tale for addressing organisational culture, processes and policies Samantha Sheen

AML Director, Europe ACAMS that they complete some of training modules for them. Essentially, the assistants were enlisted and asked to act as ‘proxy’ trainees for the managers. Among the modules completed by the assistants were the ones covering the annual compliance certification – Unauthorised Trading Awareness and Education Certification: Understanding Money Laundering, Terrorist Financing, Sanctions and Corruption and training on Global Records Management.

Regulator & FI response

FINRA in all three cases agreed to settle without admission of responsibility by any of the three managers. Each one received a censure and were required to re-sit the exam necessary to requalify for the statutory position they held at the time. Now this does not seem that harsh, relative to the unethical behaviour involved. After all, it is bad enough to cheat but to enlist the assistance of your subordinates to help you, is profoundly wrong. And it would be great to suggest that this conduct is exceptional. However, a quick internet search shows this is not the case. For example, in 2008 FINRA reached a settlement with another FI manager for

similar activity. In that case, the manager arranged for a junior employee to complete the firm’s e-learning course for him. Providing both his user ID and password to the junior employee, the manager later received a congratulatory email from the junior who wrote: “Please know that I have ‘helped* [name] and the other identified investment associates with this mandatory training and you have all passed with flying colors [sic].”2 What makes the current 2018 case interesting, however, is how the FI itself responded. Quite apart from FINRA’s censure (which is published and available online as part of the managers’ permanent disciplinary records), each of the managers in the 2018 cases were: ■ Required to pay a fine representing a percentage of their incentive compensation payment from the previous year ■ Issued a disciplinary letter ■ Required to retake selected e-learning modules These measures were not hidden away in some HR fi le but are publicly accessible. So that if a future employer were to conduct an adverse media check of these individuals, this information is easily retrievable.

Importance of culture in financial institutions

The point I found particularly egregious in both the 2009 and 2018 cases was the deliberate enlistment of subordinate or more junior staff to enable and perpetuate the unethical conduct. We often speak about the ‘tone from the top’, but how about for others outside of the executive suite?

Culture | Regulatory & Compliance This year the UK’s financial regulator, the Financial Conduct Authority (FCA), published a compendium of papers entitled Transforming Culture in Financial Services (collectively, the Culture Papers). 3 At the papers’ outset, it’s acknowledged that culture in financial services is widely accepted as a key root cause of the major conduct failings that have occurred within the industry in recent history.4 And there is an unequivocal recognition in the foreword by Jonathan Davidson, director of supervision for retail and authorisations, that a focus on culture is the responsibility of everyone in a firm. Davidson notes that: “It should be a collaborative effort, by all areas and at all levels – and industry must take responsibility for delivering the standards it aspires to.”5 So, clearly, in the cases I’ve described, there was a lack of perceived ownership on the part of the perpetrators of their behaviour and how it influenced the FI’s compliance culture. But why might this have happened?

The role of middle management in fostering compliance culture

The Culture Papers include a very interesting paper about the role of middle management.6 The authors found that while senior managers do influence culture by creating a tone that others follow, the role of middle managers is even more important because they translate top management expectations into front-line employee behaviour. Middle managers play a critical role in converting high-end strategic goals into work-related objectives for the rest of the staff. The problem, in terms of culture, begins when senior management set difficult-to-achieve goals. While some organisations see this as inspiring and motivating high-performance outcomes, it can, in other instances, dampen this objective. In their study, the authors found that some of the middle managers whose financial incentives were based upon the ability of their staff to meet these goals, realised they could not be met for a variety of reasons. However, instead of pushing back and telling senior management the goals were not realistic, the managers instead devised other ways to meet the goals by seeking out ’structural vulnerabilities’. These were activities or processes within their organisation that could be exploited to create fake good performance or conceal actual poor performance. This then allowed the managers to make look it as if the goals had been met. This, in turn, resulted in a false representation of performance being reported to the senior management. To achieve this, the managers had to coerce their staff to engage in multiple behaviours that made it appear as if the goals were being met and to ensure that those ‘structural vulnerabilities' were taken advantage of. In some cases, the managers used measures to

shame staff into cooperating with this ruse, as though to not take part in these activities was being disloyal or a bad team member. The staff who worked with or around these managers, knew what was going on. The authors found that front-line employees were uncomfortable with the behaviours they were expected to support or engage in. Many also called it unethical and fraudulent and resisted from having to take part as much they could.7 The authors found this surprising because other research suggests that a lot of unethical behaviour in business is ‘blind’ – employees engage in it without ethical awareness. But in the study, the majority of the front-line employees who took part were ethically aware.8 And for many of them, their attitudes toward the organisation and its leadership were quite negative because of the managers’ conduct. Having worked at FIs and as a regulator, I have seen and heard about the ‘toxic [middle] manager’. It’s quite amazing when you consider how often the presence of a toxic manager (or sometimes more than one) goes hand in hand with a compromised compliance culture and yet the problem persists. These managers, usually high performers from a commercial perspective, are also known for viewing compliance as a necessary evil or even an obstacle to work around. Known for being dismissive or even confrontational towards compliance personnel, the best their staff can hope

The potential influence that middle managers have on compliance culture means that there is still merit in trying to root out some rotten apples for is to have a more senior executive take the manager aside for a ‘quiet word’. They are rarely held to account and hardly ever challenged about their attitudes towards compliance. In his contribution to the Culture Papers, Professor Roger Steare, explains: “It is my experience that culture is best shaped, experienced and improved locally. Yes, the team cultures of the board and executive committee are critical to a high-performing, high-integrity firm. But good people will still exhibit poor conduct unless every leader and every team has the discipline to make good, principles-based decisions in every meeting.”9 Another of the Culture Papers’ contributors argues that organisations tend to think too narrowly about how they motivate employees’ behaviour, focussing on financial incentives to the neglect of these strong forces that organisations largely control – the direction they point employees in, the perspective they provide employees about

how to understand their goals and objectives and the positive social regard that propels them to act.10

Bad apples and excellent sheep

But one author from the Culture Papers uses an expression that I think best describes the manager culture dilemma described at the start of this article – ‘Bad Apples vs Excellent Sheep’. Forward Institute’s founder and director, Adam Grodecki, argues that we tend to overrate the importance of individual character and underemphasise the significance of context and the power of situations and incentives that compel behaviour. He argues that we overestimate the power of individual character and underestimate the power of environment and the company we keep. He calls this moving the conversation from ‘bad apples’ to ‘excellent sheep’ and how groupthink, pressure to conform and lack of internal challenge, form the basis of almost all post-crisis event reviews11 Grodeski suggests that the answer is not to ‘repair’ managers through ethics training, but to address organisational culture and the processes and policies that shape it. Grodeski says it best when he says: “We are all rewarded in some way for complying with organisational ‘norms’. Most of us in large organisations get ahead by playing internal politics, delivering on internal projects and building our internal network. Technical expertise is valued over broad perspective and, as we get more senior, we also tend to narrow in our outlook. So, over 10, 15, 20 years, many of us, whatever our background, come to see the world through the same lens as our colleagues. We lose valuable perspective, miss changes in the external environment and come to accept as ‘normal’ ideas and practices that are anything but.”12

Concluding thoughts

Establishing and maintaining an effective compliance culture is an ongoing challenge. The contributors to the Culture Papers make it clear this is no easy task and requires concerted effort and attention. When you look at the cases I’ve described, I think there’s value in addressing cultural challenge at both the individual and organisational level. The potential influence that middle managers can have on compliance culture means there is still merit in trying to root out some rotten apples. But when FIs, rather than firing or allowing managers to resign for unethical conduct, instead hold them to account, revoke incentives and require that they do the right thing, this sends a powerful signal to all employees that senior management is committed to a strong compliance culture and is not content to simply watch over a flock of ‘excellent sheep’. Footnotes to be run in full online.

Spring 2018 | Ethical Boardroom 103

Regulatory & Compliance | SMEs NO BUSINESS TOO SMALL SMEs may expect to be exempt from compliance but regulation still applies

How compliant are small businesses? Compliance is continuously rising on the corporate agenda. The past few years have seen a myriad of new legislation introduced in areas such as anti-corruption, data protection and trade sanctions. Moreover, the threats facing companies continue to remain in constant flux, thereby further raising the need for robust internal controls. CEO fraud and cybercrime are the latest catchphrases making the rounds at compliance seminars.

The perception of compliance among smaller and mid-sized companies or enterprises (SMEs) is a different matter though. Unlike listed companies, the

104 Ethical Boardroom | Spring 2018

A cost-effective, four-step strategy to reduce risk for SMEs Victor Rudebeck

Associate Director, Compliance, Forensics and Intelligence department, Control Risks concept of compliance is not often top of the agenda for many SMEs. Th is stems in part from the assumption that compliance inevitably comes with excessive costs and bureaucracy and therefore remains incompatible with commercial success. Increased regulatory scrutiny has also focussed on larger organisations and triggered a relatively relaxed response from many SMEs, which either consider themselves exempt from the scope of new

legislations or already sufficiently compliant to avoid further efforts in that regard. Take corruption as an example. The list of countries implementing more stringent anti-corruption legislation includes not only the UK but also France, Peru, South Korea and India. A feature of many of these legislative frameworks is a corporate liability associated with failing to adequately prevent corruption inside the organisation. For instance, the UK Bribery Act includes the requirement for companies to maintain ‘adequate’ anti-corruption procedures. However, a survey by the UK government of 500 SMEs found that only 17 per cent had any knowledge of the adequate procedures provision and the guidelines published by the Ministry of Justice to comply with that requirement.1 Another important legislation for SMEs is the EU’s new General Data Protection Regulation (GDPR). The GDPR, due to come

SMEs | Regulatory & Compliance

into force on 25 May 2018, will impose a number of new requirements to ensure companies process and store personal data securely. Although the legislation was first announced in 2016, SMEs seem ill-prepared for its imminent implementation. A survey in November 2017 of mainly mid-sized European companies noted that only eight per cent were on course for complying with the legislation.2 A similar study of SMEs in the UK from September 2017 found that 66 per cent had never heard of the GDPR, let alone what it is expected to cover. 3 SMEs play an important role in the economy by driving new innovation and research and contributing to gains in productivity. Encouraging SMEs to engage with compliance requires refreshed thinking around the scope of compliance, the value it brings to an organisation and how it can be effectively adapted to the modus operandi of an SME. As this article will show, a number of compliance solutions are readily available to SMEs that do not inflict high costs and burdensome administration. Four of them are discussed here below.

Defining programme ownership

The success of a compliance programme relies in large part on adequate support and resources being provided by management. Clear, unequivocal support for compliance, backed up by leadership by example does not cost much but likely constitutes the most significant contribution senior management can make to the success of a compliance programme. The moral influence of the owner and their closest management team in an SME further multiplies the importance of having a strong tone from the top. On the other hand, a weak or contradictory message from management risks undermining the substance of the compliance programme. When directors look the other way or even directly participate in fraudulent activities, other employees will be quick to follow suit. One of our clients suffered large scale fraud in the procurement department that had gone on for a number of years, including rigged tender bids, supplier kickbacks and procurement of false goods and services. The fraud scheme was allowed to prosper in spite of the client having a strict procurement policy in place that clearly set out the procedure for selecting and monitoring suppliers. An investigation into the scheme revealed that members of senior management directly supported the scheme in exchange for receiving a portion of the kickbacks. Defining what constitutes adequate support for compliance can often be difficult for SMEs. The compliance programmes of listed companies are typically maintained by one or several compliance teams, which are led by a chief compliance officer, reporting

directly to senior management. By contrast, many SMEs refrain entirely from making any recruitments specifically to support compliance-related activities. Ownership of the compliance programme is either added to the business owner’s long list of responsibilities or shared across other existing departments, such as legal and finance. However, such an approach is problematic for several reasons. First, it muddles transparency and accountability. The fact that an SME owner often decides for everyone and answers to no one leaves him or her ill-suited to also perform the checks and controls required to preserve the integrity of the business. On the other hand, where several departments are involved, there is a risk of compliance falling between different chairs, thereby complicating the task of allocating responsibility for a specific compliance breach or deficiency incurred. Second, it raises the risk of a conflict of interest in the delivery of the programme where the team or individual investigating a compliance breach is also directly implicated in the reported wrongdoing. In our experience, the majority of SMEs in the current regulatory environment will struggle to run an effective compliance programme solely as an add-on to existing back-office operations. Appointing a designated compliance officer is a more advisable option in that regard.

Designing internal controls

became subject to a claim for unfair dismissal brought by a former employee as a result of a €0.5million loss from a failed shipment. The company claimed the employee had acted on his own behest in making the shipment without seeking management approval in an attempt to cover up losses elsewhere. However, the company lacked any formal controls for reviewing proposed shipments, with approval often given verbally by management. The employee also maintained that he had received verbal approval from the CEO before proceeding with the shipment. At the same time, SMEs should also be wary of not overstretching the scope of their compliance programmes. Several studies have found that smaller companies often try to benchmark their compliance programmes against those of larger, listed companies. This will not only prove costly and cumbersome to implement but also likely unsuccessful in addressing the risks the companies face. A more effective approach begins instead with documenting the internal controls already in place to identify best practice across the organisation and modify or reinforce procedures where needed. Where gaps are identified, additional controls carefully tailored to the company’s risk profile, should be considered. Less is often better under such circumstances. For instance, a code of conduct that clearly states the company’s expectations, outlines acceptable behaviour and presents viable options for asking questions and raising concerns can go a long way towards bringing lasting improvements in compliance.

A flat organisational structure coupled with flexible decision-making and a culture of trust between management and the employees is often seen as instrumental Addressing third-party risk to the success of SMEs. Many SME owners Compliance is not exclusively an internal would also consider such a model matter. The US Foreign Corrupt Practices Act incompatible with the layers of rules and and other anti-corruption procedures normally legislation include corporate underpinning a Encouraging liability for corrupt activities compliance programme. undertaken by business The cost of inadequate SMEs to engage partners, such as sales governance can, however, with compliance agents, distributors and be significant. A client requires refreshed consultants. Verifying in the mining industry that third parties engaged suffered a six-digit fraud thinking around by the company maintain loss at the hands of its the scope of satisfactory compliance external trustees that had standards also reduces the been given full control compliance, the risk of inadvertently being of the books and records value it brings to implicated in fraud schemes without any meaningful originating from outside supervision from anyone an organisation of the organisation. For within the company. and how it can instance, a pharmaceutical A lack of internal be effectively client became victim of controls also complicates a CEO fraud after the the task of proving adapted to the fraudster had hacked into responsibility after the modus operandi a supplier’s email account fraudulent activities have and issued the company been detected. An SME of an SME with false invoices. in the shipping industry

Spring 2018 | Ethical Boardroom 105

Regulatory & Compliance | SMEs Th ird-party compliance risk is most effectively addressed through a due diligence or screening programme that examines the activities and background of each third party. The reference to due diligence often draws comparisons to extensive legal teams required to coordinate the reviews of third parties. However, this does not have to be the case. First, the company should ensure as much information as possible is provided by the third party itself through the completion of compliance questionnaire, backed up by relevant supporting documentation. The questionnaire should cover areas such as beneficial ownership, financial information, compliance policies, etc. Second, subsequent internal reviews should prioritise third parties with highest perceived risk based on, for example, their country of residence, level of interaction with government officials and type of industry. While no compliance programme is ever 100 per cent secure, risk-based due diligence ensures the available resources are focussed where most needed.

Using technology effectively

The role of technology in delivering compliance is often misunderstood. Although IT provides the platform through which a large part of the programme can be delivered, having the right tone from the top and a strong compliance culture are more essential to laying the foundation for its success. Nevertheless, technology can provide vital support in ensuring the programme is successfully implemented and adhered to. The key is to identify the parts of the business most in need of a technological solution to help drive stronger

compliance practices. Investment in advanced, programmatic solutions is not a prerequisite. For instance, data analytics is an important tool to proactively monitor the compliance programme’s performance, for example, by analysing transactional data in real-time as it is entered into the accounting system. In such way, the company can detect and address suspicious activity before the fraudulent transaction is completed. Companies processing large quantities of data from multiple sources will likely require a bespoke database system, integrated into the existing IT infrastructure, through which

As compliance is becoming an increasingly important success factor, the onus is on SMEs to adopt compliance as an integral part of their business model to run the analysis. Companies with smaller data volumes have the option of more cost-efficient solutions that involve refining the systems already in place. Th is includes refining the accounting system to automatically highlight certain changes to supplier data or transactions that meet high-risk criteria (e.g. high, round amounts) that will be processed for further review. Similarly, employee expenses present to most companies a high-risk area for bribery and corruption. Many SMEs still use rather rudimentary tools, such as Excel spreadsheets, to process and monitor employee expenses. Th is raises the risk of fraudulent or illegal expenses being

reimbursed as a result of false expense claims, circumvention of approval controls or an inability to monitor expenses centrally within the organisation. Expense report software is available at relatively minor costs to SMEs and helps to address such risks a lot more effectively. SMEs are often distinguished by a number of unique features that help to explain their success, including a flat organisational structure and flexible decision-making. However, the same characteristics also leave SMEs more exposed to the risk of fraud and other regulatory missteps taking place, especially in light of the heightened scrutiny by regulators worldwide. Further efforts are therefore required to improve compliance standards within SMEs. Contrary to popular perception, this does not need to involve high costs or excessive bureaucracy. Simply having a clear message of support from management of compliance-related activities goes a long way towards establishing a successful compliance programme. Other cost-efficient solutions can further strengthen the internal control environment, including the screening of third-party business partners and the use of technology to monitor suspicious transactions in real-time. As compliance is becoming an increasingly important success factor, the onus is on SMEs to adopt compliance as an integral part of their business model. 1 HM Government, Insight Into Awareness And Impact Of The Bribery Act 2010, 2015. 2European Business Awards, 92% of European Business Are Unprepared For GDPR, 17 November 2017 3Employeebenefits., 66% Have Not Heard About GDPR Legislation, 25 September 2017.

TACKLING THE RISK OF EXPENSES FRAUD Software is available to SMEs at minor cost 106 Ethical Boardroom | Spring 2018

Direct to your Door! Email our team now at

Regulatory & Compliance | China

Compliance in Chinese banks: Playing catch-up While Chinese regulators have made it clearer than ever that anti-money laundering (AML) is a major priority for the People’s Bank of China (PBOC), recent enforcement actions in the US and European Union against Chinese banks point to a different picture regarding AML compliance in these institutions. Apparent weaknesses within China’s fi nancial supervisory system have been highlighted in recent years through several money-laundering investigations across the world involving Chinese banks. China has responded to increased criticism by making ongoing improvements to its AML regulatory framework, but it appears to be more concerned with controlling the outflow of money from the Chinese fi nancial system. Meanwhile, the broader issue of money laundering through Chinese fi nancial institutions remains an international concern.

Industry perspective analysed

To assess global industry trends, AlixPartners conducted its 2017 Global Anti-Money Laundering And Sanctions Compliance Survey of 361 fi nancial institutions to gauge how institutions are addressing the challenge.1 Based on the survey results, we have identified key trends and challenges that all fi nancial institutions globally should address in 2018 and beyond. These are most certainly relevant to Chinese banks as well.

Board of directors

The penalties for not complying with ever-evolving AML regulations are steep and have the full attention of most bank boards of directors and senior management, many of whom are already besieged by an assortment of competing challenges. Although we may assume boards stay engaged in issues like AML, 20 per cent of all survey respondents said they do not provide AML training to their board or are unaware whether the board is being briefed on AML-related matters. Looking at Chinese respondents only, this percentage is significantly higher, pointing to a potentially systemic weakness in AML-related governance at Chinese banks.2 108 Ethical Boardroom | Spring 2018

Although already under significant scrutiny, more action is needed to stop money laundering Sven Stumbauer

Managing Director, Global Anti-Money Laundering and Sanctions Practice Lead, AlixPartners Boards and senior management should set the tone for their organisations by creating a culture of compliance. Boards of directors have a duty to ensure that their financial institution reaches not only its financial goals but also achieves its regulatory, compliance and corporate governance goals. For a board to be effective in AML-related matters, at a minimum it should: ■■ Set the tone at the top and be fully engaged ■■ Ensure that compliance is a priority that is not subordinated to revenue interests ■■ Share AML information throughout the organisation ■■ Provide adequate human and technological resources ■■ Ensure that the AML compliance programme is effective and has been tested/benchmarked independent of the day-to-day AML compliance function While there has been increased awareness among senior management at Chinese banks, many are still playing catch-up in having their board of directors fully involved in AML-related issues.

The buck stops here

If compliance officers are bootstrapped and cannot obtain adequate support and resources, then it’s likely that the fi nancial institution’s leadership has not seriously engaged in and prioritised AML compliance – or that leadership and the board of directors have not been fully briefed about the necessity to invest in AML compliance. According to our survey results, 32 per cent of all respondents consider their AML compliance budget inadequate or severely inadequate. For Chinese respondents, this figure is 47 per cent, indicating that while AML compliance matters might be ‘on the radar’ of senior management that

If compliance officers are bootstrapped and cannot obtain adequate support and resources, then it’s likely that the financial institution’s leadership has not seriously engaged in and prioritised AML compliance isn’t sufficient and additional investment is still necessary. Although there has been significant press coverage about increases in headcount in AML compliance functions at Chinese banks domestically and abroad, the robustness of a bank’s AML compliance structure is not only a matter of resources and headcount. It is also a matter of the quality and effectiveness of the controls being implemented, adequate systems supporting the internal controls and a full understanding of the AML risks posed by products, customers and counterparties.

China | Regulatory & Compliance RED FLAGS Concerns still exist around China’s AML controls

De-risking and strange new friendships

De-risking and the exiting of certain correspondent relationships has been a growing phenomenon in the US and Europe. Due to the increased risk of regulatory enforcement, US and European banks exited correspondent banking relationships, opening the door for banks in other jurisdictions, particularly in China, to fill the gap, even outside of traditional trade routes or geographic associations. The increasing cost of more stringent AML rules and regulations in the US and Europe, coupled with enforcement action has driven large US and European banks to de-risk by eliminating many correspondent banking relationship. This has opened the door for banks in other jurisdictions, particularly in China, to fill the gap, even outside of traditional trade routes or geographic associations.

The AlixPartners’ global survey confirms that trend. While 63 per cent of respondents globally stated that they experienced de-risking in one form or another, the percentage of respondents from Asia in general and China in particular, is below five per cent. This low percentage created nested relationships that often led to increased risks of money-laundering and sanctions breaches or have been abused for money laundering and bypassing various sanctions regimes. Some Chinese banks have been ‘benefactors’ of this trend, establishing business relationships with certain financial institutions that have become essentially un-bankable by US and European financial institutions due to their actual or perceived level of AML and/or the sanction risk they

may pose. However, some mainland Chinese banks have established new relationships with these financial institutions, offering a vehicle to process transactions. Boards of directors and senior management need to pay close attention to these types of high-risk relationships. They must determine whether the current risk management practices are adequate to comply not only with local AML rules and regulations, but with global standards as well. In addition, given this trend, US and European financial institutions will most likely put greater scrutiny on Chinese financial institutions to avoid processing transactions on behalf of financial institutions with whom they have cut ties in the past and now have resurfaced at a new home at a Chinese bank. Spring 2018 | Ethical Boardroom 109

Regulatory & Compliance | China No board of directors, whether in China or another jurisdiction, wants to be known for prioritising profits over compliance with AML rules and regulations. The resulting reputational damage and potential enforcement actions would certainly have an impact on the growth that mainland Chinese banks have experienced over the last decade through their global expansion.

Crimes Enforcement Network (FinCEN) found Bank of Dandong to be of ‘primary money laundering concern’ for serving as a gateway for North Korea to access the US and international financial systems, despite US and UN sanctions. 3 FinCEN’s Notice of Proposed Rulemaking (NPRM) in relation to the Bank of Dandong, highlights the facilitation of millions of dollars of transactions for companies involved in Improving compliance North Korea’s weapons of mass destruction It’s important that Chinese banks focus on (WMD) and ballistic missile programmes. AML compliance holistically across their Bank of Dandong also facilitates financial organisations and that they have active activity for North Korean entities designated involvement from the head office’s board by the United States and listed by the UN for of directors. Also, it is critical that Chinese proliferation of WMDs, as well as serving as banks adopt AML policies and procedures front companies acting on their behalf.  that follow the letter and the spirit of On 2 November 2017, FinCEN finalised this the law, regulatory expectations rulemaking by imposing a prohibition on US across the various jurisdictions financial institutions from they operate in and leading opening or maintaining Without industry practices. This effort correspondent accounts should be spearheaded by the significant board for, or on behalf of, Bank of board of directors. Without involvement, significant board involvement, Chinese banks Chinese banks will continue to face exposure to investigations will continue to and potential regulatory action face exposure in the US and elsewhere. Though this is a challenge to investigations for most financial institutions and potential that operate globally, it seems to be a particularly significant regulatory challenge for Chinese financial action in the institutions as they mature US and globally and expand. Once the board has provided an overall compliance strategy, it is senior management’s responsibility to implement a global standard across all jurisdictions. This strategy must meet strict legal requirements as well as regulatory expectations and leading industry practices CHECK ON in the different jurisdictions. To operate GROWTH in a global environment, Chinese banks Chinese global should consider revisiting and potentially banks risk further enforcement action enhancing the following:

facilitate monetary transactions in US dollars through the US on behalf of sanctioned entities in North Korea and then launder those proceeds, including in and through US financial institutions. The DOJ recently took the unusual step of obtaining so-called anticipatory ‘damming’ seizure warrants to try to obtain substantial funds held in US bank accounts belonging to five Chinese companies that allegedly were used to hide transactions with North Korea using US currency in violation of US sanctions and money laundering laws.

Dandong. Prohibiting Bank of Dandong from accessing the US financial system – directly or indirectly – helps protect the US financial system from the illicit finance risks posed by Bank of Dandong and serves as an additional measure to prevent North Korea from accessing the US financial system. Similarly, the Bank of Dandong was referenced in a civil forfeiture action filed by the US Department of Justice (DOJ) in September 2016 in the District of New Jersey, which sought the forfeiture of funds held at the Bank of Dandong and other Chinese banks. Emphasising certain connections between China and North Korea, the funds at issue allegedly represented the proceeds of a conspiracy to evade US economic sanctions using a Dandong, China-based trading company and several front companies,

AML and sanctions compliance as they expand their global footprint. Specifically, it will be necessary to ensure boards of directors are involved holistically across all jurisdictions to prevent further regulatory enforcement actions and to bring meaningful change to AML and sanctions compliance efforts. While legal and cultural differences exist between Chinese and US/European systems, a globally operating bank needs to adapt to global standards and local legal and regulatory requirements.

■■ AML risk assessment of their products and customers ■■ AML risk assessment of their counterparties, especially their correspondent banking relationships ■■ Customer due diligence/enhanced due diligence efforts ■■ Automated transaction monitoring systems to detect potentially suspicious activity ■■ Reporting suspicious activities to the various authorities

Sanctions compliance

Another challenge, often closely cited with AML compliance, is compliance of Chinese banks with sanction regimes, mainly the US Office of Foreign Assets Control (OFAC) sanctions. For example, the US Financial 110 Ethical Boardroom | Spring 2018

Looking ahead

Both AML and sanctions compliance will continue to pose a significant challenge for Chinese banks as well as all banks operating internationally. However, given the investigations and enforcement actions that have occurred over the past years, it would appear that Chinese banks are still playing catch-up and need to increase their focus on

Source: insights/2017-global-anti-money-laundering-and-sanctionscompliance-survey/#sm.0010h2mtliiddfj118y29eeeymgf4 2 Includes respondents both from mainland China and Hong Kong 3 -releases/fincen-further-restricts-north-koreas-access -us-financial-system-and-warns-us 1

If the board is thinking about it, we’re talking about it. Since 1999, KPMG’s Audit Committee Institute has been helping boards and audit committees focus their agendas on what matters most. For timely insights and informed, board-level perspectives on top-of-mind issues, visit Audit Committee Institute

© 2015 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.

Regulatory & Compliance | Anti-corruption

Jurisdiction over corruption

Understanding global enforcement trends can help inform company strategy Those with responsibility for conducting business across international borders immediately understand the significance of transnational anti-bribery enforcement. The headlines are hard to miss: multinational organisations held accountable for corrupt payments to foreign public officials, subjected to crippling fi nes or criminal prosecutions and required to undertake extensive remedial measures to guard against further misconduct. With so much on the line, individual enforcement actions are carefully scrutinised for indications of the authorities’ expectations and intentions – particularly by companies in the same market or industry. Th is attention to specific enforcement agendas and patterns is essential for any global company – not just to avoid becoming the next one under the spotlight, but to effectively align its compliance programme with the practical aims of the law. Anti-bribery statutes are broad in scope and adaptable by design to the endlessly variable forms in which corruption may appear. Observing their practical implementation can help a company identify typically problematic scenarios – learning from the mistakes of others – and take pre-emptive steps to navigate the dangers they exemplify. Sometimes, though, it can be useful to step back from the details of specific cases and examine larger-scale trends in global anti-bribery enforcement. Which countries are stepping up their prosecutorial activities? Which industries are coming under investigation most heavily? Are bribe-paying companies pursued differently by the jurisdictions in which they are headquartered compared to the jurisdictions in which the bribes were paid? Where are the bribes coming from and where are they going? These questions have a certain practical importance: the answers can help inform long-term planning and strategy, while aggregate comparisons can help signal shifts in regulatory focus and priority. But 112 Ethical Boardroom | Spring 2018

Robert Clark

Legal Research Manager, TRACE International we can also learn something by looking at the context in which these trends have occurred. To do that, we need to think about the specific nature and history of the issue at hand. After all, corruption as such is nothing new and its avoidance is among the most general of ethical obligations. But we are particularly concerned with transnational bribery as a specific form of corruption and a unique object of enforcement. Why is that and what does it mean?

The three types of enforcement Although ‘transnational bribery’ could, in principle, refer to any bribery involving persons of different nationalities, the activities that we are concerned with have

The most prominent enforcement actions are typically those in which a country exercises its jurisdiction over the entity — usually corporate — that is ultimately responsible for the payment of a bribe in another country two additional characteristics: they are directed at public officials and they are aimed at securing a business advantage. For example, the US Foreign Corrupt Practices Act (FCPA) prohibits giving or offering anything of value to ‘any foreign official’ for the purpose of ‘obtaining or retaining business’. More succinctly, we can look to the title of the primary international instrument concerning such laws, the Organisation for Economic Co-operation and Development’s (OECD’s) Convention on Combating Bribery of Foreign Public Officials in International Business Transactions. Within this restricted scope, a case may involve many players. The governmental side is usually the more straightforward,

with a single official as the recipient of the bribe (however broad the meaning of ‘official’ may be). The business side of the transaction is more complex. While it’s possible for a company to affi rmatively pursue bribery of foreign officials as a strategy to expand business opportunities, it is more common these days to fi nd the corrupt activities carried out by rogue subsidiaries, employees, or agents. The actual corrupt activities may be conducted by residents of the official’s own jurisdiction, with the transnational character of the incident resulting solely from the location of the parent company. While the variety of possible actors invites a range of analyses – one might look, for example, at how the brunt of enforcement falls comparatively on the corporation and on the responsible individuals – a more basic classification focusses on two things: which jurisdiction carries out the enforcement and which side of the corrupt transaction is targeted. The most prominent enforcement actions are typically those in which a country exercises its jurisdiction over the entity – usually corporate – that is ultimately responsible for the payment of a bribe in another country. Th is type of enforcement is carried out under the FCPA, the UK Bribery Act and similar laws prohibiting bribery of foreign officials. For present purposes, we can call it ‘Type 1’ enforcement. At the same time, a bribe-paying entity (or its bribe-paying foreign subsidiary) may fi nd itself subject to the jurisdiction of the country in which the bribe took place, under laws prohibiting bribery of domestic officials. Although such actions – call them ‘Type 2’ enforcements – may receive less worldwide attention than their Type 1 counterparts, they remain a significant component of the global deterrence regime. Finally, the recipient officials can be held liable by their own governments – civilly, criminally or administratively, depending on the law of the domestic jurisdiction. With these ‘Type 3’ enforcements we appear to have exhausted the schematic possibilities, as domestic officials will generally not be subject to foreign jurisdiction.

Anti-corruption | Regulatory & Compliance

UNDERSTANDING ENFORCEMENTS Paying attention to global trends can improve a company’s compliance


Official Corporate

Jurisdiction Foreign Domestic — Type 3 Type 1 Type 2

Trends of the past year

The above categorisation gives us a helpful way to think about and to track the

development of enforcement actions around the world. Focussing only on the fi rst type would fail to capture the full range of activity, while failing to distinguish among types would lead to a blurring of our perception. To put such distinctions to use, we need concrete information about how the laws are being enforced. To that end, my organisation, TRACE International, maintains a publicly

available online database of all known transnational bribery investigations and enforcement actions. From this database – the TRACE Compendium – we can analyse which governments are pursuing such actions, where the bribery in question has taken place, the extent to which different industries are involved and other information relevant to understanding global enforcement trends. Spring 2018 | Ethical Boardroom 113

Regulatory & Compliance | Anti-corruption The past year had its share of notable developments, as reflected in TRACE’s annual summary publication, the Global Enforcement Report (GER). The United States saw a drop (unsurprising, given the previous year’s record-setting total) in the number of matters resolved under the FCPA (14 in 2017), but substantially kept pace with the past decade’s average. Agencies across Europe for their part maintained a steady increase in their Type 1 enforcement activity, particularly in the United Kingdom. Meanwhile, there was a notable expansion in the number of jurisdictions undertaking investigations into foreign bribery of their domestic officials (Types 2 and 3) – increasing from 72 countries in 2016 to 82 in 2017. The newcomers include both well-off European nations (France, Norway, Portugal) and developing states in the Americas (Antigua and Barbuda, the Dominican Republic) and Africa (Malawi, Sierra Leone). Nineteen countries were either investigating or had completed enforcement actions against public officials in 2017 (Type 3).

Situating the trends

of the post-war framework for international commerce. Th is movement towards globalisation had also provoked a backlash, memorably dramatised in the protests surrounding the WTO’s Ministerial Conference of 1999 in Seattle. While all of this was afoot, the OECD was at work drafting its own Anti-Bribery Convention, under which its members and other signatories would be required to enact their own laws prohibiting transnational commercial bribery of foreign officials. Looking at the document’s preamble, we can detect a slight shift in rationale: foreign policy and shareholder rights are no longer the primary concerns, but the ways in which bribery ‘undermines good governance and economic development’ in the recipient’s country and ‘distorts international competitive conditions’ that are central to free trade’s economic justification. These concerns weren’t unique to the OECD, which ADDRESSING CAUSE OF CORRUPTION Developing countries compete to attract foreign investment

These figures carry a straightforward lesson: enforcement against transnational bribery offenses remains a worldwide priority. Can the numbers also help us understand why? Some context would be helpful. When the FCPA was enacted in 1977, Washington was coming to terms with what the Watergate investigation had revealed about the common use of corporate slush funds to buy political influence – both at home and abroad. The legislative debate identified two specific forms of corruption this practice effected: evasion of shareholder accountability and interference with US foreign policy. These We neither concerns help situate two can nor should of the new law’s distinctive features: a strict mandate that cited and welcomed parallel ignore the financial records be accurately actions being taken by the importance maintained and a specific United Nations, the World of domestic exclusion of run-of-the-mill Bank, the International ‘facilitation payments’ from the Fund, the WTO politics, popular Monetary scope of the bribery prohibition. and other supranational pressure and It is commonly observed that institutions to combat the the FCPA was rarely invoked in bribery of public officials. ethical ideals the two decades immediately It was at the end of in advancing following its passage, with US this period of growing agencies concluding an average international preoccupation the global of only one-and-a-quarter corruption – culminating anti-corruption with enforcement action per year. in the United Nations’ agenda The enforcement rate started to adoption of its Convention pick up in the late 1990s and Against Corruption in 2003 early 2000s, but by then there had been a – that transnational anti-bribery dramatic shift in the geopolitical landscape. enforcement came into its own. The very next The end of the Cold War had fundamentally year saw a worldwide surge in activity, with altered the aims of western foreign policy, 13 distinct enforcement events, compared with free trade assuming a central place to only two in the previous year. Growth among global priorities. The World Trade remained exponential for the rest of the Organization (WTO) came into operation in decade, eventually settling into steady gains 1995, the capstone of a thorough revamping punctuated by occasional spikes (most 114 Ethical Boardroom | Spring 2018

notably in 2016 with more than 100 enforcement events). Although the laws being enforced are geographically neutral – indifferent to which borders the bribes are crossing – we can see a certain pattern when we distinguish the enforcement activity by type. As reported in the GER, among the countries that have concluded the most Type 1 enforcement actions since 1977, the top five are the United States, the United Kingdom, the Netherlands, Denmark and Germany. In contrast, the tally of Type 2 and 3 actions is led by Algeria, China, Nigeria, South Korea and – in a tie for fifth place – the United States and Cuba. The remainders of the two lists shows a similar disparity between countries in the ‘developed’ and the ‘developing’ worlds. In short – and as one would expect – the pattern of enforcement can be seen as roughly tracking the global flow of investment capital and development funding.

Shifting perspective

This analysis – speculative and tentative as it is – suggests a possible interpretation of global enforcement trends as driven by national economic interests. Presented with a new range of trade opportunities near the end of the last century, but also faced with popular outrage at the global trade regime’s perceived harms, the former ‘first world’ countries recognised that those harms needed to be addressed in order to preserve the legitimacy and morality of their economic endeavours. Corruption is understood as the root cause of those harms – and as the biggest impediment to extending the benefits of globalisation to all. The scope of concern is broadened from protecting shareholders and maintaining the balance of power to improving the lot of the global populace through free trade, fairly conducted. On the other side, developing countries find themselves in competition to attract foreign investment. Given the emergent demand for clean business-practice environments – driven in part, of course, by the increase in Type 1 enforcement – these countries have an incentive to demonstrate a good-faith and successful effort to reduce corrupt practices within their governments (Type 3) and to cooperate in prosecuting the foreign sources of bribes (Type 2). Th is perspective does not aim to reduce anti-corruption efforts to a set of bare economic calculations. We neither can nor should ignore the importance of domestic politics, popular pressure and ethical ideals in advancing the global anti-corruption agenda. At the same time, acknowledging the role of self-interest and the historical context in which it expresses itself, can help us stay attuned to the reasons for particular patterns and trends and to adjust our own focus and aims as anti-bribery enforcement continues to evolve.

Steinenring 60, 4051 Basel, Switzerland +41 61 205 55 11

Regulatory & Compliance | Corruption

Advocating together to reduce corruption Collective action is the only way to tackle financial malpractice Around the world, governments’ efforts to curb corruption in the public sector show little sign of progress. A few high-profile cases do not necessarily lead to greater integrity throughout the economy. How can businesses navigate an increasingly globalised marketplace when bribes and kickbacks remain an issue worldwide?

Over the past few years, corruption has emerged as a key concern for global leaders in politics and business. In 2016, then-UK Prime Minister David Cameron convened an anti-corruption summit of world leaders in London, memorably calling Afghanistan and Nigeria ‘fantastically corrupt’ in a

Angela McClellan

Senior Advisor, Business Integrity Programme, Transparency International conversation with the Queen recorded on a ‘hot mic’. The African Union declared 2018 the year of anti-corruption and the theme of the recent Summit of the Americas in Peru in April was ‘democratic governance against corruption’. The UN Sustainable Development Goals (SDGs), adopted in 2015, put anti-corruption efforts firmly on the agenda of governments, businesses and civil society through goal 16, which highlights peace, justice and strong institutions. Beyond that, there is a broad consensus that curbing corruption is a prerequisite for achieving all the other goals, whether they address energy, infrastructure, climate change, economic growth or other areas. Lessons from the decades-long anti-corruption fight show that corruption

can only be reduced if the supply side is addressed, as well as the demand side. Bribe-paying businesses have to be tackled, as well as bribe takers. Since the Organisation for Economic Co-operation and Development (OECD) Anti-Bribery Convention was signed in 1997, laws introduced around the world, such as the US Foreign Corrupt Practices Act (FCPA) or the UK Bribery Act, criminalise foreign bribery or mandate companies to implement robust anti-corruption compliance programmes. Similarly, the key performance indicators of SDGs highlight the responsibility of businesses to reduce the number of bribes paid to public officials. When companies fail to uphold their part of the bargain, the consequences can be severe. Late in 2016, Odebrecht SA and its affi liate Braskem SA, two Brazilian corporations at the heart of the Lava Jato case – possibly the largest corruption scandal in history – agreed to pay $3.5billion to Brazilian, US and Swiss authorities. In one of the largest cases ever brought by the US Department of Justice under the FCPA, last year Nordic telecom giant Telia paid out nearly

JOINING FORCES TO END CORRUPTION Collective action can create a deeper understanding and lead to better solutions

116 Ethical Boardroom | Spring 2018

Corruption | Regulatory & Compliance

$1billion over bribes to Uzbek government officials. Earlier this year, Airbus paid $99million to settle an investigation into alleged corruption in a deal to sell fighter jets to Austria. And, for spectacular consequences on the demand side, one need look no further than former presidents Lula of Brazil, Zuma of South Africa and Park of South Korea, who have all recently been in court – or even prison – over allegations of corruption in high office.

Corruption perceptions

Yet, despite the rhetoric and these high-profi le cases, Transparency International’s 2017 Corruption Perception Index (CPI) shows that the majority of countries are actually making little or no progress in their own battles against graft. Released in February, this edition of our index ranked 180 countries by their perceived levels of public sector corruption, according to experts and businesspeople. The index uses a scale of zero to 100, where zero is highly corrupt and 100 is very clean. New Zealand overtook Denmark to climb into first place with a score of 89, with Finland, Norway, Switzerland, Singapore and Sweden following. The secret to their relative success? All are helped by robust rule of law, independent institutions that provide essential oversight and a broad societal consensus against the misuse of public office and resources for private interests. Appearing at the bottom of the index, Somalia, South

Sudan and Syria confirm the sad fact that corruption tends to thrive in fragile states and countries embroiled in conflict. Across the board, however, progress is slow. Few countries have significantly improved their CPI score in the past five years. If we really want to achieve change, rhetoric must be matched by effective action. The CPI can play a role in that. It provides governments with a benchmark and can help focus national anti-corruption efforts. The government of the UK, for example, publicly welcomed its score of 82 this year, claiming the improved showing as proof of its anti-corruption measures’ success. Meanwhile in Nigeria, the results led to fierce debate: members of the ruling administration felt that recent progress was not reflected in the country’s score of 27.

Apart from the legal risks, such as prosecution and settlements involving high fines and prison sentences, in an increasingly global communication space, companies caught paying bribes face severe reputational damage Th rough this kind of attention, the CPI can also help mobilise pressure from citizens, aid donors and investors for accelerated progress against corruption. A little regional competition can be a powerful thing, too.

The business case

On the corporate side, many companies use the CPI as a measure of risk they are likely to encounter in a given market. Poor performance on the index can be a sign that

greater due diligence is required. The index is not produced with the aim of offering guidance for foreign direct investment, but that hasn’t stopped some companies from using the index to develop specific policies. Last year, one German fi rm announced that it would stop paying sales commission on deals with the public sector in countries that score below the halfway point on the CPI. The policy was announced as part of reforms to business practices after the company admitted to paying millions of dollars of bribes to win contracts with state-owned enterprises in South Africa. Such a cut-off is not the best use of the CPI. The response to red flags should not be to stop investment or rewards, but to put greater attention and investment into preventing corruption and maintaining integrity in business practice. Neither is the CPI the only tool available. For a more complete analysis of the corruption risks associated with doing business in a given country, it is important to complement a country’s CPI score with other measures of corruption risks. Whatever the level of corruption threat, it is essential that businesses put in place the necessary safeguards to protect themselves. Apart from the legal risks, such as prosecution and settlements involving high fines and prison sentences, in an increasingly global communication space, companies caught paying bribes face severe reputational damage. Other consequences of a corruption incident might be debarment, leading to the loss of lucrative contracts. To help set a benchmark for the business side of the equation, Transparency International publishes rankings of companies based on three dimensions: reporting on anti-corruption programmes, organisational transparency and country-by-country reporting of profits and payments to governments. In 2018, the important dimension of beneficial ownership transparency will be added. The research methodology includes a dialogue with companies on how they can improve their ranking by publishing more information.

Spring 2018 | Ethical Boardroom 117

Regulatory & Compliance | Corruption Such transparency is in companies’ best interests. Companies with anti-corruption programmes and ethical guidelines suffer up to 50 per cent fewer incidents of corruption and are less likely to lose business opportunities than companies without such programmes. In addition, companies that demonstrate genuine efforts to alleviate the risks of bribery and corruption are increasingly treated more favourably under national laws, such as in Brazil, the United Kingdom and the United States. In the United States, the B Lab, a nongovernmental organisation, offers companies certification based on their social and environmental performance, including anti-corruption policies. The certified companies, known as ‘B Corps’, qualify for various benefits, including discounts on office equipment and reduced fees from IT service providers. Cities also, offer their own incentives to B Corps, such as a tax credit programme introduced in Philadelphia. Some national laws such as the UK Foreign Bribery Act also allow for significant reductions, or even suspensions, of the penalties imposed on companies if strong anti-corruption programmes and practices are found to be in place.

Advocating together

Business can also play an important role in improving the anti-corruption climate in a given country. Companies have a high stake in working to actively reduce corruption in the public sector, as corruption increases their costs. Paying a bribe to a government official once can initiate a vicious cycle of extortion; government resources are wasted for private rent-seeking, thereby reducing quality and efficiency in service delivery. In many cases, investors have a high degree of influence on the government and can use this for effecting change. Businesses can and should advocate for improvements in state anti-corruption mechanisms, especially in coalitions with

other stakeholders, including civil society CSOs in the public arena tend to be more organisations (CSOs). successful at controlling corruption. One example of this is the Business Conversely, countries that repress Integrity Country Agenda (BICA) project, a journalists, restrict civil liberties and seek Transparency International tool that brings to stifle civil society organisations typically together government, business score lower on the CPI. Companies that and civil society stakeholders Hungary and Brazil are key to create a body of evidence on demonstrate examples of this relationship. the state of business integrity. Hungary recently enacted a genuine efforts series of measures to restrict Th is then serves as the basis for a shared reform agenda to alleviate the press freedom. Draft legislation and collective action. to restrict NGOs and risks of bribery threatens Our national chapter in revoke their charitable status. Italy (2017 CPI score 50; and corruption Although the CPI doesn’t 16 points below the Western these factors directly, are increasingly measure European average) conducted we see a correlation: Hungary’s treated more the project in 2017. One of the CPI score declined from 55 in project’s recommendations 2012 to 45 in 2017. Similarly, in favourably was to improve whistleblower Brazil, civil society’s ability to protection, as many corruption incidents participate in decision-making in the country are uncovered when diligent employees has recently been reduced. Brazil’s CPI score speak out. The report received a lot of declined from 43 in 2014 to 37 in 2017. In attention, with companies involved acting contrast, in the past few years Côte D’Ivoire as multipliers and promoting the experienced greater civic participation recommendations among their peers. in politics and progress on human rights. Shortly after the publication of the report, The country improved its CPI score by nine the Italian government adopted a new points from 27 in 2013 to 36 in 2017. whistleblower protection law. For businesses, the importance of this Th is type of partnership points to a vital correlation is clear. When assessing the component in ensuring progress against risks of entering a market, corporations can bribery and extortion. As we put together ask whether a robust civil society exists, and the latest edition of the CPI, we ran some if it is allowed space to apply its expertise. additional analysis to look at the relationship Working together with civil society on between press freedom, civil society projects, such as BICA, businesses can help engagement and corruption. Not accelerate improvements to accountability surprisingly, there is a clear link. We found and transparency and send a strong message evidence to suggest that countries that to governments that CSOs are essential respect press freedom, encourage open partners. Rather than merely relying on dialogue and allow for indexes and assessments, companies can full participation of actively collaborate with the anti-corruption movement to help create a virtuous circle that ultimately reduces the risk of doing business in places prone to corruption.

CONTROLLING CORRUPTION Those that actively collaborate with others are better placed to tackle malpractice

118 Ethical Boardroom | Spring 2018

Board surveys around the world indicate growing dissatisfaction with traditional internal audit and ERM methods and tools. Find out why boards aren’t getting what they need and what to do about it.

A better response to risk

Regulatory Compliance | Anti-Bribery

Aneta Nastaj

Aneta is a Training Manager, coordinating all training events in CRI Certification EMEA region

Beating Bribery Leadership and culture in risk and anti-bribery management systems

Global corruption costs trillions in bribes. In 2017 alone, there were some significant cases. Samsung Group’s third-generation leader, Lee Jae-Yong, has been accused of bribing Choi Soon-sil, a friend of former President Park Geun-Hye. Following Lee Kun-hee’s (Lee Jae-Yong’s father) heart attack in 2014, it has been calculated that Lee Jae-Yong would need to pay $6billion in tax bills to be able to inherit his father’s shares and maintain control of Samsung. The 120 Ethical Boardroom | Spring 2018

company’s leaders have a long-standing history of alleged tax evasion but, up to now, the white-collar crimes have been pardoned by Park Geun-Hye and other South Korean presidents. The easier option was for Lee Jae-yong to pay a bribe to orchestrate the merger of two divisions: Samsung C&T Corp., which is dedicated to construction and trading and Cheil Industries Inc., which owned several entertainment properties. Upon completion, the merger would have given the Lee family more power over the entire Samsung Group. Now that the plan was looking very promising, Jay Y. Lee used a bribe

to execute it. According to Bloomberg in 2017: “The form of the alleged bribe was Vitana V, an $800,000 thoroughbred show horse, plus $17million in donations to foundations affi liated with the friend, whose daughter was hoping to qualify for the 2020 Olympics as an equestrienne.” (Bloomberg, 2017). Following the investigation, the situation took a significant downturn and Jay Y. Lee was sentenced to five years in prison. Chung Sun-sup, chief executive of research fi rm said: “The five-year sentence was low given that he was found guilty of all the charges. I think the court gave him a lighter sentence, taking into account Samsung’s importance to the economy.” It is, however, one of the longest given to South Korean business leaders.

Anti-Bribery | Regulatory Compliance As for stock prices, they fell more than one per cent the day after Jay Y. Lee was arrested and then a similar amount after the verdict. Samsung Group’s profit was not hurt but South Korea’s new liberal president, Moon Jae-in, has pledged to rein in powerful, family-owned fi rms, like Samsung, which are known as chaebols in South Korea. He has promised to empower minority shareholders and end the practice of pardoning tycoons convicted of a white-collar crime. Another example of a company where corruption could be said to be part of company culture is (or was – more on that later) Rolls-Royce plc. Between 2000 and 2013, the company conspired to violate the Foreign Corrupt Practices Act (FCPA) by paying more than $35million in bribes through a third party to foreign officials to secure contracts. The US Department of Justice (DOJ) reported that in Thailand, Rolls-Royce admitted to using intermediaries to pay approximately $11million in bribes to officials at Thai state-owned and state-controlled oil and gas companies that awarded seven contracts to Rolls-Royce during the same period. The way business was conducted in Kazakhstan, Azerbaijan, Angola and Iraq did not differ. The corrupt practices were spread globally. In 2003, before the criminal activities came to light, the company’s chief executive, John Rose, who had been appointed in 1996, was honoured with a knighthood. After the engineering giant admitted in a deal with tUS prosecutor that it had made corrupt payments, the UK’s Labour party called for him to be stripped of his title. Sir John Rose insists that he did not know of the corrupt practices. Let’s say that is the truth, but did he not fail as a leader simply because of that? As a result of the scandal in 2016, Rolls-Royce has suffered the biggest financial loss in its history. Other factors include Brexit and the drop in the value of the pound, but the £671million charge for the penalties the company paid to settle bribery and corruption charges with Serious Fraud Office (SFO), the DOJ and Brazilian authorities left a hole in the company’s accounts. Since then, the authorities, has appointed a new management and if its praised cooperation with SFO is an indication of the company’s culture shift, Rolls-Royce should no longer be in the news due to corruption scandals.

ISO standards

Failed leadership is the obvious reason for the above bribery cases. ISO 37001: 2016 Clause 5 Leadership outlines what is required from top management in order to obtain ISO 37001:2016 anti-bribery management system certification. Leadership is crucial for an anti-bribery management system to be effective and all points under Clause 5 Leadership are requirements.

As illustrated in the standard: “For a compliance management system to be effective, the governing body and top management need to lead by example, by adhering to and actively supporting compliance and the compliance management system.” Management has a number of other responsibilities, which are outlined in the standard. There are responsibilities that are more obvious than others, such as “ensuring that the anti-bribery management system, including policy and objectives, is established, implemented, maintained and reviewed to adequately address the organisation’s bribery risk” (5.1.2. a) and “deploying an accurate and appropriate resources for the effective operation of the anti-bribery management system” (5.1.2. c). There are also requirements that are not so obvious but just as important; “promoting an appropriate anti-bribery culture within the organisation” (5.1.2. h) and “promoting continual improvement” (5.1.2. i). These requirements highlight that obtaining ISO 37001:2016 certification is not just a box-ticking exercise. In order to obtain the certificate, a company needs to illustrate that compliance with anti-bribery legislation is integrated

The assurance that an organisation is operating within international standards and processes helps cultivate social legitimacy in the operation of that company which directly serves to boost investor confidence and attract investors within its business model and, crucially, its culture. In practical terms, that means that the tone at the top needs to align with the ISO’s anti-bribery management system (ABMS) and the message needs to be understood from the boardroom to the factory floor.

Adopting bespoke policies

ISO 37001:2016 is a strategic approach to bribery risk identification and subsequent risk mitigation. Risk knowledge is a necessary factor for effective management. The adoption of ISO anti-bribery management system-tested principles and practices allows an organisation to tailor recommendations to its contextual business environment. ISO 37001:2016 has had the impact of making companies adhere to the international anti-bribery management system standard. As an international standard of high repute, ISO 37001 has

brought changes to market dealings and fi rm operations. Organisations have a guideline of rules and code of ethics to follow to mitigate the risk of being involved in corruption charges. The international nature of the ISO 37001 management system allows organisations to align their internal policies with national laws where the organisation is operating. It is important to note that state-nations are increasingly internalising globally recognised legal anti-corruption frameworks and actively prosecuting offenders. The assurance that an organisation is operating within international standards and processes helps cultivate social legitimacy in the operation of that company which directly serves to boost investor confidence and attract investors. Also, some consumers base their purchasing decisions on the ethical operations of a company. As such, the ISO standard serves as a pull factor for new consumers. Bribery is a very serious issue with adverse macroeconomic and microeconomic effects. In particular, it not only distorts markets and competition but also erodes the profitability of private fi rms and individual enterprises throughout an economy. The ISO anti-bribery management system provides measures that help organisations to prevent, detect, eradicate and address bribery. Th is is done by adopting anti-bribery policies, hiring personnel to oversee compliance risk management and due diligence on projects and business associates, implementing commercial and financial controls and also reporting and investigation procedures. ISO 37001:2016 can be used in any organisation regardless its size, type whether public or private or non-profit.

Enhanced transparency

Identification and resolution of bribery risks increase an organisation’s capacity to deliver consistent and improved services to consumers within the law and without engaging in bribery and corruption. In addition, the anti-bribery management system improves the way the organisation protects its people from fraud and ensures that there is a favourable working environment. Therefore, the ISO 37001:2016 anti-bribery management system enhances transparency in organisational culture, thus promoting the optimisation of resources. Protection of the organisation’s assets, shareholders and management from the adverse effects of bribery and corruption is another benefit associated with an ISO standard anti-bribery management system. Often, the negative effects of corruption are economic in nature. For instance, bribery affects the profit margins of a company to the extent that the management has to divert funds meant for either operating capital or assets capital to facilitating bribes. Spring 2018 | Ethical Boardroom 121

Regulatory Compliance | Anti-Bribery LIABLE TO BRIBERY Corruption can permeate to every corner of an organisation

Additionally, the public knowledge certification demonstrates a commitment that an organisation is actively involved to collaborate and work with like-minded in bribery or any other form of peddling organisations in managing bribery influence affects brand identity, which and corruption in the world. The chain erodes the consumer base, thus reducing of responsibility and accountability, the overall profitability of an organisation. additionally, ensures that the supply chain Th is system can operate as a standalone systems used by the organisations conduct facility or function under another system clean and verifiable business. Closely through integration. One advantage related to that advantage is the growth that cuts across all organisations is the of moral and legal business transactions amplification of confidence in the eyes between businesses and their contractors. of external stakeholders. From another Corruption can permeate to every corner perspective, an organisation using this ISO of an organisation and the anti-bribery format is assured of a good reputation as well certification blocks such realities. as an excellent working environment. The The ultimate beneficiary of ISO: 37001 risk factors are minimised is the shareholder. When an and a solid credential organisation bribes its way Bribery in pathway is realised. Indeed, into the business and has organisations many for-profit outfits its licence taken away, the practically have consistently applied shareholder loses their anti-bribery systems as investment. If credibility affects everyone a measure of acquiring is lost and the activity in the political, extensive market schedule goes down, it is the penetration goals. The ISO shareholder who bears the commercial or 37001 typically seeks to burden. However, social jurisdiction heaviest create an accountability bribery in organisations culture around the globe of such a company. practically affects everyone that allows organisations to the political, commercial Disgrace can lead in conduct activities in a clean or social jurisdiction of such to loss of jobs and healthy environment. a company. Disgrace can lead to loss of jobs. And a fined or Committed approach closed company implies lower tax revenues to An organisation with an ISO: 37001 2016 the government. Therefore, businesses should certification is open to public scrutiny since integrate ISO: 37001 2016 in their management its management operates without fear. operations as well as in risk and compliance. Further, such an entity displays fidelity Curbing risks and compliance to bribery legislation, such The ISO certification embeds a culture as acts of parliament or the congress. More of corporate social responsibility and importantly, subscribing to the system 122 Ethical Boardroom | Spring 2018

willingness to collaborate with law enforcement agencies. Cognisant of the backlash and opprobrium associated with corporate obstruction of justice in the investigation of bribery and corruption, the ISO certification allows organisations to document their proactive involvement in reviewing their compliance with global standards of anti-bribery management as well as the concrete measures the management has initiated to show its willingness to prevent and curb bribery risks. Finally, it is important to note that organisations have a distinct legal personality away from the management and other stakeholders. The separate legal personality of an organisation means that an organisation is liable for bribery activities committed by its employees or its management. Under domestic laws, culpable organisations are subject to legal sanctions, which include hefty pecuniary fines and, in some cases, dissolution of the organisation. Pecuniary fines affect the operations of a company by diverting either operating capital or assets to unintended activities. Overall, diversion of financial resources to foot fines affects the profitability of a company as well. In addition, such diversion of financial resources through fines affects growth strategies, such as expansion into new markets. In this case, provision of documented evidence to the prosecution or the courts demonstrates that an organisation has taken reasonable measures to prevent bribery and corruption, thus helping the organisation to avoid fines and sanctions, such as winding up.

First Certification Body in the world to be accredited by the Dubai Accreditation Centre for ISO 37001:2016 Certification Addresses the growing demand by global organizations for protection from increasing third-party risks.

CERTIFICATION & TRAINING IN: ISO 37001:2016 Anti-Bribery Management Systems ISO 19600:2014 Compliance Management Systems ISO 31000:2018 Risk Management


Corporate Research and Investigations LLC “CRI Certification� a foremost global Conformity Assessment Body specializing in Anti-Corruption, Compliance and Risk Management certification and training, has been granted Accreditation for the scope of ISO 37001:2016 Anti-Bribery Management System by Dubai Accreditation Department (DAC). CRI Certification will provide training and certification to businesses seeking to validate or expand their existing compliance frameworks by developing the latest in best-practice anti-corruption, due diligence processes, and procedures necessary for pursuing and maintaining global third-party affiliations. | | +971 800274552 | +44 2078681415 UK | UAE | QATAR | PAKISTAN | SINGAPORE | MALAYSIA | CHINA | USA | CANADA | BRAZIL

Global News Latin America

Global law firm network Lex Mundi has published an interactive anti-corruption compliance guide for general counsels operating in Latin America. The Anti-Corruption Compliance Guide sets out a summary of the legal landscape in 18 jurisdictions in Latin America and can be accessed free of charge on the Lex Mundi website. Lex Mundi said the interactive tool has been designed to help in-house counsel and corporate legal teams understand how to apply anti-corruption laws in jurisdictions in which they operate and inform the way in which they conduct their business across the region.

Brazil’s President slams graft allegations Brazilian President Michel Temer (right) has denied any wrongdoing, following media reports that police are investigating whether he laundered bribes through real estate transactions. According to the Folha de S.Paulo newspaper, federal police suspect that Temer laundered two million reais ($577,250) through real estate purchases and investments made by family members. In a televised statement. Temer described the alleged investigation as a ‘criminal persecution disguised as an investigation’ and another attempt to remove him from power. Police have not, as yet, confirmed the investigation claims. In 2017, the federal congress voted twice to block Temer from standing trial in the Supreme Court on three corruption charges levelled against him.

Americas commit to corruption battle Leaders of 33 countries in the Americas have signed the Lima Commitment, a pledge to eradicate corruption and promote transparency and accountability. The 57-point statement on democratic governance against corruption calls for concerted action against bribery, international corruption, organised crime and moneylaundering, and for the protection of whistleblowers, transparency and access to information. The agreement was made at the eighth Summit of the Americas, a conference that draws together the leaders of North, Central and South America. However, only 16 of the 33 nations gathered for the summit in Peru, making it the least attended yet and raising questions about the future of the regional gathering and the commitment to root out corruption.

124 Ethical Boardroom | Spring 2018

© Beto Barata/PR

Compliance legal help for Latin America

Chief executive of BRF steps down José Aurélio Drummond Jr, CEO of Brazilian food processor BRF, has resigned, leaving the world’s largest poultry exporter to seek its fourth chief executive in five months. Drummond Jr only joined BRF in November, replacing Pedro de Andrade Faria, but resigned days after it emerged that the firm was one of 20 Brazilian companies to be banned from exporting meat to the European Union because of ‘deficiencies detected in the Brazilian official control system’. BRF has appointed Lorival Nogueira Luz Jr to act as interim CEO in conjunction with his present position of chief financial and investor relations officer. Pedro Parente, chief executive of state-run oil company Petroleo Brasileiro, said he had agreed to become BRF’s new chairman of the board.

WHAT ARE YOUR SHAREHOLDERS LOOKING AT? Regime Stability Privacy & Data Security

Board Independence Executive Pay

Aging Population

Tax Transparency

Air Pollution

State Owned Enterprises

Food Shortages

Stock Pyramids Accounting Irregularities

Water Scarcity Drought

More and more institutional investors are integrating ESG factors into their investment processes and creating ESG investment products. MSCI ESG Research provides in-depth research, ratings and analysis of the environmental, social and governance-related business practices of companies worldwide, including: • More than 6,500 publicly traded companies and 590,000 equity and fixed income securities • Over 8,300 corporate, sovereign and government-related issuers • And the holdings of 26,000 mutual funds and ETFs

MSCI ESG Research is committed to robust and transparent engagement with all corporate issuers in our coverage universe. Contact us:

© 2018 MSCI Inc. All rights reserved.

Risk Management | Data

The #CyberAvengers are:

Paul Ferrillo, Chuck Brooks, Kenneth Holley, George Platsis, George Thomas, Shawn Tuma & Christophe Veltsos

The BIG DATA Problem The ethics and risks of having too much information Pick your story regarding the most recent data breach. Tens of millions of records lost here, hundreds of millions of records lost there. No real clear rules of the road. It’s almost as though we have reached a fatigue point, in essence, succumbing to this new normalisation: data loss is ubiquitous to all of our personal and professional affairs.

short of that seismic shift we spoke about before, we’re not sure how we get there if current conditions hold constant. Because all of our future depends on turning this around, we have to find a way and that begins with a shift in thinking. The #CyberAvengers work closely with and understand the needs of business. We understand that, for a company, one of its paramount needs is to stay in business. Few, if any, companies will be very concerned with the ethics of producing, consuming and holding too much data if they can no longer remain in business. We get that. We also get that just Th is normalisation, partially excused by a few years ago, many companies did not even the ‘I’m sorry’ or ‘we could have done better’ want to discuss things such as cybersecurity comments of executives, has not really and data protection, much less devote jump-started any serious change in how we resources to them. Since then we have seen protect data. Granted, some of the publicly some progress and companies are now willing listed companies have felt some heat on the to commit some resources to cybersecurity stock exchanges, a few million here, a few and data privacy, but they still think that billion there, but at time of writing, we have minimal resources and minimal effort is not seen a seismic shift in how businesses enough and only if it is not too inconvenient. in the US operate when it comes to data We need more progress. Companies must protection. And as a understand that the result, we continue the seriousness of these Let’s face it: we are normalisation of data loss. threats requires serious data hogs. If we’re If this situation holds commitment. They must true, we should be scared change the current mindset not producing data, because we further drift and stop expecting that we’re consuming it. into unknown waters. You security will be quick, easy see, the effects of ubiquitous It’s almost as though and cheap – they must data loss to a society and understand that it takes we are addicted transactional business commitment and resources, to data and it’s are unknown and, in all but it is worth it because, in likelihood, are not linear. the end, good security and no wonder why Not only are the individual data protection practices are risk profi les for each party amorphous, but the not only good ethics, but also good business. risk profi les are influenced by relationships A guiding principle of cybersecurity and data between parties, precisely as each party, protection is that you do not have to protect independently, builds more risk into their own what does not exist. And that brings us right profi le. In other words, we are not adding risk back to the ethics and risks of producing, as it relates to data loss; rather, we are consuming and holding too much data. multiplying risk. How will this impact how we The big issue do business? How will it impact how we live? Let’s face it: we are data hogs. If we’re not As our risk profile moves us towards greater producing data, we’re consuming it. It’s almost fragility, we are left wondering which business as though we are addicted to data and it’s no model will be left standing: the one where data wonder why. Data can be very valuable, with loss is universally ubiquitous and accepted as some recently calling it the ‘new oil.’ And a normal cost of business or the one where that begs the two questions: how much is too data protection is not only paramount, but much?; and what responsibilities do we have, absolutely necessary for successful business? both while we produce and consume data? Our preference is certainly for the latter, but

126 Ethical Boardroom | Spring 2018

Data | Risk Management

DATA OVERFLOW There is only so much information that a company can process, analyse and utilise

Spring 2018 | Ethical Boardroom 127

Risk Management | Data Consider for a moment that some time in 2016 we entered the ‘zettabyte era’. We need to show some numbers to demonstrate how profound that number is. 128 GB, the size of an average USB stick these days, converts to 128,000,000,000 bytes. 1.28 ZB, the estimated amount of global IP traffic in 2016, converts to 1,280,000,000,000,000,000,000 bytes. The orders of magnitude are well beyond what we mere mortals are able to comprehend on a daily basis. It’s like comparing a $20 bill to the $20trillion in US federal debt. Here’s the first problem with so much data: processing, analysing and reacting to all this data is well beyond mere mortal capability, which is why the artificial intelligence (AI)race is the new space race. The #CyberAvengers, it’s safe to say we have a non-homogenous view on AI, except for this point, where we are all in agreement: AI is great if used as a precision, surgical tool designed to identify, prevent and respond to network attacks. Not only is it great, it’s absolutely necessary simply because of the sheer amount of data that is flowing. Beyond that use is where the waters begin to get murky, as AI is also used to determine preferences, habits and so on, all issues that cross into privacy and behavioural discussions. And that’s where the ethics argument begins to take greater hold, simply as a matter of practicality.

This statement should only hold true for companies whose primary business role is to collect data. With a quick review of the recent news headlines, it won’t take you long to figure out which types of companies those are. But for everybody else, ‘more data’ should not be the answer. The answer should be ‘enough data to get my job done, well protected and not one byte more’.

Applying the silver rule to data

The golden rule, or some variation of it, is generally known throughout the world’s cultures. A lesser known rule is the silver rule, ‘do not do unto others as you would not have them do unto you’. If we could apply this rule to how we handle data, our feeling is that we would take a giant step forward in our data protection practices. Upcoming events may have an impact. We do see that some people and some regulators are legitimately caring about their privacy and personal data. And if this feeling picks up steam, it will be a market-driving force. Furthermore, in May 2018, the European Union’s General Data Protection Regulation comes into effect and it will be interesting to

everybody else, though, we have some very quick tips to help you get ahead of the curve. Do an audit of your data and ask yourself: do I really need all of it? Understand, the more data that you hold on to, the more you put somebody at risk. And the more you put somebody at risk, the more liability you take on. Yes, you can have too much data, so dump what you don’t need. You don’t want that liability on your hands. Be responsible custodians of data. That means creating an emotional connection to your customer’s data. Of course, that is easier said than done, especially when your small company has grown to become a large multinational corporation. We get that, but you still have to apply the silver rule. Rid yourself of the thought that there is such a thing as ‘efficient’ security and understand that security requires a commitment, resources and some inconvenience, but it is worth it. Security can be cost-effective, especially over time, if you take prudent steps to protect your data, such as employee training, instituting security-by-design methodologies and following established frameworks, such as the NIST Cybersecurity Framework. Cybersecurity

GROWING PAINS The world view on data needs to change

The circular argument starts to take form

We need more data to conduct business, whatever your reasons: optimisation, efficiency, better customer experience, you name it. We need more technology to process this data. We need more data to make the technology run more efficiently. We need more data to help the technology become more secure. Under this model, there is no conceivable way to protect less data, only more. And, so far, businesses have demonstrated that they are not very good at protecting data and that it is not much of a priority to them. As a result, this model leads really to only one of two conclusions: greater dependence on technology to protect our data, something that makes the system more fragile as we add unproven pieces of technology to an already inherently vulnerable system, resulting in an increased risk profile from a data loss perspective; or become more selective of the data we produce, consume and hold onto, resulting in a decreased risk profile from a data loss perspective. In today’s environment, data equals risk and more data means more risk. It’s simple really: the less I produce, consume and hold on to, the less I have to worry about. But, regardless of how simple it may be, the allure of data always seems to prevail, and we fall back into the old ‘more data’ habits, conditioning ourselves into believing that, without this data, we cannot operate or be successful. 128 Ethical Boardroom | Spring 2018

see how the citizens of the EU react, given that the regulators have been given the equivalent of Thor’s hammer against those seen to be violating the rules. It’s the losses that motivate us to change, losses that come in the form of assets, customers and reputation. We appreciate that it is hard to slow down a product release when the market is demanding it, but we are at the point that we need to consider longer term costs, because one class action lawsuit ruled against your company could be the end of your doing business. This is what board members need to worry about.

Hold on to what you need and nothing more

If you’re in the business of collecting data and repackaging it to sell advertisements, you’re in a special category and you can expect your business models to come under question as people come to realise that they are not really the consumer, but rather the product. For

costs – and all security costs really – are a tax on your business. There is only one case where cybersecurity costs can make you money: if you can prove to your customers that you are good at it. Your customers will pay for that intangible value if they can see that it is genuine. In closing, the world view on data that prevails is what will determine the nature of data protection. If it’s the world view that ubiquitous data loss is an accepted part of our daily lives and it wins, we’ll look back and say, not only have all our cybersecurity efforts been in vain, but the billions upon billions spent were a galactic waste of money. It will also demonstrate the inefficiencies of the cybersecurity industry. But if another world view prevails, one that takes data loss seriously and does not believe data loss should be ubiquitous and actually puts limits on how we produce, consume and hold data, then perhaps we can chalk up this Wild West period to growing pains, really painful growing pains.



BUSINESS ASSET? Data is any business’s most valuable asset—and how you defend it is as critical as how you access it. In today’s increasingly regulated environment, ensuring your organization implements a data management strategy is more critical than ever. For more than two decades, Trusted Data Solutions has led the market in delivering the most effective path for an organization’s critical data.

Trusted Data Solutions – Empowering Data Transformation with Trust.

For more information on Trusted Data Solutions visit | +44 (0) 20 3794 7600

Risk Management | Cybersecurity SPOTLIGHT ON SECURITY BREACHES Activists will hold boards accountable for cybersecurity woes

Directors and the digital age

US boards are under scrutiny for their oversight of cybersecurity — not only from regulators but shareholders and the public, too As cyberattacks and data breaches continue to accelerate in number and frequency, boards of directors are focussing increasingly on the oversight and management of corporate cybersecurity risks.

Directors are not the only ones. In the United States, an array of federal and state enforcement agencies and regulators, most notably the Securities and Exchange Commission (SEC), the Department of Justice (DOJ), the Financial Industry Regulatory Authority (FINRA) and State Attorneys General, identify board oversight in enterprise-wide cybersecurity risk management as a crucial factor in a company’s ability to appropriately establish priorities, facilitate adequate resource allocation and effectively respond to cyber threats and incidents. 130 Ethical Boardroom | Spring 2018

Aravind Swaminathan & Ken Herzinger

Aravind is a Partner & Global Co-Chair Cyber, Privacy & Data Innovation, Orrick. Ken is the Chair of Orrick’s White Collar, Investigations, Securities Litigation and Compliance Group The increased focus, particularly by the SEC and DOJ, is more evident now than ever in the wake of recently publicised investigations into data security incidents at Yahoo! and Equifax, the latter of which has already resulted in criminal insider trading charges being brought against an Equifax employee. Recently, in connection with the SEC’s publication of its most recent Statement and Interpretive Guidance on Public Company Cybersecurity Disclosures, SEC chairman Jay Clayton “urge(d) public companies to examine their controls and procedures, with not only their securities law disclosure obligations in mind, but also reputational considerations around sales of securities by executives”.

Indeed, even apart from the regulators, aggressive plaintiffs’ lawyers and activist shareholders are similarly demanding that boards be held accountable for cybersecurity. Shareholder derivative actions and activist investor campaigns to oust directors are becoming the norm in high-profi le security breaches. And, even more recently, the SEC charged Yahoo! for securities violations in connection with late disclosures of significant data breaches, and the company agreed to pay a $35 million fi ne.


Obligations of board members

The term ‘cybersecurity’ generally refers to the technical, physical, administrative and

Cybersecurity | Risk Management organisational safeguards that a corporation implements to protect, among other things, personal information, trade secrets and other intellectual property, the network and associated assets or, as applicable, ‘critical infrastructure’. This definition alone should leave no doubt that a board of directors’ role in protecting the corporation’s crown jewels is essential to maximising the interests of the corporation’s shareholders. Generally, directors of US corporations owe fiduciary duties of good faith, care and loyalty, as well as a duty to avoid corporate waste. In the US, the specific contours of these duties are controlled by the laws of the state in which the company is incorporated, but the basic principles apply broadly across most jurisdictions (with Delaware corporations law often leading the way). More specifically, directors are obligated to discharge their duties in good faith, with the care an ordinarily prudent person would exercise in the conduct of his or her own business under similar circumstances and in a manner that the director reasonably believes to be in the best interests of the corporation. To encourage individuals to serve as directors and to free corporate decision-making from judicial second-guessing, courts apply the ‘business judgment rule’. In short, courts presume that directors have acted in good faith and with reasonable care after obtaining all material information, unless proved otherwise. It is a powerful presumption that is difficult to overcome and has led to dismissal of many legal challenges to board action or inaction. To maximise their personal protection, directors must ensure that, if the unthinkable happens and their corporation falls victim to a cybersecurity disaster, they have already taken the steps necessary to preserve this critical defence to personal liability. In the realm of cybersecurity, the board of directors has risk oversight responsibility; the board does not itself manage cybersecurity risks. Instead, the board oversees the corporate systems that ensure that management is doing so effectively. Generally, directors will be protected by the business judgment rule and will not be liable for a failure of oversight unless there is a sustained or systemic failure of the board to exercise oversight – such as an utter failure to attempt to assure a reasonable information and reporting system exists. There are two recognised ways that a board can fall short: first, the directors intentionally and entirely fail to put any reporting and control system in place; or second, if there is a reporting and control system, the directors refuse to monitor it or fail to act on warnings they receive from the system. The risk that directors will face personal liability is especially high where the board has not engaged in any oversight of their corporation’s cybersecurity risk. This is a

rare case, but other risks are more prevalent. For example, a director may fail to exercise due care if he or she makes a decision to discontinue funding an IT security project without getting any briefing about cyberthreats the corporation is facing, or worse, after being advised that termination of the project may expose the company to serious threats. If an entirely uninformed or reckless decision to de-fund renders the corporation vulnerable to known or anticipated risks that lead to a breach, the members of the board of directors could be individually liable.

personal liability risk 2 The to directors and officers

A) Liability under federal securities laws Directors and officers face increasing litigation risk in connection with cybersecurity on two fronts. First, directors and officers should be mindful of standard securities fraud and insider trading claims that can be brought against companies and individuals in the wake of a data breach. Securities laws generally prohibit public companies from making material statements of fact that are false or misleading. There are three key areas of focus for public companies and their boards of directors, all highlighted by the recent SEC guidance:

In the realm of cybersecurity, the board of directors has ‘risk oversight’ responsibility; the board does not itself manage cybersecurity risks. Instead, the board oversees the corporate systems that ensure that management is doing so effectively ■■ Updating or correcting cybersecurity risk disclosures Virtually all public companies include risk of cybersecurity incidents within corporate disclosures of risk factors. Those risk disclosures, however, discuss the possible impacts of cybersecurity incidents. When a company is actually in the midst of responding to an incident, they may have a duty to correct a prior risk disclosure that the company determines was untrue or a duty to update a risk disclosure that becomes materially inaccurate after it is made ■■ Insider trading The DOJ recently brought criminal charges and the SEC brought an enforcement action against a former Equifax executive for selling almost $1 million worth of stock options upon

discovering that Equifax had suffered a major data breach, but before that fact was released to the public. Several other Equifax executives sold stock before the Equifax breach was public, but no charges have been brought against them to date. Accordingly, companies should consider whether it may be appropriate to implement a trading blackout period while the company investigates and assesses the significance of a cybersecurity incident, as such a blackout period could protect against insider trading and avoid the appearance of improper trading during this period ■■ Avoiding selective disclosure and regulation fair disclosure (FD) Regulation FD requires fair disclosure of material information. Companies can inadvertently run foul of Regulation FD by making statutorily required notifications to affected individuals, but not the public at large, which could constitute a selective disclosure. Companies should adopt policies and procedures to avoid selective disclosure prohibited by Regulation FD or ensure a Form 8-K disclosure is made where such information is provided to Regulation FD enumerated persons, which may occur when a company is required to provide notification to individuals under state data breach notification requirements or other regulatory requirements ■■ Risk committee and board oversight Companies are required to disclose the board of directors’ role in risk oversight of a company in annual reports or proxy statements, pursuant to Item 407(h) of Regulation S-K. The SEC’s new cybersecurity guidance states that companies should include a discussion of the nature of the board’s role in overseeing the management of cybersecurity risks that are material to a company’s business. In addition, the disclosures should describe how the board engages with management on cybersecurity issues. The SEC believes these disclosures will allow investors to assess how a board of directors is discharging its risk oversight responsibility in cybersecurity matters Key to these and other considerations is whether the cybersecurity incident is material, which depends upon its nature, extent and potential magnitude, particularly as these relate to any compromised information or the business and scope of company operations. In considering materiality, companies should consider: (1) remediation costs; (2) increased cybersecurity protection costs; (3) lost revenues; (4) litigation and legal risks; (5) increased insurance premiums; and (6) reputational damage, including potential negative impact on the company’s stock price. Spring 2018 | Ethical Boardroom 131

Risk Management | Cybersecurity B) Liability for breaches of fiduciary duties The second category of litigation risk facing boards of directors comes from plaintiffs, who are more aggressively filing shareholder derivative suits, where shareholders sue for breaches of directors’ fiduciary duties to the corporation. Recent examples include shareholder derivative litigation against the directors of Target Corporation, Wyndham Worldwide Corporation, Yahoo! and Wendy’s. Although there is some variation in the derivative claims brought to date, most have focussed on two allegations: that the directors breached their fiduciary duties by making a decision that was ill-advised or negligent; or that they failed to act in the face of a reasonably known cybersecurity threat. Recent cases have included allegations that directors: ■■ Failed to implement and monitor an effective cybersecurity programme ■■ Failed to protect company assets and business by recklessly disregarding cyberattack risks and ignoring red flags ■■ Failed to implement and maintain internal controls to protect customers’ or employees’ personal or financial information ■■ Failed to take reasonable steps in a timely manner to notify individuals that the company’s information security system had been breached ■■ Caused or allowed the company to disseminate materially false and misleading statements to shareholders (in some instances, in company filings) It should be noted that board members may not be protected from liability by the exculpation clauses in their corporate charters. Although virtually all corporate charters exculpate board members from personal liability to the fullest extent of the law, Delaware law, for example, prohibits exculpation for breaches of the duty of loyalty, or breaches of the duty of good faith involving ‘intentional misconduct’ or ‘knowing violations of law’. In addition, with myriad federal and state laws that touch on privacy and security, directors may also lose their immunity based on ‘knowing violations of law’. Given the nature of shareholder allegations in derivative litigation, these are important considerations and vary, depending on the state of incorporation. C) Other risks Litigation is not the only risk that directors and officers face. Activist shareholders and proxy advisors are challenging the re-election of directors when they perceive that the board did not do enough to protect the corporation from a cyberattack. The most prominent example took place in connection with Target’s data breach. In May 2014, just weeks after Target released its CEO, Institutional Shareholder Services (ISS), a 132 Ethical Boardroom | Spring 2018

leading proxy advisory firm, urged Target shareholders to seek ouster of seven of Target’s 10 directors for “not doing enough to ensure Target’s systems were fortified against security threats” and for “failure to provide sufficient risk oversight” over cybersecurity.

boards 3 Protecting of directors

From a litigation perspective, boards of directors can best protect themselves by diligently overseeing the company’s cybersecurity programme and taking some of the above-referenced steps to comply with the federal securities rules. Here are some other considerations and steps that companies should consider to limit liability and exposure: ■■ Consider appointing a chief information security officer (CISO) or similar officer and meet regularly with that individual and other experts to understand the company’s risk landscape, threat actors and strategies to address that risk. Appointing a CISO has an additional benefit. Reports suggest that companies that have a dedicated CISO detected more security incidents and reported lower average financial losses per incident

in bridging the communication and expertise gaps between directors and information security professionals, and can also help translate cybersecurity programme maturity into metrics and relative relationship models that directors are accustomed to using to make informed decisions about risk ■■ Monitor compliance by directing that management create internal and external controls to ensure compliance and adherence to that plan. Similar to internal financial controls, boards should direct management to test and certify compliance with cybersecurity policies and procedures ■■ Allocate resources using information in hand about what the company’s cybersecurity risks are and an analysis of its current posture. Boards should allocate adequate resources to address those risks so that management is appropriately armed and funded to protect the company ■■ Include in annual reports or proxy statements a description of the board of directors’ role in overseeing the management of cybersecurity risks that are material to a company’s business, as part of Item 407(h) of Regulation S-K ■■ Incorporate a process for ensuring that

DETECTING SECURITY ISSUES Appointing a chief security officer can help the board address risk

■■ Task a committee or subcommittee with responsibility for cybersecurity oversight and devote time to getting updates and reports on cybersecurity from the CISO on a periodic basis. As with audit committees and accountants, boards can improve oversight by recruiting a board member with aptitude for the technical issues that cybersecurity presents and placing that individual on the committee/ subcommittee tasked with responsibility for cybersecurity oversight ■■ Require that management implement an enterprise-wide cybersecurity risk management plan and align management’s incentives to meet those goals. Use of established analytical risk frameworks, such as the National Institute for Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity, (usually referred to as the “NIST Cybersecurity Framework”) to assess and measure the corporation’s current cybersecurity posture are critical

relevant information about cybersecurity risks and incidents is processed in a timely manner and reported to appropriate personnel, all the way up to senior management. Policies should provide for open communications between technical experts and disclosure advisors regarding such risks and incidents in making Sarbanes-Oxley Act 302 certifications As criminals continue to escalate the cyber war, boards of directors will increasingly find themselves on the frontlines of regulatory, class plaintiff and shareholder scrutiny. Directors are well-advised to proactively fulfil their risk oversight functions by driving senior management toward a well-developed and resilient cybersecurity programme. In so doing, board members will not only better protect themselves against claims that they failed to discharge their fiduciary duties but will also strengthen their respective organisations’ ability to detect, respond and recover from cybersecurity crises.

Cyber risk now ranks in the top 5 on corporate risk agendas. But only 19% of executives are highly confident in their cyber 1 event response capability. Cyber security is a technical challenge, but the real consequences of cyber-attacks are financial. Data breaches, business interruption, ransomware — these start in the server room, but the economic effects are felt in the boardroom. Are you confident you’ve assessed the real cost of a cyber-attack on your firm – and allocated your resources effectively? Marsh helps you optimize cyber risk capital allocation, quantifying your risk and designing mitigation and transfer solutions to deliver maximum risk reduction. So you can invest in the strategic risks you want to take.

1 Marsh Microsoft Global Cyber Risk Perception Survey, 2017

Marsh is one of the Marsh & McLennan Companies, together with Guy Carpenter, Mercer, and Oliver Wyman. Copyright © 2018 Marsh LLC. All rights reserved. 233834282

OPTIMIZE YOUR CYBER RESILIENCE Contact Marsh’s cyber team or visit us at Thomas Reagan Cyber Practice Leader 1 212 345 9452

Risk Management | Trust

Establishing and maintaining trust Building an ecosystem of trust through compliance and security Nina Bryant, Cheryl Davis & Paul Prior

Nina is a Director in FTI Consulting’s Information Governance Privacy and Security practice in EMEA. Cheryl is a Managing Director for Cybersecurity at FTI Consulting. Paul is a Managing Director within FTI Consulting’s Performance Analytics Practice

Establishing and maintaining trust with shareholders and clients is becoming increasingly difficult in a world of data breaches, cybersecurity attacks and patchwork data privacy laws. Trust is essential for businesses to thrive, especially in today’s competitive global market. Consumers and business partners have endless choices for where to spend their money and place their trust. Social media and the accessibility of information is placing a greater burden than ever before on corporations to be transparent and meet expectations. CEOs are being held personally accountable for mistakes that have exposed private consumer data. Conversely, valuing and protecting privacy, and demonstrating that the controls are in place to do so, can make a positive impact on commercial business. As countless headline-making breaches have shown, trust can be lost in an instant and is difficult to regain. Beyond the brand damage and disruption to company leadership, data breaches are also expensive. The Ponemon Institute and IBM have studied and monitored the costs of data breaches

over the last several years. In 2017, the average cost was $3.62million and the average size was more than 25,000 records. Issues that can impact the trust ecosystem are evolving quickly and they are unfolding in the daily news. It was recently revealed that Cambridge Analytica, a data analysis company that provides consulting services for politicians, obtained private information from tens of millions of Facebook profi les from a third-party partner of the social media giant. It allegedly used this information to tailor messaging in an effort to influence voters’ decisions in US elections. Th is is a glaring reminder that personal data is often utilised – perhaps even unbeknown to data subjects – to shape public feelings and attitudes, sometimes in violation of existing policies and laws. When incidents like this are uncovered, new questions and concerns about privacy and trust emerge. The Cambridge Analytica news came on the heels of social media companies facing the aftermath of revelations that entities had allegedly leveraged their platforms to spread false information to sway public opinion.

Facebook announced it would introduce trust ratings for news sources to rein in the spread of disinformation and begin addressing the difficulty of verifying the truth of information online. Mark Zuckerberg appears to understand the gravity of this, saying: “Social media enables people to spread information faster than ever before, and if we don’t specifically tackle these problems, then we end up amplifying them.” Companies, such as Franklin Trust Ratings, which leverages data analytics to provide trust intelligence for the healthcare industry, and Trust Pilot, an online review community that has enabled more than 32 million reviews of hundreds of thousands of businesses around the world, are gaining traction in the global shift towards transparency and accountability. These and other emerging platforms are making trust more quantifiable, but demonstrating and upholding integrity will remain a fragile endeavour. Boards have taken notice and executive leadership is more invested than ever before in mitigating reputational risk

IMPORTANCE OF BUILDING TRUST Making sure your business stands by strong values of integrity is crucial

134 Ethical Boardroom | Spring 2018

Trust | Risk Management stemming from a breach of trust. Still, multinational corporations are struggling to reconcile their cybersecurity and information governance efforts with the shifting landscape of privacy laws, consumer expectations and data management challenges. But a company that is facing privacy and security issues does not need to radically change the way it does business. Instead, it can leverage culture to implement and foster the necessary policy, procedural and technological transformations needed to strengthen its security stance and protect its trust ecosystem. Though many organisations are losing sleep over how to manage information under the new expectations and regulations for privacy and security, these can be viewed as an opportunity. This article will discuss how a holistic, client-centric approach to compliance and cybersecurity can build stronger trust with external and internal stakeholders and enable leadership to leverage emerging standards as opportunities to improve their overall corporate stance.

Cybersecurity landscape

We have seen that cyber incidents and attacks can have far-reaching impacts on a society – including the company’s own reputational loss, economic impacts, critical infrastructure disruption and national security risks. A key step in strengthening cybersecurity posture is to understand the current landscape and top threats on the horizon. Among these are trust-based threats and risks stemming from the supply chain and third-party vendors. An organisation needs to trust that its systems and vendors have the appropriate measures in place and are meeting basic cybersecurity standards. If it is found that basic standards are not met and data is compromised, integrity is undermined among employees, partners and clients.

Malicious cyber actors, whether they be nation state, cybercriminals, hacktivists, or cyber terrorists, have a globally accessible platform to conduct all manner of highly effective operations, from physical destruction and undermining of trust, to stealing money. The reach of these operations is not limited to governments, but instead is infi ltrating private industry and civil society, and businesses must be prepared for their critical areas to become targets. A case in point is the WannaCry ransomware event that was set to target unpatched systems and resulted in major financial costs and disruption of medical services in the UK.

Multinational corporations are struggling to reconcile their cybersecurity and information governance efforts with the shifting landscape of privacy laws, consumer expectations and data management challenges The proliferation of connected devices is another top issue and a double-edged sword. Society is benefitting from this connectivity, but the opportunity space for cyber threats and vulnerabilities has grown exponentially in parallel. While the community is working diligently to enhance the cybersecurity of devices and communication pathways comprising the Internet of Th ings, such as the signals sent between autonomous vehicles, malicious cyber actors are trying to capitalise on these devices’ insecurity.

Privacy has become law

Strict data privacy and cybersecurity regulations have emerged in many

jurisdictions around the world and have created a complex patchwork of laws that corporations must navigate, just as they are trying to enhance resilience in the face of a dangerous threat landscape. In some cases, these laws may overlap or contradict each other, and organisations operating across international borders must have frameworks in place that manage the jurisdictional nuances and maintain compliance. The European Union’s General Data Protection Regulation (GDPR) is top of mind for many organisations. Th is regulation requires organisations to meet stringent data protection requirements over personal data belonging to EU citizens (defined as any information relating to an identifiable individual, which can include anything from a physical or email address, age and gender, to IP addresses, GPS location, health information, search queries, items purchased, etc). The GDPR has also introduced new requirements around the rights of European data subjects. Th is requires corporations to find and retrieve data across multiple platforms within a short time frame and potentially erase, update, export or limit processing of some data. The Network and Information Security (NIS) Directive should be on the radar of EU organisations. It complements the GDPR and brings additional compliance measures around network security and breach management. The directive states that organisations that are operators of essential services (e.g. telecoms, energy, transport, banking, health, etc) and digital service providers must establish breach-response procedures, and member states may prosecute cyber crimes committed within their jurisdictions. The UK, Canada, France, Germany, Japan, India, Singapore, Australia and others have varied laws to this extent.

Spring 2018 | Ethical Boardroom 135

Risk Management | Trust China’s Cybersecurity Law is an extensive law that, unlike the GDPR, was drafted from a national security perspective, rather than for the empowerment of citizens’ rights over their private data. It went into effect in June 2017 and failure to comply can lead to serious legal prosecution by the Chinese government, including the suspension or closing of a business and fines of up to RMB 1,000,000. Requirements in the law span greater demands on the protection of key information and sensitive data to be stored domestically, not transferred outside of China. Both China’s new law and the GDPR are in stark contrast to US policy, which outside of certain vertical industry regulations (such as the Health Insurance Portability and Accountability Act) and various state data breach laws, does not at the federal level address data protection holistically across all sectors. Some federal and state laws that outline how corporations must respond and communicate in the event of a breach have emerged, and fines may result if reporting is not carried out in a timely and thorough

can help corporations understand their ■■ Build cross-functional teams data landscape, identify business and IG, compliance and privacy programmes cybersecurity risks, assign accountability are often born out of a single function and address critical trust issues. Corporations and eventually become marginalised can then build the controls and structure to because they are perceived to not make ensure critical data is protected and managed an impact across the entire organisation. appropriately, demonstrating that it takes When cross-functional teams are aligned, privacy of customer data seriously. A strong they can build remediation programmes IG framework identifies what data is stored that address overall risk, not just the risks where, defines how long data is retained and that apply to a single department ensures it can be retrieved in a timely fashion. ■■ Map critical data Understanding This simplifies the challenge of dealing with where critical, personal or sensitive conflicting regulations and jurisdictions by data and assets are stored, and defining the corporation’s retention policies prioritising security for those first and across jurisdictions and making it easier for foremost, helps to arm against the diverse organisations to locate critical documents. landscape of threats that can compromise Legal and compliance teams can then align privacy and security. Building various groups of data, such as personal data programmes that can evolve, based on within marketing databases or contracts, emerging cybersecurity threats, are also with their cybersecurity risk profile and critical in driving a long-term defence regulatory requirements and ensure the appropriate security and retention A business that has established controls are applied. trust, and has the foundation in For IG to be successful, executive leadership must buy in and fully place to maintain that trust, gains

an advantage over competitors that have not taken these important, proactive steps

BUILDING A STRONG GOVERNANCE FRAMEWORK Defining company policies can ensure data risks are addressed

manner. The Computer Fraud and Abuse Act and the Electronic Communications Privacy Act prohibit unauthorised computer access and interference to obtain data. There is also a strong push in the US for government and private sector collaboration on the cybersecurity front, so a community of experts is sharing intelligence across sectors. The UK and Australia have also implemented consolidation across public and private groups to share cybersecurity standards and intelligence.

Consistency through information governance

An information governance (IG) framework 136 Ethical Boardroom | Spring 2018

support these initiatives and drive the required shift in culture and behaviour. Board-level support is key to eliminating the departmental siloes that often block programmes from success and instilling organisational awareness of responsibilities and training employees about the ways to uphold privacy and how these efforts align with business objectives. Certain steps can be taken to build a strong respect for, and practice of, security and privacy into the cultural fabric of any organisation. Practical steps organisations can take to proactively build IG programmes that shape a culture of trust that is sustainable long-term include:

■■ Leverage training and incentives Employees must receive engaging and customised training to help them understand how to transform habitual activities into practices that align with IG policies. This may also include incentives for compliance. Some of our clients have escalated this to senior executives, introducing incentive and bonus schemes that include data protection benchmarks ■■ Watch for emerging tech Technology capabilities are maturing, and we are seeing new tools and features that utilise unstructured data analytics to evaluate risk and make recommendations about where controls should be tightened. Privacy, compliance and IG teams should stay abreast of technology advancements and be prepared to implement tools that can automate some of the most challenging aspects of data management Ultimately, data regulation forces organisations to reconcile the information they store, which, beyond strengthening the privacy stance and mitigating risk, creates an opportunity to leverage data assets for analytics and business use. An organisation that has executed a ‘privacy by design’ culture and IG framework is not limiting what it can do, but rather opening doors to innovation that can drive business. A business that has established trust, and has the foundation in place to maintain that trust, gains an advantage over competitors that have not taken these important, proactive steps.

Your Complete Platform for e-Disclosure

RelativityOne’s secure cloud platform can help you rethink the cumbersome task of e-disclosure, giving you flexible tools to tackle your unique challenges through every phase of a project. Want to learn more about RelativityOne? +44 (0) 203 651 5879 |

Global News Europe EU plans to protect whistleblowers

French tycoon faces Africa corruption probe French billionaire industrialist Vincent Bolloré is being investigated for allegedly ‘bribing foreign public officials’ in Africa. According to reports, the 66-year-old head of the Bolloré Group — one of France’s best-known businessmen — was taken in for questioning to explain how the group obtained contracts to operate ports in West Africa.

The Bolloré Group, which operates in the construction, logistics, media, advertising and shipping industries, confirmed it was under investigation over payments for communication services that were made in Guinea and Togo in 2009 and 2010 but it ‘formally denied’ any wrongdoing in its African operations.

Diess in the VW driving seat Volkswagen has replaced its chief executive with Herbert Diess (right), who takes on responsibility for the entire company and will oversee efforts to restructure the carmaker. Diess will take over from Matthias Müller (inset), who stepped down after leading the company through the aftermath of the emissions scandal. According to Reuters, leading analysts have described the new CEO as a ‘man of action’ and the ‘most plausible choice at VW to lead the group into the next phase of its transformation’. Volkswagen, which also owns the Audi, Bentley, Porsche, SEAT and Skoda brands, has also said it will break the business into six new vehicle divisions with a special portfolio for the China region.

UK needs gender equality quotas Positions of power in every sector of UK society are dominated by men, according to gender equality charity the Fawcett Society. Its Sex and Power Index 2018 reveals a gender imbalance across leadership, legal, political and media roles. In the business world, women make up just six per cent of FTSE 100 CEOs, 9.8 per cent of executive roles and 27.7 per cent of all directorships. There are no Black, Asian and minority ethnic women at the top of FTSE 100 organisations. The report calls for a time-limited use of quotas across public bodies and the boards of large corporate organisations enabled by law.

138 Ethical Boardroom | Spring 2018

Whistleblowers exposing fraud, tax evasion, data breaches and other misdemeanors will be given more protection from retaliation under new rules proposed by the European Commission. Under the bill, all companies with more than 50 employees or with an annual turnover of more than €10million would have to set up an internal procedure to handle whistleblowers’ reports. The law would give whistleblowers protected status, including the right to legal aid and possible financial support. Companies would be banned from firing or demoting whistleblowers and face ‘dissuasive’ penalties for seeking to block employees looking to uncover wrongdoing.

Malta bank linked to Azerbaijan in financial probe A network of more than 50 companies and trusts, secretly owned by Azerbaijan’s ruling elite, used accounts at Malta-registered Pilatus Bank to move millions of euros around Europe, a report claims. A consortium of journalists working on the Daphne Project allege that children of the two most powerful officials in Azerbaijan — President Ilham Aliyev and Minister of Emergencies Kamaladdin Heydarov — used dozens of offshore companies as cover for investments in luxury properties, businesses and high-end hotels. All of Pilatus Bank’s assets were frozen earlier this year, following the arrest of bank owner Seyed Ali Sadr Hasheminejad in the US on suspicion of money-laundering. Maira Martini, knowledge coordinator at Transparency International, commented: “We should be able to know who the individuals behind companies are, and where the funds for their investments come from. The corrupt shouldn’t be able to hide behind complex legal structures to open accounts, make investments, and purchase luxury goods.”

Relax. You’ve got a strong partner by your side. At the Swiss Exchange, you benefit from unique strengths: the highest market share of Swiss equities and the widest range of asset classes. All traded with the fastest and most secure tech­ nology. So you can stay relaxed in any market situation. And be­ cause we are constantly evolving, this partnership also helps you advance. You can count on it:

Europe | Ukraine S0Es

Lessons from Naftogaz

Where do we stand with reform of corporate governance in Ukraine’s state-owned enterprises? Gian Piero Cigna & Svyatoslav Sheremeta

Gian Piero is Associate Director, Senior Counsel. Svyatoslav is a Corporate Governance Advisor at the Legal Transition Team of the EBRD

In December 2014, the European Bank for Reconstruction and Development (EBRD) – an international financial institution, based in London – signed a €150million sovereign loan with Ukraine to upgrade and repair part of the Ukrainian gas transmission system, the main artery to transport Russian gas to Europe, which accounts for 40 per cent of the total European gas storage capacity.

The transmission system is managed by Ukrtransgaz (UTG), a subsidiary of Naftogaz – one of the largest and most strategic companies in Ukraine. The signing followed many years of negotiations – and many failed attempts – to work with the Naftogaz group, which employs more than 75,000 people and is Ukraine’s largest natural gas producer responsible for around 80 per cent of gas production in Ukraine,

140 Ethical Boardroom | Spring 2018

importer (accounting for approximately 74 per cent of imports) and wholesale trader (with roughly a 70 per cent share of Ukrainian gas trading). The group has been historically loss making. In 2014, Naftogaz sustained losses of about £3.6billion, the equivalent of 5.7 per cent of the country’s GDP.1 George Soros defi ned the company as ‘a black hole in the budget and a major source of corruption’. 2 In 2014, Ukraine was facing a severe crisis. In February, the ‘Revolution of Dignity’, also called Maidan Revolution, culminated in a series of violent events in the capital Kiev, resulting in the ousting of the Ukrainian President Viktor Yanukovych and the formation of a new interim government. In October 2014, the Ukrainian elections consolidated the reformist forces, opening the way to decisive steps, but also highlighted the urgency to deliver change on a broad scale and scope, in an extremely difficult situation both in the short term and in the medium term. Reforming the gas sector and ensuring financing for critical investments to rehabilitate the UTG transmission network and to increase energy supply reliability through, for instance, gas purchase financing support for Naftogaz, are priorities for the Ukrainian Government and the EBRD. The latter, together with the EU, the World Bank, the

International Monetary Fund (IMF) and the European Investment Bank (EIB), has been actively engaged in joint policy dialogue with the Ukrainian Government for a number of years with the aim to provide technical and financial assistance to reform and restructure the gas sector and modernise the gas infrastructure, based on market-based principles and liberalisation. Reform of Naftogaz is one of the key objectives of the joint international financial institutions’ action plan in the energy sector. One of the key conditions of the EBRD loan was to require Naftogaz and UTG to undertake a comprehensive reform of their corporate governance practices, under EBRD supervision and guidance. The corporate governance review – aimed at identifying the main issues of concern and securing agreement to an improvement action plan – started in early 2015. State-owned enterprises are usually heavily regulated – Naftogaz is no exception – and all their governance practices are meticulously regulated either by a law, decree, regulation, order or instruction. The initial review therefore, assessed both the practices in place at the companies and the legislative framework governing those practices. The review was completed in June 2015. A comprehensive report was issued, highlighting the major issues of concern on the practices in place at the companies and the legislation that should have been amended in order to allow the reform to take place. The review flagged several priorities that should have been tackled to align Naftogaz group’s practices to international standards – essentially, the OECD Corporate Governance Principles and the OECD Guidelines for Corporate Governance of State-Owned Enterprises (SOEs). Among those were to:

Ukraine SOEs | Europe

■■ Reduce the inconsistent state interference within the company’s management ■■ Clarify the group’s ownership structure – at that time divided between the cabinet of ministers as ‘company founders’ and the Ministry of Energy as ‘company shareholder’ ■■ Separate the ownership, regulatory and policy-making functions affecting Naftogaz commercial autonomy and raising conflict of interest ■■ Develop a ‘state ownership policy’, defining the state vision and rationale for state ownership3 ■■ Establish an independent and qualified supervisory board – which was until then present only ‘on paper’ as it had held no meeting in the previous 24 months – with clear authority and responsibilities ■■ Empower such independent and qualified supervisory board to develop a group strategy, anchored to a defined budget and risk appetite, with clearly defined commercial and social goals ■■ Create an internal control framework servicing corporate objectives and not only political purposes, as well as strengthen the group’s transparency and disclosure

Three-phase action plan

In order to tackle the issues highlighted above and allow the reform to take place, a complex set of legislation – including more than 80 laws, decrees, instructions, orders, often conflicting with each other – was to be amended. The negotiations lasted for about three months and on 21 October 2015, the Cabinet of Ministers approved the Naftogaz Corporate Governance Action Plan, a comprehensive plan for reform, including improvements in corporate governance practices and legislative amendments to be implemented according to a well-defined timetable.4 The action plan was divided in three phases: the first was to start immediately to insulate Naftogaz from political inference and allow it to start operating as a company. This involved the clarification of the ownership structure, the approval of a new charter, defining the role of shareholders, supervisory board, committees, internal audit, compliance, anti-corruption, risk management and the introduction of a transparent nomination policy for the supervisory board, based on qualifications and expertise. These actions were the basis for a second phase – to start after one year – involving legislative and regulatory reforms, to align Naftogaz governance structure to the OECD Corporate Governance Principles and OECD Guidelines for Corporate Governance of State Owned Enterprises (the final third phase).

The phasing was necessary due to the complexity of the situation. These kinds of reform cannot be implemented from day to night. The company’s commitment to the reform was strong and in May 2015, Naftogaz published its first ever annual report, titled Changing For The Future, providing a vision for reform.5 Most of the priorities included in the first phase were implemented quite swiftly. In December 2015, the company’s shares were transferred to the Ministry of Economy, so clarifying the entity in charge of the exercise of the ownership function, with no responsibility in policy-making and regulation of company’s activities. At the same time, a revised charter of the company – along with the terms of reference of the supervisory and management board – were approved. This paved the way for the EBRD to sign a second operation with Naftogaz: a $300million loan to allow the company to purchase more than one billion cubic metres of gas (bcm) and so support Ukraine in reaching its target of having 19 bcm of gas in storage, thus also helping the country to diversify its sources of gas supply by financing purchases from its interconnections with Europe through the so-called reverse flow. Under the terms of the

State-owned enterprises are usually heavily regulated – Naftogaz is no exception – and all their governance practices are meticulously codified by a law, decree, regulation, order or instruction loan, Naftogaz was required to tender and contract any gas purchased with EBRD funds under procedures in line with best European practices and to comply with the agreed action plan. In January 2016, the search for independent and qualified directors to serve on the supervisory board of Naftogaz was launched and in April a new supervisory board was appointed. For the first time ever, the board of a state-owned enterprise in Ukraine was made up of a majority of well-qualified and independent directors. However, reforming a country’s energy sector is not a walk in the park and things can turn ugly. In February 2016, Aivaras Abromavicius – the Minister of Economy and one of main promoters of the reform – resigned. In his resignation letter, the

Minister referred to Naftogaz corporate governance action plan and cited ‘pressure to appoint questionable individuals to key positions in state-owned enterprises’. 6 In April 2016, a new government was formed, but the reshuffle slowed down the reform process. In April 2017, Naftogaz supervisory board chair Yulia Kovaliv resigned, mentioning the clash of opinions on further development of Naftogaz and lack of consensus regarding the implementation of the corporate governance reform according to the initially envisaged plan.7 In the same month, the independent board members sent a letter to the Vice-Prime Minister of Ukraine indicating their concerns over the situation in the company. “Without material progress it would be inappropriate and untenable for us to continue as supervisory members” they said in the letter.8 Less than five months later, the Naftogaz supervisory board resigned. In his new letter of resignations, Paul Warwick – the chair of the board – wrote: “Despite assurances from senior politicians, deadlines have passed and commitments have not been delivered, with an environment of government control not envisaged in the corporate governance action plan. Essentially, no material change has occurred over the last five months despite the assurances we received to the contrary.”9 The resignation of the supervisory board was a shock to the whole reform process – especially in a moment when Ukraine managed to raise $3billion in its first sovereign bond issue since restructuring its debt in 2015. However, it sent a strong and clear message. The resignation of all independent directors is undoubtedly a dramatic event in the life of a company, but it is also a clear signal of the integrity that is to be expected from independent directors. A complete novelty for Ukraine. Independent directors play a crucial role and if they are unable to do their job, they must resign, rather than carry on with business as usual. Such a move – albeit extreme – sends a strong message to the market that there are serious concerns. In turn, the market should understand the seriousness of this signal… and the message was well received. In November 2017 – thanks to the coordinated effort of the Government and Ukraine’s partners from international institutions, including the EBRD – a new supervisory board, composed of a majority of highly professional and reputable candidates, was appointed by the Cabinet of Ministers.10 At its first meeting on 22 December 2017, Clare Spottiswoode was unanimously elected as the chair.11 Expectations are again high.

Spring 2018 | Ethical Boardroom 141

Europe | Ukraine SOEs way of tackling the inefficient SOE sector As SOEs corporate governance reform – in Ukraine, about 3,500 companies still can be successful only if practices are backed belong to the state, many more than in any by sound legislation, significant efforts have Western country. been paid to the legislative reform. A number of cabinet of ministers decrees – developed Board responsibility with financial and technical assistance from A cornerstone piece of legislation is now international organisations and development under discussion at the Parliament. The institutions – were approved to allow for the Draft Law 6428 aims at empowering the selection of independent supervisory board supervisory boards of SOEs with the key members of large SOEs and to define the authority to approve the SOE’s strategy nomination and selection procedures.12 A very important and difficult test was the and budget and to appoint and remove approval of several laws by the Verkhovna management.18 Indeed, the approval of the strategy – anchored to a clearly defined Rada, the Ukrainian Parliament. budget and risk appetite – is the key In April 2015, the law of Ukraine on joint board responsibility and it establishes the stock companies was amended, introducing benchmark upon which the board can then the concept of independent directors and strategically guide, challenge and oversee requiring supervisory boards of public management. Without such companies and SOEs to have authority, together with at least two independent There are lessons power to appoint and directors.13 In June 2016, to be learned from the another law required boards remove management, the of SOEs to have at least a the Naftogaz saga. board cannot function well. majority of independent The draft law also The main one is directors.14 In January 2018, reinforces the concept of that corporate a new law introduced a key fiduciary duties of provision, stipulating that supervisory board members, governance the general meeting of requires SOEs to establish reforms need shareholders cannot decide an internal audit function on matters reserved to the and introduces a ‘reference’ both ‘pressure’ supervisory board.15 The to the state ownership and ‘culture’ bypassing of the board – and policy, which should defi ne its independent directors – by the main objectives of state shareholders in key strategic decisions has ownership over SOEs, the expected results historically been a key problem in Ukraine, of SOEs’ operations and the corporate causing the state’s direct meddling into governance mechanisms to be adhered by company matters. The law also introduced the state and SOEs. new independence requirements for As the draft law envisages a serious shift supervisory board members, extended the of authority, it is encountering some fierce scope of activities of the supervisory board resistance. Disappointingly, on 21 March and detailed the powers of supervisory 2018, following several months of discussions board committees – i.e. audit committee, at the Government and endorsement by nomination committee and remuneration the Parliamentary Committee on Economic committee – also introducing a completely Policy, the draft law failed to collect the new (for Ukrainian corporate practice) required amount of support votes in its concept of a succession plan. fi rst hearing and is now waiting to appear In March 2018, another law became on the Parliament’s agenda for another effective, accelerating state divestment session. We hope it will be soon. from some large and most medium and Lessons learned small SOEs, leaving only SOEs strategically There are lessons to be learned from the important to the state’s economy and Naftogaz saga. The main one is that security.16 In addition to intensifying privatisation, it is planned that a large corporate governance reforms need amount of small loss-making, state-owned both ‘pressure’ and ‘culture’. companies will be liquidated under a In Ukraine, the ‘pressure’ is mainly streamlined procedure.17 Th is is another exercised by the international community, backing the Revolution of Dignity by the

Ukrainian people. International support is tangible and delivers results. Lastly, the word of international financial institutions and friendly countries still carries weight, especially when they speak with one voice and adds wind to the sails of these courageous women and men. It emboldens a remarkable civil society to speak up and demand change.19 The creation of the corporate governance ‘culture’ is a long process. Naftogaz was possibly the starting point. At the time of the fi rst EBRD deal’s negotiations, there was not much understanding in Ukraine of what ‘corporate governance’ meant. It was often confused with ‘corporatisation’, which many read as corporate governance ‘on paper’. After years of discussions and negotiations at all levels, there is finally an understanding of what good governance is and a growing consensus for reform. Following the Naftogaz experience, the EBRD is now working with a number of SOEs in Ukraine.20 Consultants carrying out corporate governance reviews are developing good skills – also drawing from international expertise – and contributing a lot to the culture creation. A few years ago, it was hard to find a good Ukrainian corporate governance expert, even at the largest consultancy houses. Nowadays, fi rms are creating and are continuously developing corporate governance practices. New corporate governance-oriented educational initiatives appear, and the Ukrainian Corporate Governance Academy is a very good example, able to stimulate the Government in addressing corporate governance-related discussions, both within corporate governance reviews of individual SEOs or as stand-alone processes, which was unthinkable just a few years ago. It would now be a good time for this culture creation revolution to reach the Verkhovna Rada. The contents of this publication reflect the opinions of individual authors and do not necessarily reflect the views of the EBRD Footnotes will be run in full online.

GOVERNANCE CULTURE Ukrainian firms are developing corporate governance practices

142 Ethical Boardroom | Spring 2018

Technology | Board Tools GETTING MORE FROM A PORTAL Boards have much to consider when choosing a new software provider

How not to choose a board portal:

Seven essential recommendations for corporate secretaries Board portals – digital tools for the distribution and storage of confidential documents – are spreading rapidly across the globe. According to Daedal Research, the global market penetration of board portals is expected to rise from 34.5 per cent in 2015 to 67.7 per cent in 2020.1 Th is means that within the next three years, more than two-thirds of all boards worldwide will receive their meeting materials electronically, delivered to them on their PCs, tablets or smartphones. Th is also means that companies of sizes, private and public, will adopt a paperless means of communication at board level. In parallel, board portal providers are mushrooming, some of which are reaching a stage of business maturity, while others still find themselves in their start-up or growth phase. And while the feature lists seem to be converging, choosing a software based on a 144 Ethical Boardroom | Spring 2018

Dr Katarina Sikavica

Independent corporate governance expert

feature list alone can lead boards astray in the era of Cloud technology and software as a service (SaaS).2 Working as the head of customer success at a board portal provider, I have seen many company secretaries struggling with this situation. On the one hand, they feel the pressure to ‘hop on the bandwagon’, while on the other, they want to assure themselves of making the right choice. Switching costs can be high and touch upon the company secretaries’ internal reputation as professionals who are on top of things, including technological innovation. However, company secretaries are not necessarily ‘techies’ and board members are almost never digital natives. The situation is exacerbated because most board portals are standalone applications (i.e. independent

from other company software). Board portal providers, therefore, typically sell directly to businesses without much or sometimes any involvement of the local IT, procurement, internal risk and audit departments. During my work with them, I have seen many company secretaries, particularly in smaller companies, choose board portals with no clear guidelines. What is worse, there seems to be little internal attunement on how the new application fits with the internal requirements. While there might be good reasons to keep board matters independent from other departments’ matters, not asking for advice and disregarding internal requirements usually leads to cumbersome post-contract renegotiations. Needless to say, such seesawing reflects badly on the competence of those who have a final say in choosing the board portal. The following recommendations are destined to help company secretaries navigate the board portal jungle, choose wisely and avoid (or minimise) switching

Board Tools | Technology costs. In lieu of praising one tool over another, I use common, non-technical language to address the pitfalls I’ve witnessed company secretaries stumble into as they went about choosing a board portal.


Don’t just hop on the bandwagon Technology innovation advances exponentially, yet technology adoption lags behind. Early adopters are typically tech-savvy, first-movers who are familiar with both the risks and the opportunities of new technologies. They possess the necessary skills to separate the wheat from the chaff. Early adopters make their choices based on efficiency considerations and are aware of what improvements they expect from new technologies. However, once a new technology has reached a critical mass, adopting it becomes a must for the rest of the market. Later adopters thus follow suit, if for no other reason than to comply with the expectations of their stakeholders. My first recommendation, therefore, is to ask yourself whether you really need a board portal and, if so, why? If your board meets only four times a year and if your board book is not larger than, say, 100 pages, do you really want to go through the hassle of implementing a digital tool among the non-digital natives? Some board members, even if tech savvy, simply prefer reading and writing on paper. (I can relate to that.) They will have their assistant print the meeting materials anyway and they will attend the meeting using a printed version of the board book. If security is not top of mind, does it really have to be a board portal? There are wonderful new solutions that convert paper notes into digital notes and that can, perhaps, do the job equally well (check out RocketBook or Moleskine Smart Writing Set or, for that matter, reMarkable). neglect your return 2 Don’t on investment (ROI)

Customer success managers have one top priority and that is to make their customers successful. What they are looking for is a way to measure how well you are getting a return on your investment. This is why any good customer success manager will eventually ask you about your objectives with moving from paper to digital. While these objectives are not always easily quantifiable, I find that many company secretaries haven’t even considered this question. Instead, they have simply followed the herd and have started using a particular board portal without much clarity on what it is that they seek to gain from it. They best way to introduce efficiency considerations, is to specify your objectives and to make them measurable. Do you want to save costs by printing less? If so, how much will you effectively save? Depending on the size of your board books, meeting frequency and headcount of meeting

participants, this number can be quite significant. Do you want to reduce the speed with which meeting materials are delivered to your board members? If so, how long does it take for your staff to prepare and send the materials now? And by what amount of time do you want to improve this process? Do you want to reduce the time your board members take to prepare for board meetings? If so, do you have an idea how much time it takes for them now? And can you make a traceable estimate of the amount of time you expect them to save with the new digital tool? from counting features 3 Refrain Many company secretaries quickly

where a company secretary insisted on having a ‘voting feature’ only to find out later that’s what he needed was a ‘digital circular resolution’ – that’s how that particular feature was described at our company. You and your board portal provider might simply not speak the same language. When talking to sales reps, therefore, don’t engage in a feature discussion but ask very for specific demonstrations of how their software meets your most important needs. underestimate your 4 Don’t board’s resistance to change

Some company secretaries opt for a board portal without paying enough attention move to browsing feature lists without to their board members’ tech savviness spending some time to think about the and habits – the primary roots of change unique working style of their board. In resistance. Not being an expert is oftentimes search for the perfect solution, my advice an unusual situation for directors. The is to start by thinking through your entire adoption of a new board portal can thus be meeting management process (from agenda curbed by board members’ fear of losing face. to meeting minutes). Ask yourself not only The lower the level of tech savviness on your what is important to you but also how board, the more effort should be put into frequently it occurs. For example, how their onboarding and training. Use such frequent are emergency meetings that information to negotiate with your provider require quick preparation? Does your an appropriate level of service in this regard. board often hold conference calls? Do you Some board members might prefer private, have frequent last-minute changes to your one-on-one onboardings, particularly if board book? Do your board members they feel isolated in their inexperience with have a regular need for board portals. Such private exchanging information onboardings can help They best way to before and after meetings them get up to speed introduce efficiency quickly without losing face or does your chairman nurture more of a one-onin front of their colleagues. considerations, one type of relationship Some board members is to specify your with each board member resist a new board portal without much interaction because they are used to objectives and happening between the other solutions. Using to make them other board members? different board portals for Be aware that as the measurable. Do different board mandates feature list grows, so does means using multiple logins you want to save software complexity. or even multiple devices. This costs by printing Therefore, prepare to make can be quite cumbersome. If some smart trade-offs. For this is the case on your board, less? If so, how example, if last-minute make board members part of changes to your board book much will you the evaluation process. There are a frequent occurrence, is nothing as discouraging as effectively save? note that overwriting old a board member engaging in board book versions can be tricky because frequent and unfavourable comparisons of replacing one board book version with your solutions with the one she/he is using for another while preserving all annotations her/her other mandates. My recommendation requires some smart programming. Board is thus to arrange for free software trials so as portals vary in how elegantly they have solved to allow for comparison. Most board portal such problems. Some offer great simplicity providers offer free trials – if they don’t, be and ease of use on the administrators’ side wary of why not. but have only few and underdeveloped Finally, get your IT involved early on in the collaboration features on the users (i.e. process. While, in theory, you don’t need your board members’) side. Some are relatively IT to purchase a stand-alone application, inexpensive but offer no support or service your local IT people can offer much-needed without additional charge. help in bridging the gap between you and My point here is: don’t judge a board portal your provider. Local IT folk are often the first by its feature list alone. Instead, try to tease go-to people when problems arise. As a result, out how well it demonstrably meets your make sure your IT gets a seat in your digital most important needs. Feature lists are often boardroom. Your board portal provider has just marketing. And, even if genuine, they easy ways to provide access to the tool without can be deceptive: I’ve witnessed situations allowing access to meeting materials. Spring 2018 | Ethical Boardroom 145

Technology | Board Tools underestimate your service 5 Don’t needs (and read the small print)

I once met a company secretary who was working for a large construction company. He expected his new board portal to be ‘rock-solid’, just like the buildings his company constructs. In his mind, the software he just bought might have taken some time to be built, but once it’s done, it’s done. Unfortunately, software is always under construction: new features are added, underused ones are removed, bugs are fixed and security gaps are closed. And this is done by releasing new software versions at a considerable pace. Facebook, for example, does it weekly. As a result, prepare for an ever-changing product. The board portal that you have today will look different in a couple of months. And this means that you will be relying on your provider’s support and service throughout your contractual relationship. A well-orchestrated first onboarding and training is fine, but you will need more. The less frequently your board meets, the more important this becomes as board members get out of practice. My recommendation is, therefore, to check with your new board portal provider about its release cycle: how often do they make updates? What is its philosophy in this regard? And how will you know and be alerted about the upcoming changes? Also, seek to find out how many trainings are offered with no additional charge and what type of trainings, manuals, tutorials, etc, you are entitled to. The same holds true for support. Every software has flaws, particularly if the release cycles are frequent and testing periods are short. In fact, providers who opt for frequent releases typically hazard the consequences of producing more bugs. These are then fixed ‘on the go’ – as users notice them. Read the small print in your service level agreement. What does it say about response time and criticality of incidents? During the sales process, ask to see some historic metrics that reflect the availability of your new board portal: what is the mean time between service incidents and what is the mean time between failures (reliability)? What is the mean time to repair (maintainability)? Finally, assure yourself that your provider has enough service and support staff. Ask how many accounts a customer success manager has to take care of on average. This will provide you with an idea of the level of responsiveness you can expect from your customer success manager. miss out on getting a clear 6 Don’t picture on security and confidentiality

Data security and confidentiality require the involvement of experts. Get your internal audit and risk people on board early on in the evaluation process. Board portals nowadays have decent security standards. I would 146 Ethical Boardroom | Spring 2018

expect all of them to rely on multiple-factor authentication for logins and to use a state-of-the-art, end-to-end encryption method (i.e. on-server and on-device hardware encryption, TLS (transport layer encryption) and backup encryption). However, there are more questions to be asked: if applicable law and jurisdiction are important to you, ask your board portal provider about server location, the identity, ownership and domicile of their subcontractors, and the location of developers who have access to your data. When it comes to external validation and reporting, go beyond just reading the reports and pay some attention to the reputation and credibility of the external auditors and testers. Related to that, seek to find out whether your contract foresees the commissioning of external audits orchestrated by you and at what cost. Moreover, ask questions about transaction data. Those data include, for example, who logs in and how often, from which type of

update was made to the software. Also, he vehemently opposed any new features or changes in design. At some point, however, his board rejuvenated with different board members joining. To his surprise, the new members requested more, not fewer features. This was a game changer. The company secretary eventually understood that he cannot assume to know his board members’ preferences in advance. My recommendation is thus to look ahead. What features does the current version of your preferred board portal include and what features are in development? Ask to see your provider’s roadmap. That said, upon making your decisions, bear in mind that roadmaps are not always to be trusted. Feature development, testing and release might take more time than expected and don’t necessarily depend on your providers’ efficiency alone. Therefore, if you need a particular feature today, you are well advised to go with a provider who already has it built

MORE EFFECTIVE MEETINGS Boards that go digital cite ease of transparency

device and IP-address, etc. Who owns this data: you or your software provider? And can you get logs of this data? How easily and at what cost? What is the quality of these logs? As a specialist in corporate governance, I can assure you that board work is fully transparent these days. Boards who transition from paper to digital can, at least in theory, provide full transparency over such things as time invested in meeting preparation. Finally, and most importantly ask about key handling and server crypto-control. While your data is (hopefully) encrypted on the servers, the salient question is who has a copy of the key (or ‘password’) to decrypt the data? Server crypto-control can be led by the provider, by you or by no one. If a zeroknowledge protocol is used for encryption, you can trust that no unauthorised person has access to your data and board materials. get stuck in short-termism 7 Don’t I remember a company secretary who

was extremely annoyed every time an

in. If not, try to find out about the stage of development of that feature: is it already specified? In production? Already being tested? Is there a release date in sight? In addition, in looking ahead, plan for exit in case you decide to opt for a different solution. Make sure you know what will happen to your data, post-exit, and whether you can get your board materials extracted to some external hardware. What are the costs of this process? How efficiently can this data be uploaded into a new tool? Last but not least, once you have made all your choices and have wholeheartedly opted for your preferred board portal provider, bear in mind that most observers expect the market to consolidate in the near future. Smaller providers might not achieve growth and may disappear altogether while your provider of choice might eventually be acquired by a bigger competitor. What’s your plan B? Global Board Portal Market: Trends & Opportunities (2016 Edition) 2Market Guide for Board Portals – Gartner 2014


in Angola. Introducing Diligent’s

Governance Cloud ™

Voting & Resolutions


Cabinda (7 Branches)

Entity Management


Soyo Messenger

Uíge (2 Branches)

Insights [Beta] Conflict of Interest Dundo



Caxito Province of Luanda

Lucapa N’dalatando

Catete Porto Amboim


Cacuso Calulo


Saurimo (2 Branches)


Waku-Kungo Sumbejourney with Begin your Diligent Boards. Grow with Governance Cloud. Bailundo

Catumbela Benguela (6 Branches)


Kuito Lobito Huambo (11 Branches) (4 Branches) Ganda Caála Cubal Caconda

Governance demands are growing. Demand Lubango a partner that can grow with you. (8 Branches) Menongue Matala Namibe From the creators of Diligent Chibia Boards, trusted by 70% of the FTSE 100,

Governance Cloud™ partners with board directors and executives to mitigate risk more effectively and meet demands in the boardroom and beyond. Tômbua Ondjiva With over a decade of experience as the leader in the market and with over Santa Clara 12,000 clients and 400,000 board directors and executive users around the (2 Branches) N globe, Diligent spent the last two years working with clients to develop the various components of the Governance Cloud. Backed by Diligent’s unparalleled customer support, easy-to-use technology, and earned industry trust — Governance Cloud is a partner that can grow with you.

Begin your journey to the best-in-class governance.

Technology | Board Tools underestimate your service 5 Don’t needs (and read the small print)

expect all of them to rely on multiple-factor authentication for logins and to use a I once met a company secretary who was state-of-the-art, end-to-end encryption working for a large construction company. method (i.e. on-server and on-device He expected his new board portal to be hardware encryption, TLS (transport layer ‘rock-solid’, just like the buildings his company encryption) and backup encryption). constructs. In his mind, the software he just However, there are more questions to bought might have taken some time to be built, be asked: if applicable law and jurisdiction but once it’s done, it’s done. Unfortunately, are important to you, ask your board software is always under construction: new portal provider about server location, the features are added, underused ones are identity, ownership and domicile of their removed, bugs are fixed and security gaps subcontractors, and the location of developers are closed. And this is done by releasing new who have access to your data. When it comes software versions at a considerable pace. to external validation and reporting, go Facebook, for example, does it weekly. beyond just reading the reports and pay some As a result, prepare for an ever-changing attention to the reputation and credibility of product. The board portal that you have external auditors and testers. Related to Find out how the EY Center forthe Board Matters today will look different in a couple of that, seek to find out whether your contract provides the insights to tackle the most months. And this means that you will be foresees the commissioning of external audits complex boardroom relying on your provider’s support andissues. orchestrated by you and at what cost. service throughout your contractual Moreover, ask questions about transaction relationship. A well-orchestrated first data. Those data include, for example, who onboarding and training is fine, but you will logs in and how often, from which type of need more. The less frequently your board meets, the more important this becomes as board members get out of practice. My recommendation is, therefore, to check with your new board portal provider about its release cycle: how often do they make updates? What is its philosophy in this regard? And how will you know and be alerted about the upcoming changes? Also, seek to find out how many trainings are offered with no additional charge and what type of trainings, manuals, tutorials, etc, you are entitled to. The same holds true for support. Every software has flaws, particularly if the release MORE EFFECTIVE cycles are frequent and testing periods are MEETINGS short. In fact, providers who opt for frequent Boards that go digital cite ease releases typically hazard the consequences of transparency of producing more bugs. These are then fixed ‘on the go’ – as users notice them. Read the device and IP-address, etc. Who owns this small print in your service level agreement. data: you or your software provider? And can What does it say about response time and you get logs of this data? How easily and at criticality of incidents? During the sales what cost? What is the quality of these logs? process, ask to see some historic metrics As a specialist in corporate governance, that reflect the availability of your new I can assure you that board work is fully board portal: what is the mean time between transparent these days. Boards who transition service incidents and what is the mean time from paper to digital can, at least in theory, between failures (reliability)? What is the provide full transparency over such things mean time to repair (maintainability)? as time invested in meeting preparation. Finally, assure yourself that your provider Finally, and most importantly ask about has enough service and support staff. Ask key handling and server crypto-control. how many accounts a customer success While your data is (hopefully) encrypted on manager has to take care of on average. the servers, the salient question is who has a This will provide you with an idea of the copy of the key (or ‘password’) to decrypt the level of responsiveness you can expect data? Server crypto-control can be led by the from your customer success manager. provider, by you or by no one. If a zeroDon’t miss out on getting a clear knowledge protocol is used for encryption, picture on security and confidentiality you can trust that no unauthorised person Data security and confidentiality require the has access to your data and board materials. involvement of experts. Get your internal Don’t get stuck in short-termism audit and risk people on board early on in the I remember a company secretary who evaluation process. Board portals nowadays was extremely annoyed every time an have decent security standards. I would

Do boards need to know all the answers or just the right questions?



146 Ethical Boardroom | Spring 2018

update was made to the software. Also, he vehemently opposed any new features or changes in design. At some point, however, his board rejuvenated with different board members joining. To his surprise, the new members requested more, not fewer features. This was a game changer. The company secretary eventually understood that he cannot assume to know his board members’ preferences in advance. My recommendation is thus to look ahead. What features does the current version of your preferred board portal include and what features are in development? Ask to see your provider’s roadmap. That said, upon making your decisions, bear in mind that roadmaps are not always to be trusted. Feature development, testing and release might take more time than expected and don’t necessarily depend on your providers’ efficiency alone. Therefore, if you need a particular feature today, you are well advised to go with a provider who already has it built

in. If not, try to find out about the stage of development of that feature: is it already specified? In production? Already being tested? Is there a release date in sight? In addition, in looking ahead, plan for exit in case you decide to opt for a different solution. Make sure you know what will happen to your data, post-exit, and whether you can get your board materials extracted to some external hardware. What are the costs of this process? How efficiently can this data be uploaded into a new tool? Last but not least, once you have made all your choices and have wholeheartedly opted for your preferred board portal provider, bear in mind that most observers expect the market to consolidate in the near future. Smaller providers might not achieve growth and may disappear altogether while your provider of choice might eventually be acquired by a bigger competitor. What’s your plan B? Global Board Portal Market: Trends & Opportunities (2016 Edition) 2Market Guide for Board Portals – Gartner 2014


Ethical Boardroom Spring 2018  
Ethical Boardroom Spring 2018