Ethical Boardroom Winter 2018 by Ethical Boardroom

Published by Ethical Board Group Limited | www.ethicalboardroom.com

Winter 2018

Keeping it above board Opening boardroom doors to women

Why it’s time for business to get more proactive

Global audit committees

Failure to manage key risks can damage your reputation

ISO 37001: one year on

Kicking the can down the road

Agile governance practices and a mission to ensure transparency for shareholders

UK £9.95 USA $14.99 CAN $16.99 EUR €11.99

611002

Open and sustainable

Shareholder activists turn to social media

9 772058

Red Eléctrica:

Using Twitter to move the market

Is Japan’s governance reform in danger of losing momentum?

Being certified doesn't guarantee your immunity

ISSN 205 8- 61 1 6

Your Bank More than 190 Branches More than 1,5 million Clients Province of

Luanda (117 Branches)

Cacuaco

City of Luanda Viana Belas

BFA is growing with Angola. With 16 Corporate Centres, 9 Investment Centres and 165 Agencies across the country, it now serves more than 1,5 million Clients. With a competitive and wide range of financial services available and a commercial network that reaches almost every part of the country, BFA is growing to meet all its Clientsâ&#x20AC;&#x2122; needs wherever they are and wherever they need to be. For further information on how to start or strengthen your business relations with Angola, visit any BFA Agency, Corporate Centre, Investment Centre or go to www.bfa.ao

in Angola. Cabinda (7 Branches) Soyo

Uíge (2 Branches)

Dundo

Negage

N’zage

Caxito Province of Luanda

Lucapa N’dalatando

Catete Porto Amboim

Dondo

Cacuso

Saurimo (2 Branches)

Malanje

Calulo

Gabela Waku-Kungo

Sumbe

Luena

Bailundo

Catumbela Benguela (6 Branches)

Kuito Lobito Huambo (11 Branches) (4 Branches) Ganda Caála Cubal Caconda

Lubango (8 Branches) Namibe

Menongue

Matala Chibia

Tômbua Ondjiva

Santa Clara (2 Branches)

Ethical Boardroom | Contents

COMMENTARY

Shareholder primacy: Is this concept fit for purpose? Organisations want an equilibrium between the legitimate interests of shareholders, stakeholders and controlling owners of companies

Strengthening governance during crisis Five reasons to prioritise corporate governance in fragile and confl ict-affected markets

14 16

To speak or not to speak? When does corporate silence fail the public?

The new rise of ESG Engagement, activism and passive investment are converging around environmental, social and governance issues

ASIA

Global News: Asia Banking oversight, governance codes and independent directors

COVER STORY

Governance policy in Japan: Kicking the can down the road? Companies may no longer think they can ignore corporate governance, but there is still a lackadaisical approach to implementation

Red Eléctrica: Open and sustainable Ethical Boardroom talks to Red Eléctrica on the company’s agile governance practices and its mission to ensure transparency for shareholders

BOARD LEADERSHIP

Opening boardroom doors to women Rebalancing representation in the boardroom is painfully slow work. It’s time for business to adopt more proactive techniques

14 38 www.ethicalboardroom.com

Contents | Ethical Boardroom

In pursuit of effective corporate governance Getting to the root of some of the problems that beset boards will lead to more rigorous guidance and help achieve better outcomes

Changing times A reformation of the boardâ&#x20AC;&#x2122;s sustainability landscape is nigh

AMERICAS

28 40 16

Global News: The Americas Gender diversity, corruption, cybersecurity, and governance

BOARD GOVERNANCE

Global audit committee issues in 2018 Risk management is one of the biggest concerns for audit committees, boards and their companies in the year ahead

Behavioural auditing How organisations are assessing corporate culture and behaviour

Ethics: Leading from the top Internal audit can be a key player in ensuring boards challenge organisational culture and prepare for ethical missteps

CONTENTS

Virtual-only shareholder meetings: A practical guide Before switching from in-person annual meetings, US companies must consider how they intend to communicate with shareholders

AFRICA

58 60

Global News: Africa Corporate governance, sustainability and recruitment

Zimbabweâ&#x20AC;&#x2122;s lessons from Singapore Actions speak louder than words in the evolution of corporate governance

ACTIVISM & ENGAGEMENT

www.ethicalboardroom.com

Social media and shareholder activism Activists are increasingly turning to digital and social networking platforms to get their message out during proxy campaigns

Winter 2018 | Ethical Boardroom 5

Ethical Boardroom | Contents

Hedge fund activism & the market for corporate control Controlling for selection decisions, activist interventions substantially increase the probability of a takeover offer

Re-evaluating shareholder voting rights in M&A transactions With many high-profi le company takeovers leading to negative returns, is it time for compulsory voting?

The path to robust non-financial information Key questions non-execs need to ask on their journey to assurance

EUROPE

76 78

Global News: Europe Governance reforms, NGOs, SOEs and the Kremlin list Corporate governance codes: Not an end in themselves National authorities need to actively review legislation to understand how rules are applied in practice

Corporate governance in Italy: Behind the scenes An open debate is needed between policymakers, companies and investors on best practice evolution

Effective governance Good corporate governance is a prerequisite for attracting market capital; it’s also likely to create more value than your competitors

THE EB 2018 CORPORATE GOVERNANCE AWARDS

106

Introduction & Winners list We reveal our 2018 European Award winners

Good governance ‘pays’ Does good governance and board engagement create value for shareholders? At Nestlé there is more and more evidence for it

6 Ethical Boardroom | Winter 2018

www.ethicalboardroom.com

Contents | Ethical Boardroom

Enel: Powering its way to strong governance Europeâ&#x20AC;&#x2122;s largest power utility focusses on creating value for stakeholders by raising sustainability standards

MIDDLE EAST

Global News: Middle East Corruption, SOEs, fi nancial disclosure and tax havens

REGULATORY & COMPLIANCE

120 98 82

ISO 37001: A year on Getting certified does not guarantee an organisationâ&#x20AC;&#x2122;s full commitment nor any type of immunity

102

Anti-corruption and GDPR: A collision of galactic proportions Combatting transnational bribery while protecting personal data

106

The secret life of shell companies Once seen as the preserve of exotic offshore jurisdictions, these money-laundering tools have been turning up a lot closer to home

110

Upholding human rights through the lens of due diligence Businesses are expected to make clear their responsibilities and proposed action for protecting individuals from abuse

AUSTRALASIA

114

Global News: Australasia Rugby Australia, gender diversity, graft and governance

RISK MANAGEMENT

116

AI and reputational risk: An ESG perspective Getting to grips with the ESG risks and opportunities associated with artificial intelligence

120

Standards-based approach to cybersecurity Implementing a cybersecurity programme that adopts industry guidelines will bolster security defences

www.ethicalboardroom.com

Winter 2018 | Ethical Boardroom 7

Ethical Boardroom | Foreword

Welcome to the Winter 2018 edition of Ethical Boardroom magazine

The impact of the Carillion crisis The collapse of British construction and outsourcing company Carillion under a mountain of debt has inevitably sparked a debate about how companies are run and the running of public services to private companies.

It’s clear that even after the initial finger-pointing, blame-shifting and political backlash has died down, the Carillion implosion is certainly not an issue from which we can afford to hastily move on. An early inquiry into the management and governance of Carillion, which manages a plethora of public sector and private projects around the UK, including the provision of prison and health services, has highlighted worrying issues with its pension scheme law, regulation and policy. Carillion’s directors have been accused of handing generous payments to shareholders and directors while allowing huge deficits to grow in pension funds on which thousands of employees depend. Investigations are also underway into investors making stock market bets against the failed construction company at the same time as investing in pension funds amid claims that fi rms, such as the world’s largest investor, BlackRock, will be the biggest winners from the collapse.

8 Ethical Boardroom | Winter 2018

Coincidentally, as Carillion hit the headlines, Larry Fink, the head of BlackRock, wrote to the heads of FTSE 100 fi rms and other global business chiefs in January warning them of the need to make a ‘positive contribution to society’. “Without a sense of purpose, no company, either public or private, can achieve its full potential,” Fink said in the letter. “It will ultimately lose the license to operate from key stakeholders. It will succumb to short-term pressures to distribute earnings, and, in the process, sacrifice investments in employee development, innovation, and capital expenditures that are necessary for long-term growth. It will remain exposed to activist campaigns that articulate a clearer goal, even if that goal serves only the shortest and narrowest of objectives.” Fink went on to comment on how a company’s ability to manage environmental, social, and governance matters demonstrates the leadership and culture that is essential to sustainable growth. In this issue of Ethical Boardroom, Marco Visani also addresses how good governance not only makes companies more attractive to potential investors, but also assures sustainable growth and, over the long term, guarantees the continuity of the company itself (page 86). Elsewhere, on page 34, Peter Crow highlights how the level of understanding of how boards should work if they are to exert influence from and beyond the boardroom remains incomplete. Addressing these concerns will lead to a clearer understanding of corporate governance and improved guidance for board practices, director recruitment and on-going director development.

www.ethicalboardroom.com

Contributors List | Ethical Boardroom

Our thanks to this issue’s contributing writers AFRA AFSHARIPOUR Professor of Law, Martin Luther King, Jr. and Hall Research Scholar, UC Davis School of Law

TIMOTHY COPNELL Chairman of KPMG’s UK Audit Committee Institute

ATHENA ARBES & NICOLAS TOLLET Athena is an Associate and Nicolas is Counsel at Hughes Hubbard & Reed LLP

DR PETER R. CROW Expert on strategy, corporate governance and board effectiveness

NICHOLAS BENES Nicholas proposed Japan’s Corporate Governance Code and is Representative Director of The Board Director Training Institute of Japan

GEORGE DALLAS Policy Director at the International Corporate Governance Network

ˇ MARCELLO BIANCHI & MATEJA MILIC Marcello is Deputy Director General at Assonime and Chair of Technical Secretariat, ICGC. Mateja is Assonime and Staff at the ICGC DR ANDREA BONIME-BLANC Founder and Chief Executive Officer of GEC Risk Advisory FABIO BONOMO Head of Enel’s Corporate Affairs Department NICOLE M. BOYSON, PHD Associate Professor of Finance, D’Amore-McKim School of Business, Northeastern University RICHARD F. CHAMBERS President & CEO, The Institute of Internal Auditors GIAN PIERO CIGNA, MILOT AHMA ´ & PAVLE DJURIC Gian Piero is Associate Director, Senior Counsel, Milot is an Associate and Pavle is Counsel at the European Bank for Reconstruction and Development PROFESSOR JOHN COFFEE Is the Adolf A. Berle Professor of Law at Columbia University Law School and Director of its Center on Corporate Governance

JESSICA S. DIAZ Chief Operating Officer at ClearArmor Corporation JOSÉ FOLGADO, JUAN FRANCISCO LASALA BERNAD & RAFAEL GARCÍA DE DIEGO José is the Chairman, Juan is the CEO and Rafael the General Counsel and Non-Director Secretary of Red Eléctrica DAVID FRICK Member of the Executive Board and Secretary to the Board, Nestlé S.A. ABE M. FRIEDMAN Chief Executive Officer, CamberView Partners STEVE GOODRICH & BEN COWDOCK Members of the Corruption Research Team at Transparency International UK STEVEN M. HAAS & CHARLES L. BREWER Lawyers at Hunton & Williams LLP JAYNE E. JUVAN Partner, Co-chair of the Corporate Governance Practice Group and Chair of the Private Equity Practice Group at Tucker Ellis LLP

RICHARD KARMEL Partner, Mazars LLP MICHELE LA NEVE Managing Partner at Whitecotton Law International JAN OTTEN & INGE VAN DER MEULEN Jan is founder of ACS and partner at ACS Behavioural Auditing. Inge is partner at ACS Behavioural Auditing HELEN PITCHER Chairman, Advanced Boardroom Excellence EDWARD SIWELA Executive Director of the Institute of Directors Zimbabwe RAJ TULSIANI Chief Executive Officer and Co-founder, Green Park MARCO VISANI Head of the Governance & Executive Compensation unit of The European House – Ambrosetti STEVE WOLOSKY, ANDREW FREEDMAN & RON S. BERENBLAT Members of Olshan Frome Wolosky’s Activist & Equity Investment Group ALEXANDRA WRAGE & ILLYA ANTONENKO Alexandra is the President and Founder of TRACE, Illya is Privacy Counsel at TRACE International MERIMA ZUPCEVIC BUZADZIC IFC’s Corporate Governance Lead for the Europe and Central Asia region

EDITOR Claire Woffenden DEPUTY EDITOR Spencer Cameron EXECUTIVE EDITOR Miles Hamilton-Scott ART DIRECTOR Chris Swales CHIEF SUB Sue Scott ONLINE EDITORS Allegra Cartwright, Hermione Bell PRODUCTION MANAGER Jeremy Daniels SUBSCRIPTIONS MANAGER Lucinda Green HEAD OF ONLINE DEVELOPMENT Solomon Vaughan ONLINE DEVELOPMENT Georgina King, Rosemary Anderson MARKETING MANAGER Vivian Sinclair CIRCULATION MANAGER Benjamin Murray HEAD OF SALES Guy Miller PRODUCTION EDITORS Tobias Blake, Dominic White VIDEO EDITOR Frederick Carver VIDEO PRODUCTION Tom Barkley BUSINESS DEVELOPMENT Dammian Botello, Giles Abbott, Gerald Fox, Steven Buckley ASSOCIATE PRODUCER Suzy Taylor ADMINISTRATIVE ASSISTANT Abigail Fitzwilliam HEAD OF ACCOUNTS Penelope Shaw PUBLISHER Loreto Carcamo Ethical Board Group Ltd | Ethical Boardroom Magazine | 1st Floor, 34 South Molton Street, Mayfair | London W1K 5RG S/B: +44 (0)207 183 6735 | ISSN 2058-6116 | www.ethicalboardroom.com | Ethical Boardroom | twitter.com/ethicalboard Designed by Yorkshire Creative Media | www.yorkshirecreativemedia.co.uk. Printed in the UK by Henry Stone Printers. Images by www.istockphoto.com All information contained in this publication has been obtained from sources the proprietors believe to be correct, however no legal liability can be accepted for any errors. No part of this publication can be reproduced without prior consent from the publisher.

www.ethicalboardroom.com

Winter 2018 | Ethical Boardroom 9

Commentary | Shareholders

Shareholder primacy: Is this concept fit for purpose? Organisations want an equilibrium between the legitimate interests of shareholders, stakeholders and controlling owners of companies Why do companies exist and for what purpose? The AngloAmerican model of corporate governance has traditionally maintained a simple formulation to these questions: for the benefit of shareholders, also known as shareholder primacy.

Th is concept was articulated by the academic lawyer Adolf Berle and the economist Gardiner Means in their classic book, fi rst published in 1932: The Modern Corporation and Private Property. Berle and Means are commonly regarded as having established the foundation for modern corporate governance, in an era in which listed companies and the development of public stock markets led to the separation of ownership and control of listed companies – and in particular gave rise to the phenomenon of dispersed company ownership by large numbers of minority shareholders.

The thesis

Th is doctrine of shareholder primacy has a simple and, in many ways, intuitive, logic. It holds that companies exist fi rst and foremost to promote the welfare of their shareholders as owners of a company’s stock – and hence as owners of the company itself. After all, it is shareholders who provide risk capital to companies with the goal of generating returns on invested capital. It is also shareholders who have ownership rights to elect (or potentially fi re) a company’s directors to oversee management, and presumably to protect shareholder interests from potential self-dealing by company management or other social pursuits which could distract the company in its mission of profit generation. It is therefore incumbent on company management and boards of directors to serve as agents of shareholders and to promote their interests by generating, if not maximising, profits for the purpose of shareholder wealth creation. Th is concept has a legal foundation through an oft-cited 1919 Michigan Supreme

10 Ethical Boardroom | Winter 2018

George Dallas

Policy Director at the International Corporate Governance Network Court decision, Dodge v. Ford Motor Company, in which the court stated that ‘a business corporation is organised and carried on primarily for the profit of the stockholders. The powers of the directors are to be employed for that end’. Th is shareholder-centric perspective was further popularised in a 1970 New York Times article by the University of Chicago-based economist, and Nobel Prize laureate, Milton Friedman, titled The Social Responsibility Of Business Is To Increase Its Profits. Fast forward to the 21st Century and the shareholder primacy torch still shines brightly in many circles, and is a convention of what is known as the ‘law and economics’ school of corporate governance, with its

It is easy to understand how equity investors take comfort in shareholder primacy and might feel threatened by other models of governance that may challenge their place in the corporate pecking order ideological roots well-established in both the US and the UK and other so-called Anglo-Saxon jurisdictions. Th is approach is commonly taught in leading law and business schools globally and it continues to have intellectually formidable proponents, including the Chief Justice of the Delaware Supreme Court, Leo Strine. Strine has suggested in various writings that the challenge to shareholder primacy is a ‘tired debate’, promulgated by naïve proponents of corporate social responsibility leading a ‘fantasy life’, without proper understanding of corporate law as it was written and intended. Under the shareholder primacy

model, those who advocate broader social or environmental corporate objectives or prioritise the needs of stakeholders who are not shareholders, are often dismissed as ‘special interests’ who could potentially distract corporate managers and boards from their overarching fiduciary responsibility to a company’s shareholders. In turn, the orthodoxy of the shareholder primacy principle is, not surprisingly, well-established in capital markets – particularly among equity investors and investment bankers domiciled in the Anglo-American markets. Indeed, it is easy to understand how equity investors take comfort in shareholder primacy and might feel threatened by other models of governance that may challenge their place in the corporate pecking order.

The antithesis

Yet challenges to shareholder primacy do exist. Th is is particularly so in continental Europe and Japan, where the purpose of the company does not centre exclusively on generating wealth for shareholders. Th is approach is often called a stakeholder model and in this wider view of corporate governance, shareholders are simply one of several key stakeholders, together with a company’s employees, customers, suppliers and even broader societal interests, including communities and the environment. The objectives of the fi rm involve seeking to find an optimal balance of stakeholder interests, of which shareholder wealth creation may be one of many variables in the equation. Th is stakeholder approach views the company as a social construct, not simply a means of wealth generation for shareholders. The respected UK economist John Kay has expressed support for this view, stating that ‘the economic success of the corporation is essentially bound up with its success as a social organisation’. A particular concern about the shareholder primacy model is that there is no single shareholder for companies and boards to focus on. While many institutional investors are investing on behalf of pension

www.ethicalboardroom.com

Shareholders | Commentary

plans and long-term savers, implying a long-term time frame, these shareholders are often viewed as overly focussed on short-term profitability – which may in fact have the effect of impacting negatively a company’s longer term performance and sustainability. Th is is a particular concern with hedge fund activism, where ownership horizons are often intrinsically short-term in nature. Critics of the shareholder model often point to this short-term orientation contributing to the recent financial crisis and argue that companies maintaining a short-term shareholder focus may pay insufficient attention to social,

environmental and ethical externalities that have longer term systemic implications. It is therefore of interest to observe that the UK government’s recent review on corporate governance in the UK concluded that ‘strengthening the employee, customer and wider stakeholder voice’ is one of the three main areas targeted for reform. To some extent this may reflect a degree of ‘German envy’ by the UK, given Germany’s strong manufacturing economy and the prominence of stakeholders (or at least employees) in German governance and decision-making. The UK government went so far as to suggest in a forthcoming review of the UK Corporate Governance Code that the Code be amended for companies to consider and report on one of three mechanisms to promote better stakeholder relations: a designated non-executive director, the establishment of a formal employee advisory council, or appointing to the board a director representative from the workforce.

Scope for synthesis: company primacy?

It is unlikely that staunch advocates of either shareholder or stakeholder models of corporate governance will be

persuaded to abandon one approach for the other. But can we use a dialectic approach to propose a synthesis that might include the best features of each model, while avoiding the worst? A recent Harvard Business Review article by academics Joseph Bowers and Lynn Paine presents a possible model for compromise, which they label as ‘company centric’, as opposed to shareholder centric. It effectively focusses on prioritising the success of the company as a whole, rather than on prioritising shareholders or any other stakeholder. It suggests that a successful company requires successful stakeholder relations and that this is the best way for sustainable wealth creation for shareholders. In many ways this is a compelling formulation and to some extent it is already reflected in Section 172 of the UK Companies Act, which defines the role of company directors in the fi rst instance as promoting the long-term success of the company itself. Th is Act does focus on benefits to company shareholders, but it also requires directors ‘have regard’ for stakeholder interests. In this approach there are no short cuts around respecting legitimate stakeholder needs in the management and governance of companies. That should help to meet objections and concerns of those favouring the stakeholder model. And for those who still insist on a shareholder model, the UK’s Section 172 goes part of the way there. But it is effectively a model of constrained optimisation, not profit maximisation. This aspect of the UK Companies Act is vague to many and has really not been tested in law. But given that one of the aims of the UK’s corporate governance reform is to flesh out what a balancing of shareholder and stakeholder interests means in practice, there may be broader scope in using this company-centric approach as a wider model to square the circle of the shareholder/ stakeholder debate.

A BALANCE OF INTERESTS Seeking corporate governance in which views can coexist sustainably

www.ethicalboardroom.com

Winter 2018 | Ethical Boardroom 11

Commentary | Conflict

Strengthening governance during crisis Five reasons to prioritise corporate governance in fragile and conflict-affected markets

Of all the critical needs facing countries dealing with fragility, violence or conflict, you may not expect corporate governance to top the priority list. But, in fact, the opposite is true. Nowhere is the link between lack of private sector growth, investment and economic opportunity and extreme poverty more direct than in nations torn by confl ict. Indeed, many of the world’s poorest countries are also those affected by confl ict or violence. In these very tough places, good governance practices can form the front line of defence, helping companies stay in business and enabling pushback against an all-too-frequent economic spiral downward into extreme poverty. Of course, corporate governance cannot fi x every problem faced by these nations. But it can make a real difference in preventing further economic destruction and setting 12 Ethical Boardroom | Winter 2018

Merima Zupcevic Buzadzic

IFC’s Corporate Governance Lead for the Europe and Central Asia region a solid course for recovery and growth. Here are five reasons why.

Corporate governance helps companies manage through crisis Studies have shown that strong and experienced boards, following clearlydefined protocols, are better positioned to make good decisions. At a time when speed is of the essence, such as when a country is in the grips of open confl ict, empowered boards and capable leaders can act quickly and decisively, sustaining the business, even in the midst of the worst. Once the confl ict subsides, well-governed companies stand a better chance of survival, with a more rapid return to normal business operations. One such Yemeni fi rm has shown remarkable resilience, despite the ongoing civil war. Helmed by strong leaders and a

strategically focussed board, the company expanded into Dubai as projects dried up at home. Not wanting to pull out of Yemen altogether – which would have meant a loss of precious jobs in a nation already burdened with high unemployment due to the war – the company retained its Yemeni team. Th is resulted in a competitive advantage for the fi rm: the lower cost of the company’s Yemeni services meant that they could offer lower prices to the Dubai market, thus attracting new clients and sustaining the fi rm, even as business opportunities in Yemen declined. governance strengthens 2 Corporate the institutions that are critical

to rebuilding fractured economies Corporate governance underpins sound legal and regulatory infrastructures, which are foundational aspects of well-functioning markets. Strengthening these institutions helps jump-start market recovery, enabling new investment, economic growth and job www.ethicalboardroom.com

Conflict | Commentary

A RAY OF HOPE DURING CONFLICT Good governance an offer direction to those in troubled places

broad-based support from among those who would be most impacted by the new guidance was a good indication of the appetite for sound corporate governance as a tool to enhance economic growth. As with Sierra Leone, we have found that companies in other fragile or conflict-affected countries are eager for broader institutional improvements. Such was the case in Kosovo, which has made real progress in the years since the end of armed conflict, although significant gaps in the nation’s regulatory structure remain. For one company, these gaps meant that it could not legally diversify to the extent that would support future growth plans. IFC worked with company leaders to devise an internal corporate governance solution that became a good work-around. We are hopeful that the positive outcome will trigger action on legislative fi xes.

frequently lead nowhere. Companies that have found ways to operate in the midst of war or upheaval – a time when formalised market structure and adherence to the rule of law are often among the casualties – may not be able to provide a completely clear or historically accurate asset picture. For potential investors, this lack of transparency raises major red flags. In general, investors are reluctant to provide financing for a fi rm that may have accumulated capital through uncertain means. Putting in place a strong information disclosure policy, along with other transparency safeguards, sends a positive message to investors that the company intends to address the information gaps going forward.

governance reduces 3 Corporate the risk of political interference

message to a demoralised country and the outside world Beyond the news stories that rightfully call attention to the human cost of confl ict and fragility, the under-reported reality in many unstable places is that life goes on. Companies and financial institutions continue to operate, albeit in severely curtailed form. Stabilising such firms is a critical lifeline for countries in trouble. Adherence to governance policies and procedures offers direction for company boards and executives who may have suddenly ascended to leadership as others with more experience depart for safer circumstances. A systematic approach to corporate governance can instil a much-needed sense of business-as-usual. Meanwhile, clear protocols enable flexibility to quickly change course at a time when the external environment is definitely not business-as-usual. When the immediate crisis is over and the economy begins to show signs of life, companies that have attended to governance fundamentals can move quicker to rebuild. They have in place tactics and strategy along with leaders who can move quickly to implement such plans. They also have greater ability to comply with new laws and regulations that will form the foundation of a revitalised economy.

in extremely volatile environments In fragile and confl ict situations, one cannot overestimate the intensity of political pressure faced by companies. Pressure comes from multiple sources, including local and regional power players and national level influencers. Companies in these markets cannot afford to completely disassociate from the In fragile and conflict political forces. But situations, one cannot they can mitigate the pressures. Bringing overestimate the together a strong and intensity of political experienced management team gives them access pressure faced by to outside market leaders companies. This and influencers who are not affi liated with a pressure comes from political party. Adding multiple sources, creation. They also capable and independent contribute to the directors can balance out including local and overarching goals undue political influence regional power of stabilising the on other board members, players and national political environment who may have ties to and restoring a sense the ruling party or other level influencers of normality for confl icting interests. society at large. The Businesses in challenging International Finance Corporation’s (IFC) markets are coming to understand that such work in Sierra Leone bears this out. changes can help them navigate difficult A country that had started on a path to political waters. In Iraq, for instance, we recovery following the end of the civil war have seen demand grow for professional in 2002, Sierra Leone faced devastating directors. The recent launch of the country’s economic setbacks in 2014 – the combination fi rst independent institute of directors of the drop in global commodity prices and – created with IFC’s support – is helping the ebola outbreak. Here, we are working to meet this demand, providing training with the country’s Corporate Affairs for potential directors and building a Commission to draft a national corporate database of qualified candidates. governance code. A collaborative effort Corporate governance gives companies that involves key market players, regulators a path out of the grey economy and business leaders, the code is designed Opacity is a huge challenge in fragile and to increase regulatory control, enhance confl ict markets. Following the money trail compliance, boost investor confidence and of capital accumulated during wartime can encourage more investment. Of note: the

www.ethicalboardroom.com

importantly, corporate 5 Most governance sends a powerful

Because IFC’s work takes us to some of the most difficult markets in the world, we understand the challenges faced by companies just trying to survive. We have experienced first-hand how difficult it is to sustain progress. But we also have been heartened by the perseverance of our clients, such as a prominent Afghan financial institution that is pushing ahead with major corporate governance improvements, despite so many other conflicting priorities. The reason? The bank is hoping to attract foreign investors who might otherwise not want to engage, given the instability of the market. Corporate governance is a key to unlocking that door. Winter 2018 | Ethical Boardroom 13

Commentary | Corporate Silence

To speak or not to speak? How should public corporations behave when they perceive that democracy is failing and their government simply does not have a clue as to the consequences of its actions? That is, assume that the business community feels not just that the government’s policies are wrong (a standard perception), but that the government in general has become paralysed, confused and dysfunctional. After populist revolts in both the US and the UK in 2016 produced Trump and Brexit, this perception of government as dysfunctional (to the point of derangement) is now common in both nations. Once, the sound answer to the opening question was that corporations – at least in their public statements – should steer clear of political issues and remain neutral. But that default rule may no longer make sense today. In the US, populism has produced a reckless and unpredictable style of leadership in which the chief executive might, on any given day, say or do almost anything (often preceded by a late-night outburst on Twitter in lieu of a formal position paper). In the UK, populism has resulted in Brexit, as interpreted by a government that declines to say what Brexit means. Both styles pose problems for corporations that expect governments to behave, well, like governments: consistent, rational and mature. So, what should a large corporation do that will be impacted by these decisions (or non-decisions)? The old rule was to suffer in silence (and perhaps lobby intensively in private). But that rule is under pressure in different ways. In the US, a public corporation may find itself attacked without warning by the President in a late-night ‘tweet’. The most recent example in December (and there have been a host of others) involved Wells Fargo, a much-troubled and criticised US bank, which awoke to find that overnight the President had tweeted that he wanted an independent administrative agency to impose far tougher penalties than it had in fact imposed, because he thought the bank had cheated its customers. Although the President has a general responsibility for law enforcement under the US constitution, the President does

14 Ethical Boardroom | Winter 2018

When does corporate silence fail the public? Professor John Coffee

is the Adolf A. Berle Professor of Law at Columbia University Law School and Director of its Center on Corporate Governance not run independent administrative agencies and never functions as judge or jury. After recurrent such episodes, corporations (and their boards) that are in the public spotlight have to plan in advance how to respond to these now foreseeable attacks. In the UK, where manners matter more, personal attacks from the Prime Minister remain unthinkable, but the problem for the UK is that time is running out. Procrastination may make political sense, but it invites economic disaster. Many major corporations – whether US, UK, or European – face approaching deadlines. By some point, perhaps as early as the end of the fi rst quarter of 2018, they have to decide whether to shift assets and personnel outside of the UK. Their decisions may depend in large part on whether they see a ‘hard’ or

Politics tends to produce polarised positions. But major business institutions could play a more statesmanlike role — especially if they can form a coalition that offered white papers and carefully substantiated estimates of the costs of various options a ‘soft’ Brexit coming. But on this topic, Prime Minister May’s government is less than forthcoming and apparently deeply divided. Meanwhile, the EU is sending ‘be prepared’ memos to targeted UK companies, warning them that their UK operating licences will not be valid in the EU after March 2019. Obviously, pressure is being applied. If the problem in the US is a government that is reckless, the problem in the UK is one that is indecisive (and even self-contradictory). Nonetheless, the position of public

corporations in both the US and the UK is remarkably analogous. In both, the corporate sector generally favours free trade and liberal immigration policies (particularly in hi-tech industries where the need to import skilled employees is pressing). But opposition to immigration and (to a lesser extent) free trade was at the core of both Trump’s election and the Brexit vote. The quandary thus becomes what a major corporation dare say in public without sounding as if it is disdaining the decision of a democratic majority. This will require some diplomacy and finesse. In all likelihood, anything perceived as a ‘threat’ will backfire (i.e. ‘unless the UK stays in the single market, we will move 8,000 employees to Frankfurt and Paris’ – that’s a threat, even if veiled). However, a major corporation or financial institution can and should be transparent. Thus, it may be appropriate to say: ‘Our current contingency plans require us to reposition at least 2,000 jobs to Europe by 30 June and probably more later, up to a total redeployment of 5,000 employees, depending upon the course of the continuing Brexit negotiations’. The latter disclosure focusses on the cost of a ‘hard’ Brexit and provides real information. It thus counters the ‘alternative facts’ that some Eurosceptic proponents of a ‘hard’ Brexit have offered (namely, that a net migration of jobs from the UK will not occur). Some industries in both countries face acute problems. In the US, the North America Free Trade Agreement (NAFTA) has for a quarter of a century spurred economic activity on both sides of the Mexican and Canadian borders. But if Trump cancels it (as he has threatened), the investments that American fi rms have made on the far sides of both borders are imperilled and American agribusiness simply cannot operate without migrant labour. None of this has yet been recognised by a President who rarely descends beneath broad generalities. In the UK, some industries – most notably pharmaceuticals, chemicals and aviation – have come to depend on industry codes and standards, as specified by European agencies and interpreted by the European Court of Justice. If the UK leaves this single market, these industries face regulatory chaos. Still, publicly asking for continued regulation by EU agencies (and the much-disliked European Court) remains politically unacceptable – at least until the consequences of a ‘no deal’ departure from the single market are made clear.

www.ethicalboardroom.com

Corporate Silence | Commentary

Both sides, of course, should share the blame. In contrast to the indecision of UK political leaders, many EU political leaders have openly indicated a desire to retaliate against the UK, in part by requiring that certain trading and clearing operations now based in London (for example, Euro currency trading and related derivatives) move to the Continent. Although politically attractive, this policy would be economically very costly to the international banking system. That cost and the resulting inefficiency needs to be stressed to Europe (both its leaders and its led, with the point being clearly made that it would drive up costs to European users). None of this may stop politically motivated leaders, intent on playing symbolic politics. But such efforts might help achieve at least one short-term goal: obtaining the longest possible transition period. As the costs of Brexit begin to be borne over this period, compromise may become more feasible. More generally, the old consensus that corporations should ‘stay out of politics’ (except for quiet lobbying) must be updated. To be sure, it is prudent to avoid endorsing or offending specific political leaders, but the corporate sector (and particularly non-UK companies) should stress to both UK and EU audiences the policies that are critical to it (e.g. free trade, relatively open immigration and a ‘soft’ Brexit) and the adverse consequences that will fall on both sides if those policies are abandoned. Some sceptics will retort: ‘who trusts corporations (and banks in particular)?’ But, in a world of ‘fake news’ and ‘alternative facts’, well-known corporations and financial institutions could become gatekeepers for honest and accurate information, in effect playing the functional role of an auditor of facts and the likely impact of policies. Yes, this role has its risks, but if no credible gatekeeper exists to undertake this role (and if the once authoritative role of the media has been weakened in this post-digital era), then an underinformed public is left to choose between overstated alternative scenarios offered (with much passion but less objectivity) by rival political parties and factions. Necessarily, politics tends to produce polarised positions. But major business institutions could play a more statesman like role – especially if they can form a coalition that offered white papers and carefully substantiated estimates of the costs of various options. Predictably, significant coalitions will form only around significant

www.ethicalboardroom.com

issues. In the US, such efforts could focus on the cost of abandoning NAFTA, which most US businesses strongly support, but which is a favourite Trump target. In the UK, the need to stay in the single market (by whatever semantic compromises work to achieve this end) should be the primary goal. A ‘no deal’ Brexit is the least acceptable option. None of this rejects the majority’s right to decide, but rather helps inform future decisions. To be credible, these coalition papers would need to use and consult with respected experts (inside and outside academia) and be endorsed by a broad cross-section of fi rms. Ultimately, these efforts might prove futile, but continued silence in the face of an impending crisis makes no sense. Silence implies consent, but consent is hardly what the corporate world should signal today. Rather, it should sound the alarm.

DON’T SUFFER IN SILENCE The corporate world needs to speak out in a diplomatic way

Winter 2018 | Ethical Boardroom 15

Commentary | ESG

The new rise of ESG Engagement, activism and passive investment are converging around environmental, social and governance issues In early January, activist hedge fund JANA Partners and the California State Teachers’ Retirement System (CalSTRS) announced a remarkable partnership. Together, the two investors sent a letter to the board of Apple Inc. asking the company to take steps to combat what they termed the ‘unintentional negative consequences’ of the overuse of technology by children and teenagers.

What makes this new shareholder campaign unique is not the actual request, but what it signifies – the fully-fledged emergence of environmental, social and governance (ESG) topics into the mainstream of almost all areas of investing, including activism. 16 Ethical Boardroom | Winter 2018

Abe M. Friedman

Chief Executive Officer, CamberView Partners Understanding the forces that helped to create this phenomenon, and how it has grown alongside the rise of passive investing and shareholder engagement, is instructive in determining where this trend may go next.

ESG and the rise of passive investing

While the origins of incorporating ESG factors, such as climate risk, diversity and human capital management, into investing, lie in the world of socially responsible investing, it is the emergence of index investing that has catapulted these topics into the mainstream. Here’s why: as assets shifted into passive strategies over the last decade, shareholder registers have been reshaped. According to a recent Morningstar report, global assets under management in

traditional index funds and electronically traded funds (ETFs) have grown to $8.1trillion, up from $1.8trillion a decade ago. Th is has corresponded with a dramatic rise in total market share of passive funds over the same time period: 17 per cent to 36 per cent in the United States, 17 per cent to 42 per cent in Japan and seven per cent to 16 per cent in Europe. Th is market shift has led to a concentration of assets under management within passive strategies of three major global players – BlackRock, State Street Global Advisors and Vanguard – which now collectively manage more than $14trillion. These large passive funds, which take in hundreds of billions in new assets annually, are in an ever-present fight for market share amid downward pressure on fees. Because competing solely on costs has become increasingly difficult, index investors must continue to differentiate themselves by identifying topics that matter to the asset www.ethicalboardroom.com

ESG | Commentary FOCUS ON ESG More investors are putting environmental, social and governance issues at the centre

owners deciding which index asset manager can be trusted as the best steward of capital.

ESG and shareholder engagement

It is this competitive dynamic that has helped to jumpstart one of the main drivers of the rise in prominence of ESG topics in investing: the growth of shareholder engagement. The current push for more disclosure and engagement on governance in the US can be tied to a series of external events that brought the importance of risk management into stark relief. The oversight failures of accounting fi rms and a handful of public companies in the early 2000s followed by the financial crisis spurred increased investor interest in understanding how boards were overseeing business risks. Importantly, Dodd-Frank reforms brought about the advent of say-on-pay, a new platform for annual votes on executive compensation. www.ethicalboardroom.com

It was the sensitivity of boards and management teams to votes on compensation that triggered an uptick in outreach by issuers seeking to understand the perspectives of their investors. Over time, those conversations became more frequent (in 2017 nearly three-quarters of the S&P 500 disclosed that they engaged with shareholders in their proxy statement) and also more robust. Discussions also began to include other issues of interest to investors, such as board independence and composition, climate risk, political spending and employee working standards.

ESG goes beyond mainstream investing

To better understand what new directions ESG topics in investing may take, the JANA/ CalSTRS example is illuminating. Hedge fund activists have traditionally focussed almost exclusively on economic issues in their campaigns. However, most activist campaigns are also driven by a ‘hook’ – an easy-to-grasp reason why a company would benefit from that investor’s intervention. Over the past several years, one trend in activism has been the rise of governance topics used as hooks – excessive CEO compensation, The evolving landscape voting thresholds and the independence of The landscape of engagement and ESG directors are common issues that are layered matters has continued to evolve. Today, index on top of existing economic criticisms. As investment firms hold increasingly prominent activists have become increasingly focussed positions in shareholder registers. With no on winning the support of proxy voting option to sell the shares they hold as long teams at institutional investors in their as a company remains in the index, index campaigns, they have become more adept investors are facing pressure from regulators at incorporating messages that speak to the and the markets to demonstrate that concerns of this bloc of voters. they are looking out for investors’ interests. While several activist campaigns in recent The past several years have seen an uptick years have focussed on criticisms of board in CEO letters and other communications oversight of environmental and social topics, from the big three investors on the the JANA/CalSTRS partnership signalled the importance of managing ESG risk topics opening of a new front. Not only was this an as well as commitments to enhance the size activism campaign co-led by an institutional and breadth of investment investor focussed solely stewardship teams. As these on a social topic, but it As activists engagement strategies have also served as the launch become ‘best practices’, the of a fi rst-of-its-kind have become impetus for smaller asset sustainability-focussed increasingly managers to beef up their own activist fund. As activist engagement efforts on ESG market participants come focussed on topics has also increased. under pressure to satisfy winning the With several years of commitments to clients and support of proxy organisations, such as the engagement now under the belts of many issuers and Principles for Responsible voting teams investors, the equation has Investment, around ESG at institutional begun to shift yet again. In goals, and seek to more instances in which issuers’ investors in their effectively position response to engagement and build campaigns, they themselves is viewed as ineffective by relationships with a broader investors, there are now group of investors, these have become consequences at the ballot tactics may become more adept at box. For example, while increasingly common. incorporating shareholder resolutions on With the 2018 proxy environmental topics for many season fast approaching, messages that years failed to garner more a few trends are clear. speak to the than 20 per cent of votes Institutional investors will cast, in 2017 climate change concerns of this continue to put ESG topics disclosure resolutions passed front and centre with their bloc of voters for the first time at several portfolio companies. Issuers major energy companies. will need to be prepared for Large institutional investors are making further escalation of this pressure by clearly their voices heard in other ways, too. Last year, demonstrating the rigour with which State Street Global Advisors voted against management and the board evaluate, disclose directors at 400 companies it believed had and manage ESG risks through proactive not made efforts to increase board diversity engagement. Activists will continue to and the New York City Pension Funds began a explore new avenues to gain leverage over new campaign seeking enhanced disclosure companies while satisfying the demands of of the diversity, traits and skills of board their own investors. Where the sustainability directors. In 2018, issuers can expect even trend heads next will be determined by the greater support for these types of disclosures dynamic intersection of passive investing, from investors across the spectrum. engagement and activism. Winter 2018 | Ethical Boardroom 17

Global News Asia Singapore seeks feedback on governance code Singapore has unveiled plans to strengthen its code of corporate governance to ensure that boards of listed companies comprise independent directors who will act in the interests of all stakeholders. The Corporate Governance Council in Singapore is proposing to enforce a ‘nine-year rule’ that will reassess whether such directors qualify as independent after that long in the role. Another recommendation in the Council’s consultation paper requires that directors will

only be considered independent if his or her shareholding does not exceed five per cent of the company, down from the current threshold of 10 per cent. Mr Chew Choon Seng, Council chairman, said: “The package of recommendations takes into account the changing business environment and the diverse views of various stakeholder groups that the Council has engaged. The streamlined Code is shorter and concise.”

Hong Kong proposes tighter scrutiny of auditors Hong Kong has unveiled new measures to enhance regulatory oversight over auditors of listed companies in a bid to attract more foreign investors. A proposed bill seeks to give the Financial Reporting Council (FRC), the independent oversight body for auditors of listed companies in Hong Kong, direct powers to inspect, investigate and discipline auditors of listed entities if complaints are made against them. “The bill will enhance the existing regulatory regime for auditors of listed entities, allowing it to be independent from the audit profession, thereby providing better protection to investors,” said James Lau, secretary for financial services and the treasury.

Axiata commits to transparency drive Malaysia’s Axiata, one of Asia’s leading telecommunications groups, has pledged to be ‘corruption free, bribe free, graft free and to practice and uphold the highest levels of integrity and corporate governance’. The group, which has a presence in 11 countries across ASEAN and South Asia, made its pledge in the presence of the Malaysian Anti-Corruption Commission team.

18 Ethical Boardroom | Winter 2018

Axiata president and group CEO Tan Sri Jamaludin Ibrahim (right) said: “As both a leading international telecommunications group and a government-linked company, Axiata is honoured to be a part of this move driving towards greater levels of transparency, governance, integrity and ethical standards, not just in Malaysia, but across all of our markets.”

Compliance angst triggers director exits More than 150 independent directors in India have resigned in the last two months due to ‘stringent regulatory interference by the market, banking and insurance watchdogs’, according to market tracker Prime Database. Data shows that since January 2017, 982 independent directors have resigned, the International Business Times reports, with many saying that a surge in regulatory scrutiny could lead to more independent directors quitting in the future. “The responsibilities of independent directors have become quite onerous and penalties very severe, while the company information available to independent directors is rather limited,” said Arun Duggal, an independent director and non-executive chairman at ICRA Limited (formerly Investment Information and Credit Rating Agency of India Limited).

China ramps up banking oversight China Banking Regulatory Commission (CBRC), the country’s top banking regulator, has pledged to tighten oversight in the banking sector and make regulatory standards stricter. “Banking shareholder management, corporate governance and risk control mechanisms are still relatively weak, and the root causes that create market chaos have not fundamentally changed,” the CBRC said in a statement. The regulator said that violations in corporate governance, property loans and disposal of non-performing assets will be punished more strictly. In January, the CRBC said it had fined Shanghai Pudong Development Bank $72million for providing loans illegally — one of the biggest penalties handed out so far in China’s crackdown. www.ethicalboardroom.com

Asia | Governance in Japan

Nicholas Benes

Nicholas proposed Japan’s Corporate Governance Code and is Representative Director of The Board Director Training Institute of Japan

Governance policy in Japan: Kicking the can down the road? Companies may no longer think they can ignore corporate governance, but there is still a lackadaisical approach to implementation

Japan recently held an election that was essentially a conﬁrmation referendum on ‘Abenomics’ – a growth policy for which corporate governance reform is the poster child of the most important policy theme, ‘structural reform’. Especially in the absence of labour market reform, it alone can lead to a signiﬁcant increase in productivity and growth.

Unfortunately – unbeknown to the man on the street – specialists sense that Japan’s governance reform train is in danger of losing its momentum, when much still remains to be done. To some extent this was inevitable. Most politicians don’t understand the deeper issues and what to propose next. Bureaucrats are always happy to declare victory, so they can get promoted to new positions. Despite all the hoopla over Japan’s Stewardship Code, most Japanese domestic institutional investors still have not acquired the courage to voice concrete, specific opinions in the policy arena. Talk about ‘constructive engagement’ and more proactive proxy voting makes most investors in any country worry about ‘more costs… and less profit’. So, they hold back all the more. 20 Ethical Boardroom | Winter 2018

In the absence of more (and more detailed) pressure from investors, most executives only make the superficial changes in governance practices that will least disturb their organisation and the stability of their careers, regardless of the impact on long-term profitability, growth and even sustainability. Judged by their actions, many of them are hypocrites, who talk about long-term thinking, but ‘kick the can down the road’ as they wait to retire and move on to cushy jobs as ‘advisors’ that carry no legal liability. As with policymakers, it is just so much easier to do little and move on. While significant progress has been made, Japan’s corporate governance problem, and the low productivity that comes with it, is not going to be optimally solved tomorrow at many firms. Quite simply, there is still a lot to fix here. Conversely, that means that the potential benefits are huge, but it will take time for them to be realised in full and more significant progress will require specific demands from investors. But if those benefits do not become more visible in the next few years, foreign investors will surely move on… by moving out. This would not bode well for the future of Japan’s economy, which needs their continued market participation and voice. If you sit on a board, talk with investors and extrapolate the government’s own policy logic, the most important ‘next reforms’ that the government should take are not all that mysterious. They are:

TINKERING ON THE EDGES Many executives talk the talk but take very little action

www.ethicalboardroom.com

Governance in Japan | Asia

Use the Company Law amendment process, now under way, to prescribe ﬁduciary duties for the many shikkou yakuinn ‘executive oﬃcers’ who do not sit as elected directors but manage the company at a senior level alongside executive directors and are often later ‘promoted’ to director status. There is clear precedent to do this, as executive officers in one form of corporate governance in Japan, the ‘three-committeestyle company’ already bear the same fiduciary duties as directors per the company law and can be sued by shareholders for violating their duty of due care. However, unsurprisingly, only about three per cent of Japanese listed companies use the ‘three-committee-style company’ governance format, which is voluntary. At the other 97 per cent of listed companies, most so-called ‘executive officers’ are nothing other than employees under the labour law, who have to obey orders (or nonverbal ‘expectations’) from their ‘seniors’ on the board and cannot be sued by shareholders for malfeasance. ‘Shikkou yakuin’ is just a title; it is a phrase that does not appear anywhere in the company law.1 The result is that when such persons are later appointed to the board, they not only have no prior board experience (and usually, no governance training), but they also have no prior familiarity with the concept of fiduciary duty owed to the company and shareholders. To quote from a recent article by a compliance expert writing recently in the Nikkei Newspaper: “Japanese companies are based on the practice of hiring all of their employees out of university and employing them for the long term… In the process, directors are promoted and advance in a ‘community’ Unfortunately and come to feel that they are the ‘selected few’ in that — unbeknown to community… Senior executives the man on the have advanced for so long as street — specialists ‘employees’ that it is difficult sense that Japan’s for them to be aware that they have fiduciary contracts governance with the company based on the company law and that reform train is in are subject to its rules.”2 danger of losing its they Obviously, directors need momentum, when to be made aware of such rules to their appointment as much still remains prior directors, not ‘after, if at all’. to be done For this reason, I have suggested the codification of fiduciary duty for executive officers for years. And in fact, last April the Ministry of Economy, Trade and Industry (MET) proposed the exact same thing in a memo submitted to the Company Law Advisory Council, but it appears to have been completely ignored by the other members of the Council. Japan’s political leaders should not let METI’s good work go to waste in the final stages of the amendment process. www.ethicalboardroom.com

Winter 2018 | Ethical Boardroom 21

Asia | Governance in Japan use the company law 2 Similarly, amendment process to harmonise key

aspects of the confusing array of three different corporate governance models that listed companies can adopt. By doing this, the Ministry of Justice could move Japan towards a more consistent version of the monitoring model for governance that has become internationally accepted, is now frequently mentioned here, and is reflected in Japan’s own corporate governance code. A more consistent version of monitoring, reflected in the law, would have a beneficial impact on the mindsets actions of both executive and non-executive directors. with the monitoring model, 3 Consistent revise the Corporate Governance Code

next year (as is now scheduled) so that the criteria for claiming full compliance with the code requires a majority of independent directors on a company’s board and if there is not compliance, an explanation of the company’s reasons for not appointing them. Research shows that in most countries of the world, including Japan, companies with a majority of independent directors tend to out-perform those without them, especially when the shareholder base is fragmented and there are no large holders who drive governance. 3

described above, this is an increasingly obvious issue that needs addressing.

Create strong incentives for corporate pension funds to sign the Stewardship Code, for example via disclosure to their employees and pensioners regarding their stewardship policies. Although hundreds of institutions (mainly fund managers) have signed the voluntary stewardship code, the signatory list includes only two non-financial corporate pensions. As huge asset owners, pensions are the biggest customers of fund managers and as such are best-positioned to influence their analysis, engagement and proxy voting practices by switching funds to the managers who are most dedicated. Oddly, Japanese companies pride themselves on how much they value employees, yet neglect employees’ pension assets by failing to sign the stewardship code and report how

policies that will strongly 4 Adopt encourage companies to further

reduce unnecessary cross-shareholdings, which are usually just a not-so-subtle way of buying approval votes at the AGM from stable shareholders – something that technically is a punishable crime under the company law and wastes valuable capital or puts it at risk. A combination of tax incentives and enhanced disclosure would work nicely. Unsurprisingly, an increasing body of research shows that the level of such ‘policy holdings’ correlates with slower restructuring, less entrepreneurial investment and lower financial performance by Japanese companies, rather than raising profitability, as is often claimed.4 forth clearer guidance regarding 5 Set the allowable topics and exact

procedures that will provide institutions with bright-line sanctuary when they seek to coordinate their views and ‘collaboratively engage’ with Japanese companies. The Financial Services Agency (FSA) should work with institutional investors and respected law firms to bring this about, as was done in the UK by The Investor Forum when it fashioned its Collective Engagement Framework last year. As things stand now, investors fear that they may be reprimanded for not filing – or not updating – a bothersome large holders’ report (as a group) every time they attempt to communicate with a company in their portfolio. Given Japan’s continuing cross-shareholder problem as 22 Ethical Boardroom | Winter 2018

BY THE SCRUFF Incentives will aid reform

they have handled those funds. Why? Japanese companies are afraid that if their pension funds become more proactive, those same governance and proxy voting practices might boomerang on them at their own shareholders meeting. Recently, a study group set up by the Ministry of Health, Labor and Welfare (MHLW) and the Pension Fund Association for the express purpose of encouraging corporate pension funds to sign the stewardship code, issued its report. As a result, it is rumoured that the huge pension funds of two iconic companies, Toyota and Panasonic, are now considering signing the stewardship code. (And as of this writing, it appears that Panasonic’s pension fund will sign.) If such firms sign, others will follow, because it would be embarrassing in front of employees not to sign. A little push from the government, via required disclosure, would be very easy to put in place and likely to be highly effective.

more convenient ESG analysis 7 Enable by investors by improving disclosure

data formats and databases so that data can be used free of copyright concerns and in machine-readable form, and can be easily analysed using artificial intelligence and text-mining methods. Japan has an open data national policy that professes to do this for all public data, but it seems that so far corporate disclosure has not been considered public data for purposes of this policy, even though it is in the public domain, is intended for unhindered public consumption and is provided to and by government agencies (such as the FSA) or stock exchanges that they regulate. Thus, the result of the corporate governance code that I initially proposed for Japan has been that (as I intended) there is now much more disclosure about governance practices at each company to analyse, but: a) data providers are afraid of infringing copyrights held by corporations if they provide the full text of reports in a database; and b) sadly, not enough of the new data is being analysed and compared. Moreover, the TSE is not policing the quality and formatting of disclosure. As one simple example, TSE has, by its own hand, taken 11 completely separate disclosure categories in its corporate governance reports and lumped them under a single XBRL identifying tag: ‘disclosure items’. This makes it impossible for a computer to automatically find and separate the 11 disclosure items into the categories to which they pertain – for example, compensation policy, nominations policy, director training policy and the like. It would be a simple matter for the FSA, as regulator of the TSE, to order the latter to correct this mistake, which makes a mockery of the use of XBRL. At this point, without strong, steadfast political guidance emanating from the Prime Minister’s office and the LDP, these policies are unlikely to be put in place. If they are not, the biggest contributor to productivity enhancement will fail to achieve its potential. Because the LDP won the November elections by a wide margin, one of the following will occur: 1) either the Prime Minister, the LDP and government officials will be even more tempted to declare victory and will become preoccupied with amending the constitution; or 2) they will view their election victory as the clearest possible mandate to double-down and maintain momentum on corporate governance reform. Let’s hope it will be the latter that history records. 1 Amazingly, given that a literal translation of the word would be “executive board member”, which fact makes the title rather misleading and even raises legal concerns about “apparent authority”. 2The Cause of Scandals is the Influence of a Sense of Unity, by Juichi Watanabe writing in the Nikkei Newspaper, Dec 22, 2017. 3See Corporate Governance Codes on Board Composition and Firm Value, by Michele Catano, Naoshi Ikeda, 2016. 4See Enjoying the Quiet Life: Corporate Decision-Making by Entrenched Managers, by Naoshi Ikeda, Kotaro Inoue, and Sho Watanabe (NBER Working Paper No. 23804, Sept 2017).

www.ethicalboardroom.com

Equilar Diversity Network Build a Better Board Available exclusively in

BUSINESS LEADERSHIP COUNCIL

Women on Boards

Women’s YPO Network

CONNECTING WOMEN WHO LEAD

Equilar is excited to partner with KPMG and Semler Brossy on a thought leadership and webinar series to bring more awareness to the critical issues of board composition and diversity. For more information, visit

www.equilar.com/boardedge www.equilar.com/diversity

Cover Story | Red Eléctrica

AWARDS

RED ELÉCTRICA From left-right: CEO Juan Lasala, Secretary of the Board of Directors Rafael García de Diego and Chairman José Folgado

WINNER 2018 EUROPE ELECTRIC POWER TRANSMISSION

Red Eléctrica: Open and sustainable Ethical Boardroom talks to Red Eléctrica on the company’s agile governance practices and its mission to ensure transparency for shareholders ETHICAL BOARDROOM: Many congratulations on scooping an Ethical Boardroom Corporate Governance Award for the second year running. What does it mean to Red Eléctrica to be recognised once again as a regional governance champion among its peers? CH: It is a great honour for us to receive this prestigious award for the second consecutive year. Undoubtedly, it is an ongoing objective of the board of directors to remain at the forefront of good corporate governance

24 Ethical Boardroom | Winter 2018

José Folgado, Juan Lasala & Rafael García de Diego

Jose is the Chairman, Juan is the CEO and Rafael the General Counsel and Non-Director Secretary of The Board of Directors (CG), which is an element that is also highly valued by our shareholders. For that reason, every year we gear our efforts towards listening to the investor world, the proxy advisors, our corporate advisors, the specialists and evaluators in this field and, in general, to all stakeholders that have something to say regarding this area. We are

aware that ethics and integrity are values shared by society as a whole and that they need to be an intrinsic part of the foundations that the business world must uphold. We must lead by example if we want to be leaders in corporate governance. Th is commitment is demonstrated through actions, not merely through statements.

www.ethicalboardroom.com

Red Eléctrica | Cover Story As Aristotle said: ‘“We are what we repeatedly do.” We try to advance a little more each year, which is a real challenge for the board of directors and for the company. What is really important is that others, such as the Ethical Boardroom Magazine, be those who evaluate us and tell us if we are on the right track or if we should take a new path. EB: Why is it important to have environmental social governance (ESG) at the heart of your business operations? CH: In 2015, the annual Extel Independent Research in Responsible Investment Survey, passed this question on to investors and specialists in the field of sustainability, asking them to indicate, on a global level, which companies they would highlight. Red Eléctrica was ranked among the top 10, along with other highly renowned companies, such as Apple, Microsoft, H&M, L’Oréal and Unilever. We believe that this is how sustainability is given the importance it deserves. When we carry out our business activity as a Group, we must consider as priorities those goals related to environmental protection, our own employees and other external stakeholders, and do so by applying good corporate governance practices, carried out within a framework of ethical business conduct and transparency. If we rank these goals at the same level as those that are essential for any company to obtain the maximum financial return for its shareholders, then we will be able to pursue the ESG goals with the same intensity as the economic ones and we will be able to successfully integrate them into our corporate culture. That is the way to make our business sustainable, generating confidence and contributing to the progress and economic and social development of our world. Sustainability must be a key factor in corporate business. This is what Red Eléctrica understands, and this is how it is being recognised by top-class international professionals and evaluators. In this regard, I would like to highlight that Red Eléctrica was recognised in 2017 by the Dow Jones Sustainability Index (DJSI) as the best company in Europe and in the world in sustainability in the Electric Utilities sector and leader in the Utilities supersector (electricity, water and gas sector), with an overall score of 93 points; a score that is even higher than that of the last winner. Similarly, the EFQM (European Foundation for Quality Management) organisation, which has recently evaluated us, has awarded us 718 points, which places us among the most recognised Spanish and European companies regarding excellence and quality. Due to the fact that sustainability is a priority for Red Eléctrica, we have recently

www.ethicalboardroom.com

signed an amendment to our syndicated loan, amounting to €800million, to convert it into ‘green’ financing, becoming the first company in the Spanish electricity sector linking the interest rate of such loan, not only to the credit rating, but also to the fulfilment of sustainability goals approved by an independent agency specialised in sustainability, such as Vigeo Eiris. EB: Red Eléctrica was one of the first IBEX 35 companies to separate the chairman and chief executive officer roles, what was the reasoning behind this? CH: In March 2012, on the occasion of my re-election as member of the board, in view of the unanimous position of the foreign institutional shareholders and the main proxy advisors that demanded the separation of the chairman and CEO roles, a document called Statement On Key Issues Of Red Eléctrica Corporation (REC): A Corporate Governance Approach was

To propose such a decision to the shareholders at the extraordinary general meeting convened voluntarily and exclusively for this purpose three years later, the board analysed in detail the new organisational model with the separation of both positions and considered that it would not only contribute to maintain the appropriate balance of powers in the composition of the board of directors and improve the corporate governance structure of the company, but it would also facilitate the fulfilment of the objectives and strategies set out in the group’s strategic plan and contribute to the appropriate sustainable development of its diverse areas of business. Time is proving it was the right decision, as the new model with the separation of positions, is working perfectly, in a very effective manner, thanks also to the excellent coordination that exists between the CEO and myself in the performance of our respective duties and responsibilities.

EB: Could you highlight some practices that are indicative of the level of effectiveness of Red Eléctrica’s board of directors and tell us why it is essential for the growth of the company? CH: If the board works effectively and efficiently, it will help optimise the review process of our strategies and contribute to the development of our corporate businesses. The board is the essential engine and lever of good corporate governance and of the company’s strategic framework. Let us take a look at some practices undertaken by Red Eléctrica in this regard. It is a small, effective and efficient board. It only has 12 members, it has a non-executive chairman, a CEO, We are aware that three external nominee ethics and integrity directors proposed released with the by a state holding are values shared purpose of serving as company – SEPI by society as a support and justification – and seven for the proposal of my independent directors. whole and that they re-election as a board It holds a minimum need to be an member, at the time still of 11 ordinary sessions of an executive nature, intrinsic part of the per year and any at the general meeting. extraordinary ones foundations that In this document, the that are deemed company undertook necessary, with an the business world to adopt certain measures average duration of must uphold to counterbalance more than four hours the powers and per session. In addition, responsibilities of the then unified position before each session, members are given of chairman/CEO, to ease the way to the a presentation, lasting approximately definitive separation of said positions once 1.5 hours, on relevant topics included the new organisational model was mature in a previously approved annual directors’ enough to be implemented effectively. training and information plan, in order Therefore, the decision was the result of to keep the board fully informed about direct engagement with our shareholders. matters of special interest to the board. SPANISH SEAT Red Eléctrica’s head office is in Madrid

Winter 2018 | Ethical Boardroom 25

Cover Story | Red Eléctrica There are no delegated committees created expressly by the board (except for the statutory audit and appointments and remuneration committees), because it is the board itself as a body, which directly assumes the supervision of the management and execution of the Group’s strategic plan. The commitment of the board, as a chartered body, and of the board directors, in a personal way, is absolute. A clear indication of said engagement is the extremely high annual percentage of attendance at board sessions, which according to figures published in 2017 is nearly 98 per cent – said data is published both on an aggregate and individualised basis by director in the annual corporate governance report. The board spends a lot of time discussing strategic topics or relevant issues. In 2017, several presentations and long debates on digital transformation have been conducted on possible changes in the energy sector or in the corporate businesses and on new opportunities, in both a short and long-term time horizon. Given its importance in order to improve the functioning of the board, several sessions have been devoted to the annual self-evaluation process of the board, with the support of an independent consultant. In 2017, the board drafted a detailed induction plan (welcome plan) for new board directors, to facilitate their incorporation in an agile and efficient manner. EB: Gender board diversity is a very hot topic in Spain. What progressive steps has Red Eléctrica taken over the past 12 months to ensure that equality and non-discrimination are at the forefront of its business? CEO: The company applies the principle of promoting the diversity of knowledge, experience and gender in the composition of the board of directors and its committees, contained in the CG policy approved in November 2014, as an essential factor to achieve its business objectives from a diverse and balanced vision. Many years ago, the board undertook commitments in terms of gender diversity. In 2017, a new female external nominee director was appointed to the board in replacement of a male director. Currently, four of the 12 board members – representing 33.3 per cent – are women. Th is places the company at the top of the IBEX 35 and above the target of 30 per cent established in the Spanish Good Governance Code of listed companies for the year 2020. In addition, our lead independent director (LID)is a woman. Every year a report on gender diversity on the board and in the organisation is drafted and approved by the board of directors, containing extensive information, which this year will be again available on the corporate website. 26 Ethical Boardroom | Winter 2018

As you know, socially responsible investment indexes are beginning to emerge that only consider investment in companies that foster gender diversity on their boards and within their organisations. In this regard, I would like to mention the Solactive Equileap Europe Gender Equality Index, which only selects 25 European companies leading the field in gender equality, among which Red Eléctrica is included. In any case, we believe that diversity on boards of directors should be understood in a broader sense, so that the diversity of experience, knowledge, age, ethnicity, nationality, etc, is also taken into account. In this regard, we are working on updating and improving the current board’s skills matrix, so that, when dealing with the process of

succession of the chairman and chief executive officer, once both roles have been completely separated. This was done in order to accurately determine the actions to be carried out and those responsible for its execution, in the event that, due to unforeseen circumstances, the chairman or chief executive officer leaves the position abruptly or has to cease working unexpectedly before the term for which they were appointed. These plans were finally approved by the board in the month of December. In 2018 we will continue advancing in this process, with the purpose of elaborating specific succession plans that contemplate scenarios that facilitate an orderly and planned replacement of said roles, when appropriate according to the term.

COUNTERBALANCE In 2015, Red Eléctrica separated the CEO and chairman positions

appointing board directors, we ensure that the board, in its dynamic and changing composition, has enough comprehensive diversity to help make the most appropriate and informed decisions at all times. EB: Speaking of good CG practice, does the board have a succession plan in place for the Chairman and the CEO? CEO: That is correct. The investment world is strongly demanding companies to approve these plans to reduce to the maximum one of the most important risks in an organisation: the replacement of its chairman and/or its CEO. The aim is to guarantee business continuity and the fulfilment of the approved strategic plan, which could be hampered by a leadership change, foreseen or unforeseen, on the board and/or at the senior management level. In Red Eléctrica there was a succession plan approved in 2011, but it had become outdated. Throughout 2017, after long debates in the appointments and remuneration committee and within the board, and with the support of an independent international consultant, a design and drafting process was carried out to prepare contingency plans for the

ELECTRICAL ENERGY Around 55 per cent of electricity generated a month is obtained using technologies that produce zero CO2 emissions

EB: What is being done in the way Red Eléctrica is working in terms of digital transformation and cybersecurity? CEO: Technology in the 21st century advances at a frantic pace. It affects us all in our daily work and, in such a globalised world, in particular, it impacts companies head-on. In the case of Red Eléctrica, the impact is even greater, because as Transmission System Operator (TSO) we are legally a critical operator in Spain and we operate and manage electricity transmission grids in Peru and Chile, as well as telecommunications backbone networks, activities that require very demanding and comprehensive security measures. www.ethicalboardroom.com

Red Eléctrica | Cover Story The Red Eléctrica Group has developed an ambitious and innovative model of comprehensive security, based on applicable best practices, a model that considers the physical security of people and assets of the Group, and the cybersecurity of our information systems and operational technologies to safeguard the continuity of our activity and the services we provide to society in the face of the complex threats it suffers. This issue is so important for us that we have recently approved a ‘Digital transformation strategy in the Red Eléctrica Group’ based on three pillars: the change of organisational culture and ways of working; the digital transformation of our operations; and the development of business opportunities. The first of them, the cultural change, is especially important to be able to successfully face this fourth industrial revolution and for that reason, in Red Eléctrica, we have defined the IMAGINA project, directly promoted by myself and focussed on the transformation of our culture, our leadership model and our ways of working.

SB: A clear example of engagement between the board of directors and its shareholders, is the one that led to the final decision to separate of the positions of chairman and chief executive officer, but I could quote many others. It has taken us years to develop and evolve the concept of engagement with our shareholders. The process began a few years ago when Red Eléctrica adopted a listening approach in order to understand the CG recommendations that our shareholders and their advisors were passing on to us. Over time, this approach between Red Eléctrica and its shareholders became bidirectional, nowadays becoming ‘empathetic’ and of absolute confidence, as a result of the commitments fulfilled over the years. This dialogue is carried out through business road shows, in which the CEO participates, and other specific CG road shows, in which our LID – along with the proxy advisors – has been taking an active part for some years now. In addition, Red

INSIDE THE CONTROL ROOM The pioneering Control Centre of Renewable Energies (CECRE)

We seek to be an agile, flexible organisation with the ability to react quickly to change, capable of capturing value in the new opportunities that arise in the sectors in which we operate; to be an international benchmark reference in the management and operation of critical infrastructure and oriented to our clients in a global environment, maintaining our position as a profitable and sustainable organisation that looks to the future. Since October 2017, the meetings of the board of directors are held using digital mobile devices (smartphones and tablets) and electronic servers that provide all the necessary documentation, thus avoiding the need for paper. EB: Stakeholder engagement is one of the pillars of long-term value creation, tell us about your engagement strategy and why you believe it’s important to have an open and transparent dialogue? www.ethicalboardroom.com

Eléctrica is present in international CG forums, which are attended by international investors (as is the case of the International Corporate Governance Network (ICGN), of which we are a full member as a listed company), we have permanent top-level international external advice on corporate governance topics and we carry out annual self-assessment processes of the board of directors with external support to improve its functioning. EB: Last year, you told us that you were developing a new regulatory compliance system. Where are you at the moment with that process? SB: That is true, in fact we have taken the need to implement a comprehensive regulatory compliance system very seriously. The system has been carefully designed and planned so that it can be applied to any area of Red Eléctrica that is subject to regulatory compliance. It is a dynamic

system that we must keep under continuous review and adaptation. It has been a very laborious process, which we started more than two years ago and whose implementation was completed in 2017, after developing a comprehensive map of regulatory compliance of the Group, composed of 17 functional areas, and after having established a specific methodology to manage non-compliance risks and assign them the necessary controls. In the process, we have had international external advice; we have created the Regulatory Compliance Unit, providing it with the necessary resources so that it can properly manage the system; we have undertaken an ambitious awareness raising and dissemination plan so that everyone understands it and that the entire organisation complies with it; and we are now finalising the process of adapting the IT systems that support it. In 2018, the new system, once implemented, will allow us to carry out a more efficient, comprehensive, anticipated, systematised and harmonised management of regulatory non-compliance risks that may occur within the Group. EB: In 2016, the ‘CG Story’ that you published on your corporate website since your IPO in 1999 was highly valued by Ethical Boardroom. Could you highlight any progress made in 2017 regarding information transparency in CG? SB: Our commitment to the investment world in terms of transparency in CG requires that we continue taking steps in that line. We will update our CG Story annually on the website, to continue showing in a synthetic graphic and visual way the highlights of each year. In addition, this year we have made a complete return to the ACGR. With the support of an international external consultant, we have reviewed the format and content prepared voluntarily by the company, analysing what some comparable companies or other leading companies in CG do internationally, to improve our communication with our shareholders and investors, attempting to synthesise, eliminate reiterations and legal technicalities, introduce graphics and hyperlinks to web pages for those who want to delve into some specific content of the report, etc. In short, we have carried out an exercise of self-criticism in order to improve transparency and seek to provide the highest quality information, as proclaimed by the CG policy approved by our board of directors. Lastly, we are going to submit the 2017 ACGR to independent review by an international external auditor, so that it verifies not only whether we comply adequately with the applicable legislation, but also whether Red Eléctrica has undertaken the generally accepted international standards in terms of CG. Winter 2018 | Ethical Boardroom 27

Board Leadership | Gender Diversity

Jayne E. Juvan

Partner, Co-chair of the Corporate Governance Practice Group and Chair of the Private Equity Practice Group at Tucker Ellis LLP

Opening boardroom doors to women Rebalancing representation in the boardroom is painfully slow work. It’s time for business to adopt more proactive techniques.

“Diverse boards make better decisions, so every board should have members with complementary and diverse skills, backgrounds and experiences,” state the US Commonsense Corporate Governance Principles.1

Much attention has been devoted to the number of women (or lack thereof) in C-suite and director positions, especially in the context of public companies. Despite the well-known benefits of having a diverse set of decision-makers in the boardroom, women continue to hold a disproportionately low number of director positions compared to men. Although the number of women in leadership positions is increasing slightly, women still have not come close to having equal opportunities with men. Th is article discusses four possible techniques for opening the doors of the boardroom to women so that they are no longer shut out from director opportunities. But fi rst, we examine some current statistics about female directors and discuss the challenges that are holding women back.

Glass ceilings and walls

In the fifth edition of Women In The Boardroom: A Global Perspective, the Deloitte Global Center for Corporate Governance reported that in 2016, 15 per cent of all board seats globally were held by women. The same statistic measured at 12 per cent in 2014. An increase of three percentage points over two years is certainly progress, but the numbers remain staggeringly disproportionate. Deloitte partially attributes the sluggish growth in diversity to the slow turnover among board seats. If companies are not 28 Ethical Boardroom | Winter 2018

given a reason to refresh their boards and replace their current directors (such as through term limits or pressure from investors), the statistics will be unlikely to change at a more rapid pace. Another impediment to increased gender diversity is the preference for directors to be current or recently retired CEOs. Given that women hold a low number of CEO positions, they are disadvantaged when this has become, in essence, a prerequisite to holding a board seat. In addition to being at a disadvantage with respect to the preferred experience for a board position, a large number of director seats are fi lled by references from other directors and CEOs (positions dominated by men) and by recruiting fi rms, some of which may not be diversity-minded and continue the trend of placing experienced CEOs, directors and those in their networks in open board seats. Th is ‘club atmosphere’ makes it exceedingly difficult for women to break into these roles.

Although the number of women in leadership positions is increasing slightly, women still have not come close to having equal opportunities with men The challenges experienced by women often start very early in their careers, when they are still in the stage of career development. The 2015 Global Report On Women In Business And Management from the International Labour Organisation described the ‘glass walls’ that keep women siloed in specific management functions that do not give them access to general

management experience. Companies are more likely to have 100 per cent women or greater than 50 per cent women working in the areas of human resources, public relations and communication, and finance and administration. Other management areas, such as research and product development, sales and operations, and general management are more likely to be disproportionately male. When women are more concentrated in areas such as human resources and less in areas such as operations and general management, they are less likely to be seen as viable candidates for a more general management position later in their career. In addition to these trends, though shareholder activist campaigns unlock value on some fronts, these campaigns may also be a setback for gender diversity in the boardroom. A recent study conducted by ISS indicated that, in the S&P 1500, there were zero female dissident nominees and directors appointed via settlements with shareholder activists in 2011, two in 2012 and three in 2013. While the study showed the rate of women who served as dissident nominees or board appointees increased slowly over time, it still lagged behind the gains made in the broader S&P 1500 index. Another study conducted by the W.P. Carey School of Business at Arizona State University found that female CEOs are more likely to be targeted by activists. In a statement about the study published in Fast Company, Christine Shropshire, an associate professor of management at the school, stated: “All else held equal, female CEOs have a 27 per cent likelihood of facing activism, while their male counterparts have a near zero predicted likelihood of being targeted.” Shropshire has theorised that women are more likely to be targeted because they are perceived as ‘weaker and thus easier to www.ethicalboardroom.com

Gender Diversity | Board Leadership push around’. On the other hand, an article published by Quartz at Work titled Activist Investors Are Making Corporate Boards Whiter And More Male referenced a source that indicated that activists will attack the lack of diversity as a weakness when they are targeting a company with an all-male board. While female representation globally is quite low, Spencer Stuart recently released data concerning the S&P 500 that does provide promise. According to the recruiting firm, among new S&P 500 directors, women comprised a total of 36 per cent, or 142, of incoming directors. The total number of female directors on the S&P 500 stood only at 22 per cent, up a modest one per cent in 2016.

Technique 1: Adopt company-specific initiatives designed to enhance female participation In PwC’s Governance Insights Center’s report, A Look At Board Composition: How Does Your Industry Stack Up, PwC noted that mandatory retirement ages and term limits can be effective tools to ‘refresh’ a board. According to Spencer Stuart, 48 per cent of boards on the S&P 500 did not appoint a new director in 2017. Limiting the amount of time that a current (and possibly male-dominated board) can stay in office gives women the opportunity to break into the boardroom more quickly. The retail industry has been particularly effective in this arena. Ninety-one per cent of retail companies in the S&P 500 have mandatory retirement ages, compared to 73 per cent for the S&P 500 as a whole. Further, 18 per cent of retail companies impose term limits on their directors, as compared to four per cent of the S&P 500 as a whole. Many companies have diversity initiatives and mentoring programmes aimed at increasing gender diversity throughout the organisation. Helping women position themselves early in their career can make them even more qualified candidates for top leadership positions down the road. While the jury may still be out concerning the impact of traditional women’s initiatives, Deloitte has taken a more innovative approach to these groups that, in time, could prove effective. Rather than continuing with affinity groups geared solely to women, Deloitte has replaced its women’s initiative, known as WIN, with ‘inclusion councils’ that also provide men (including powerful men who have an ability to sponsor women for opportunities) with an ability to participate. In an article for Bloomberg Businessweek, Deepa Purushothaman of Deloitte said: “By having everyone in the room, you get more allies, advocates and sponsors. A lot of our leaders are still older white men and they need to be part of the conversation and advocate for women. But they’re not going to do that as much if they don’t hear the stories and understand what that means.” www.ethicalboardroom.com

Winter 2018 | Ethical Boardroom 29

Board Leadership | Gender Diversity

GENDER QUOTAS IN THE WORKPLACE Policies to readdress gender balance in companies elicit different reactions

While inclusion networks may move the needle over the long-run, these likely will not present immediate positive results. In the interim, however, companies can bring more women into the fold by using tools such as mandatory retirement ages and term limits to refresh their boards. 2: Expand the pool of 2 Technique individuals recruited for board seats

In order to provide a pathway to women to obtain board seats more quickly, companies should look beyond the traditional C-Suite, which is largely comprised of men. Recruiting fi rms also need to be open-minded when presenting candidates to ensure their actions do not further the ‘club atmosphere’ and they should proactively help to drive a conversation around diversity. In Nudging Companies to Look Beyond The C-Suite For Women Directors, The Wall Street Journal recently reported that this approach is starting to gain traction, writing: “Though many boards seek current or former CEOs, CFOs or COOs, who still tend to be men, there’s a growing trend to look for division managers, which opens the door for more diverse candidates. And as more women get on boards, they can also vouch for each other to limit the old boys’ club cycle.” Some firms engaged in the recruiting process have demonstrated – by sharing actual data – that they are recommending female candidates for open board seats. According to the Wall Street Journal, J. P. Morgan Chase & Co’s Director Advisory Services Group has given more than 700 director recommendations since inception, 65 per cent of which were for women candidates. 3: Apply the weight 3 Technique of institutional investors

Just before International Women’s Day in 2017, in celebration of the fi rst anniversary of its Gender Diversity Index (SHE), State Street Global Advisors made a bold statement when it installed ‘Fearless Girl’ across from the ‘Charging Bull’ in the heart of the Financial District in lower Manhattan. The bronze 30 Ethical Boardroom | Winter 2018

statue includes a plaque that states ‘Know the power of women in leadership. SHE makes a difference’. In a speech at the Weinburg Center for Corporate Governance about the arrival of Fearless Girl, Ronald P. O’Hanley, the president and CEO of State Street, stated: “She is a daring and confident girl celebrating the ‘can-do spirit’ of women – who are taking charge today and inspiring the next generation of leaders. She stands as a reminder to corporations across the globe that having more women in leadership positions contributes to the overall performance and strengthens our economy.” In the beginning of 2017, State Street announced that it will engage with the companies it invests in about the importance of adding female directors. For those that fail

In order to provide a pathway to women to obtain board seats more quickly, companies should look beyond the traditional C-Suite, which is largely comprised of men to do so, there will indeed be consequences, as State Street is prepared to vote against the chairs of the nominating committees of these companies. Similarly, BlackRock announced its focus on achieving gender diversity in the boardroom in March 2017. Citing the Commonsense Corporate Governance Principles quoted at the beginning of this article, BlackRock expressed its intention to engage with companies on the topic of gender diversity and hold nominating and governance committees accountable for lack of progress. 4: Establish quotas 4 Technique Given the glacial pace of change, some

rejected the notion that the market will self-correct and instead have turned to mandatory quotas to balance boardrooms.

According to a Harvard Business Review article, What Board Directors Really Think Of Gender Quotas, action pertaining to quotas began more than 10 years ago when countries in Europe started adopting them. In 2004, Norway adopted a 40 per cent quota for female directors and other countries, such as France and Italy, followed suit with similar goals. Recently, The Guardian in the UK reported that the European Commission is taking strong action and is seeking to establish a quota for women on boards. For those companies in which the non-executive directors total more than 60 per cent men, female candidates of equal merit being considered for a post would have to be prioritised. Germany, the Netherlands and Sweden previously blocked the EU’s goal of having 40 per cent of women fi ll the top positions in listed companies due to concerns that these proposals overstep into domestic territory. The Guardian has also reported that women’s participation had grown to 22 per cent in 2015, up from 10 per cent in 2005, when evaluating the largest listed companies. The US, however, has never established quotas, whether voluntary or mandatory. If pressure from institutional investors does not bring results, or does not bring results quickly enough, should the US consider adopting quotas as well? According to the article cited above, quotas are often criticised on the basis that they will result in less qualified directors. Women in particular have also expressed concern that they will be ‘second-class citizens’ if they achieve their board seats through quotas. Nevertheless, others have indicated that the market is unlikely to fix the issue in the near term, with some saying that, ‘[w]ithout quotas, it will be a pretty long, slow journey’. Men interviewed for the article were not in favour of formal targets, stating that they “wanted qualified and strong directors first and foremost”. Whether that implicitly signals that those interviewed still do not recognise the value women bring to the table is ripe for discussion. 1

www.governanceprinciples.org

www.ethicalboardroom.com

Board Leadership | Diversity

Boardroom diversity critical for institutional investors Never has diversity on boards been such a widely discussed topic, yet promises to investors are still so often ignored We operate in a time when boardroom practices are increasingly scrutinised and impact customer satisfaction, as well as trust in company performance. The recent tribulations faced by the likes of taxi firm Uber represent a paradigm shift that will be repeated across the corporate world.

We live in an age of the potential activist – be it an investor trying to shape the board, such as at the London Stock Exchange, or activist consumers reacting to the views of the board, as with John Schnatter at Papa John’s. The composition and behaviour of company boards is under focus and it’s a trend that is only set to increase as investors, customers and employees demand greater accountability. The transparency movement is also underpinned by increasing regulatory scrutiny. The UK government’s Race Disparity Audit highlighted differences in the treatment of people from different ethnicities across the country’s public services, while the government-commissioned Hampton-Alexander Review looked at ways to ensure that talented women at the top of

Raj Tulsiani

Chief Executive Ofﬁcer and Co-founder, Green Park businesses are recognised, promoted and rewarded equally. Even the Financial Reporting Council has included diversity as part of its view on good governance. The government is now seriously examining how to increase Hampton-Alexander’s remit to the number of women in senior positions in all FTSE 350 companies. A boardroom that is male, stale and pale will simply create difficult brand risks in the future.

How diversity is perceived

Against this backdrop, Green Park commissioned research examining institutional investors’ perceptions of boardroom diversity. It revealed that investors believe that by 2022 the ethnic composition of company boards will be an important consideration when determining investment strategy, while more than half (56 per cent) believe the diversity of company boards will be a key factor in determining an investment case. Although we can identify cultures and factors driving change and reinforcing the need for diversity of board composition, many fi rms remain intransigent. Despite working with companies for more than 20

years to improve the way businesses think about talent and diversity, I still regularly see this problem and wonder sometimes if we are dealing with organisations that have ‘group-think’ so deeply engrained in their culture that they will never allow successful or sustainable change in the composition of their leadership, regardless of how customers change. It was exciting to see our research reveal investment professionals are anticipating a significant shift in the position of the industry. However, when only six per cent of the researched investors thought that ethnic diversity is currently a major consideration, this is obviously not seen as an important, immediate issue – and that’s not good enough. Almost four in 10 institutional investors felt boards do not fully appreciate or understand the financial value of having a diverse board and therefore change is not being instituted now. Regressive companies with mono-cultural leadership approaches are not representative of their employees, business partners or customers and act as a barrier to future inclusion. But why would investors ignore the opportunity for advancement? Unlike initiatives designed to move towards gender parity, those in control of increasing ethnic diversity cannot simply turn the dial up to tackle the perceived issue. Instead, a new equation needs to be formed

DIVERSE WORKPLACE Progressive investors will recognise the importance of diversity 32 Ethical Boardroom | Winter 2018

www.ethicalboardroom.com

Diversity | Board Leadership whereby people understand both supply and demand. Boards will need to look outside the internal talent pipeline and beyond their current parameters if this is to be delivered, as the pipelines just aren’t as developed after years of failing to tackle the issue. This is largely due to a decade of being a net importer of BME (black and minority ethnic) board talent to the UK.

community when it comes to existing global benefits realised through diversity. Only half (52 per cent) thought a diverse board helps people understand the requirements of a diverse customer base, while only 39 per cent believe they are better placed to understand the changing requirements of an international customer base. Despite results that explicitly show companies in the top quartile for racial, Sluggish approach gender and ethnic diversity are 35 per cent The lack of urgency for the investment more likely to have financial returns above industry to value diversity is further their respective national industry medians, reinforced by our findings that show one in a quarter (25 per cent) of institutional five investment managers believes their own investors did not necessarily think that company board lacks diversity. If the industry boards need to be more diverse – and almost is not addressing the challenge internally, the a third (30 per cent) believe that an wider approach required to properly solve the ethnically diverse board has no bearing on a issue is perhaps a long way off. firm’s commercial success. So, while these Green Park undertook investors know boardroom further research to understand Diversity is only diversity will be a key future what would have the biggest consideration, they don’t one method of impact on diversity. Of course, appear to fully understand we all have our own opinions making businesses why themselves. on this, but inside, unique Stepping outside sustainable and industry insight is always the boundaries of the ensuring they the most efficient way for investment industry, last combatting intransigence and Hampton-Alexander have the relevance year’s identifying barriers to change Review, which established a needed to survive, target of 33 per cent women and developing meaningful co-created interventions on FTSE 100 boards by 2020, but it is one that to counter them. found that the number of can be leveraged Proactive lobbying (36 per women sitting on the boards cent) was perceived to be the of the country’s largest right now by all most likely way forward to companies has more than change opinions of the board, followed by doubled since 2011. However, this adds up direct action using the threat of reduced, or to only 28 per cent of all board positions; complete removal of, investment accounting for the 33 per cent target to be met within for a quarter (25 per cent) of responses. the deadline set out by the report, 40 per cent A further 13 per cent believed that voting of all senior appointments made in FTSE 350 against remuneration reports is a strategy companies will have to be filled by women that would affect business change. for the next three years. While, at first, this Our research shows a need for greater sounds achievable it must be put in context: education among sections of according to the annual Green Park the investment management Leadership 10,000 study, statistically, female

www.ethicalboardroom.com

representation went backwards in more than half of industries in 2016. In addition, the report, looking at the diversity backgrounds of those in leadership positions within FTSE 100 companies, revealed that, despite a net average increase in diversity since the previous report, there is still a ‘concrete ceiling’ stopping many talented minority candidates reaching the upper echelons of management. It also found that gender diversity is moving backwards at the pipeline level beneath the board in some sectors – worryingly, previous progress and momentum seems to be reversing.

Time to take action

Of course, the issue of boardroom diversity is not just limited to the institutional investment industry – we all need to pull together and turn future intentions into immediate action. Diversity is only one method of making businesses sustainable and ensuring they have the relevance needed to survive, but it is one that can be leveraged right now by all. The UK has a fantastic opportunity to open itself to the world post-Brexit, but our claims to be outward-looking and open to expanded trade with the non-European world are hardly enhanced by closing our own pathways to talent. Committing to increasing board diversity is a choice, but it is a choice all business leaders should be considering, if for nothing other than self-interest. How quickly will diversity impact future decisions on funding, debt facilities, analyst ratings and board performance? Investors are obviously coming around to the importance of diversity and those that have future-proofed against governance or brand backlash may avoid the potentially damaging impact of activist investors and marginalised customers alike. The firms likely to thrive are the ones that are ahead of the diversity curve, not lagging behind it.

Winter 2018 | Ethical Boardroom 33

Board Leadership | Effective Governance COMMON GOALS An agreement of what needs to be achieved and how is key to responsible governing

In pursuit of effective corporate governance Getting to the root of some of the problems that beset boards will lead to more rigorous guidance and help achieve better outcomes From hardly rating a mention 20 or 30 years ago, boards are now newsworthy. Questionable practices and failures of various kinds have seen boards become topical; often targets of criticism in the eyes of the business media, regulators and, increasingly, the wider public.

In addition, the previously little-used term that describes what boards do – corporate 34 Ethical Boardroom | Winter 2018

Dr Peter R. Crow CMInstD Acknowledged expert on strategy, corporate governance and board eﬀectiveness governance – has become ubiquitous, hackneyed even, to the point now of being invoked as a perpetrator or panacea for all manner of corporate activity, regardless of whether the board is involved or not. Further, many well-intentioned directors do not seem to understand their duties and responsibilities particularly well; they say they have become

confused about the appropriate role of the board, what corporate governance is and how it should be practised. Th is article discusses some of the issues boards face as they seek to govern, before suggesting an alternative approach for more effective outcomes.

A challenging context

Modern boards face many challenges and complexities. Seismic geo-political shifts, the rise of populism and the diversity agenda, changing shareholder expectations, and www.ethicalboardroom.com

Effective Governance | Board Leadership risks of many types, especially terrorism and cyber risk mean boards cannot take too much for granted in a dynamic marketplace. Yet guidance to assist boards achieve ‘best practice’ is not in short supply. In fact, a surfeit of recommendations has now pervaded academies, directors’ institutes and boardrooms, some of which has sought to redefine corporate governance. Also, codes and regulations have been introduced in many countries to both limit malfeasance and provide boundaries and guidance to boards. Among them, a clear separation between the functions of governance and management, diversity of various forms, say-on-pay, and independent directors have been promoted at various times, as precursors to effective board practice. Many boards and shareholders have been enthralled by these recommendations as they have searched for a definitive board configuration to suit their purposes. But what of their efficacy? Despite the best of intentions, the plethora of recommendations and codes produced to date have yet to have the intended effect. In fact, the seemingly endless stream of corporate failures and significant missteps emanating from boardrooms suggests that contemporary ‘best practice’ recommendations provide little assurance of board effectiveness, much less company performance. Studies of company and board failures reveal a consistent pattern of contributory factors, including hubris and overconfidence among directors; low levels of board-management transparency; assertive CEOs that ‘take over’; lack of a critical attitude, genuine independence, appropriate expertise and relevant knowledge in the boardroom; and, tellingly, low levels of commitment by directors. It’s little wonder regulators are active and public confidence is low. The evidence indicates that corporate governance has entered troubled waters. First-hand observations of boards in action show that the dominant focus is compliance; monitoring historical performance and checking regulatory requirements are satisfied. The protection of professional and personal reputation is clearly a more powerful motivation for many directors than the performance of the company they govern. Something is amiss, clearly.

Focus on what actually matters In sport, it’s well known that rules define boundaries not outcomes and teams that focus on the rules rarely win. The correspondence to boards and governance is direct. ‘Best practice’ recommendations and codes are, essentially, rules. To focus strongly on them, without also considering the function of boards and behaviours of directors holistically, is short-sighted. If boards are to become more effective in fulfi lling their value-creation mandate, www.ethicalboardroom.com

directors need to focus on what actually matters, especially discovering how best to work together in pursuit of agreed performance outcomes, with the best interests of the company to the fore. Th is was made plain recently in an article by Bob Tricker, a doyen of corporate governance. Tricker reminded his audience that the purpose of the board is to govern, which includes overseeing the formulation of strategy and policy, supervision of executive performance and ensuring corporate accountability. Ultimately, the effectiveness of any board in this pursuit is a function of what the board does and how directors behave, not what it looks like. The structure and composition of the board is, in relative terms, less important. Directors take their eyes off this distinction at their peril.

An alternative approach, for more effective contributions

That the ultimate responsibility for company performance lies with the board places it at the epicentre of strategic decision-making and accountability. Consequently, if the board is to have any effect on business performance at all, it needs to maintain an active and sustained involvement in strategic management in some form.

Best practice’ recommendations and codes are, essentially, rules. To focus strongly on them, without also considering the function of boards and behaviours of directors holistically is short-sighted Some commentators (and many directors and managers) have argued against the board becoming actively involved in strategic management tasks. High levels of involvement are frequently perceived by managers as interference and close involvement can lead to a loss of objectivity in oversight. Yet boards have duties to fulfi l. Clearly, if boards are to contribute well, they need to navigate a fine line between detachment, involvement and meddling. For that, trust, cooperation, teamwork, cohesion and consensus-building – both among the directors and with the chief executive – are vital. Recently published research provides new insights as to how this might be achieved. It demonstrates that if corporate governance is conceptualised as a multi-faceted mechanism that is activated by competent, functional boards, then different (improved) outcomes are possible.1 The mechanism itself is straightforward: an integrative assembly

comprised of strategic management tasks, relationships and behavioural characteristics of directors (discussed below). ■ Strategic competence: Directors need to possess competencies and cognitive abilities to exercise sound judgement on specific issues – both individually and as a group. Big-picture, long-term and impartial, inquisitive thinking and a strategic mindset are particularly important if the board is to be strategically capable. ■ Active engagement: This enables directors to gain insights to make informed decisions, monitor the implementation of prior decisions and the performance of the company effectively and focus on future performance. Indicators include adequate preparation by directors before board meetings; close and supportive interaction between directors during meetings (read teamwork); and an established framework within which to make strategic decisions (an approved long-term strategy). ■ Sense of purpose: Th is describes the motivation and resolve of directors to contribute to the work of the board (formulation of strategy, making of strategic and other decisions; monitoring and verification of actual performance; application of controls; and provision of accountability) with the agreed long-term purpose of the company as a guiding principle. ■ Collective efficacy: The ability of the board to make informed decisions together is an antecedent of effectiveness and performance. A board’s performance is the product of not only shared knowledge and skills, but also of cooperation, empathetic interactions between directors, vigorous debate and the situational awareness and emotional intelligence of each director as alternate points of view are explored and debated. ■ Constructive control: Decisions made by the board in response to various inputs should be consistent with the agreed strategy and long-term goals. The mindset should be that of a coach, providing guidance rather than making punitive responses, the likes of which are more commonly associated with boards seeking to minimise perceived agency problems. The mechanism-based proposal described here outlines how functional boards can ‘perform’ corporate governance. In so doing, it marks a return to seminal understandings of shareholder-board-management interaction (the board as a proxy) and corporate governance (the functioning of the board, the means by which companies are directed and controlled) that have been lost among the cacophony of more recent contributions. Winter 2018 | Ethical Boardroom 35

Board Leadership | Effective Governance The harmonious exercise of the five behavioural characteristics within the mechanism provides a platform for directors to interact well and the board to make forward-looking, informed decisions in a timely manner. Unsurprisingly, the core elements are not dissimilar to the antecedents of effective teamwork (compelling direction, enabling structure and supportive context) and integrative models of mission achievement (purpose, strategy, values and behaviour standards) described elsewhere. It follows directly that effective corporate governance is a product of meaningful teamwork, synergistic interactions and a commitment to action among competent, functional directors acting with an agreed strategy and the long-term best interests of the company in mind.

Implications for boards

The concept of corporate governance is both straightforward and stable (the root word is kybernetes, meaning to steer, to guide, to pilot). In contrast, the practice of governance (i.e. what boards do and how directors behave) is inherently complex and quite dynamic – even more so when the incessant march of new ideas and technologies, and the miscreant motivations of some directors are considered. A mechanism-based understanding of corporate governance provides an alternative pathway to achieve more effective outcomes from those promoted by conventional wisdom. Specifically, it provides an integrative framework; outlining the tasks, interactions and behavioural characteristics that are conducive to effective contributions. However, it also challenges orthodoxy by setting structure and composition recommendations and

constraints to one side, as well as any business they are charged with directing notional physical or task separation between and the wider operational and strategic the board and management. context within which the company operates, The close working proximity of the board so their contributions in the boardroom and management that is a feature of this are both contextually relevant and effective. proposal is not without its challenges. A programme of continuous learning and Complex group dynamics and the inherent discovery is recommended. Although not difficulty of separating shareholder, board yet commonplace, increasing numbers of and manager roles (especially in smaller directors are now reportedly allocating as shareholder-managed many as five hours outside businesses or boards with In the end, boards the boardroom for every so-called executive directors) in board meetings. should hold tight hour can have a negative impact In addition to reading and to their core on decision-making understanding board papers, objectivity in particular. these directors say they responsibility, Similarly, the temptation read widely about emerging which is to govern ideas, trends, technologies to embrace operational detail inadvertently confuses in accordance with and practices to ensure a the roles of the board sufficiency of knowledge both prescribed (corporate governance) about both the practice and managers (business of governance and the duties and the operations, including strategy the company long-term purpose market/sector implementation) and shorten they govern operates of the company the view remain very real in, as well as the new challenges for directors opportunities it offers. in mind around the world – especially In the end, boards should in times of crisis or disruption. If boards are hold tight to their core responsibility, to fulfil their governance responsibilities which is to govern in accordance with both well, a clear sense of purpose supported by a prescribed duties and the long-term purpose coherent strategy and a well-defined division of the company in mind. Necessarily, of labour is essential – regardless of the effective steerage and guidance requires company’s size, sector or span of operations. the board to be discerning and committed to Early agreement on terminology, culture, the task at hand, using reliable governance the purpose of the company and the board’s practices in pursuit of better outcomes, role in achieving the agreed purpose provides lest they be diverted by spurious (and often boards with a much-needed foundation discordant) recommendations that appeal upon which to assess options, make strategic to symptoms or populist ideals. The decisions and, ultimately, pursue high levels mechanism-based proposal introduced of performance. Increasing numbers of here provides a useful option for boards to boards are starting to realise that material consider as they strive to realise the full benefits are available if they take these steps. potential of the companies they govern. 1 More generally, directors need to ensure Doctoral research conducted by the author, a long-term study of boards in action. that they thoroughly understand both the

ADOPTING THE RIGHT APPROACH Companies need to reassess what corporate governance actually is 36 Ethical Boardroom | Winter 2018

www.ethicalboardroom.com

Board Leadership | Corporate Governance

Changing times To quote Bob Dylan: “the times they are a-changin”. As we enter a new year there is a signiﬁcant shift in the corporate governance landscape ahead of us. The proposed new UK governance code is published for consultation with a target of the ﬁnalised version being available in summer 2018, for implementation in January 2019. “Corporate governance is concerned with holding the balance between economic and social goals and between individual and communal goals. The governance framework is there to encourage the efficient use of resources and equally to require accountability for the stewardship of those resources. The aim is to align as nearly as possible the interests of individuals, corporations and society,” wrote Sir Adrian Cadbury in the 1992 UK Commission Report: Corporate Governance. Twenty-five years ago, the Cadbury Report 38 Ethical Boardroom | Winter 2018

A reformation of the board’s sustainability landscape is nigh Helen Pitcher OBE

Chairman, Advanced Boardroom Excellence

laid down the challenge to companies and boards to reach into the future. There are some great boards who responded to this call and saw an effective governance process as the hallmark of a world-class company with innovative thinking and the board holding the culture and reputation of the company as a tangible asset. As we enter a new era for UK Plc we are greeted by a major revision of the Combined Governance Code which seeks to take that best practice developed in our leading companies and evolve it more assertively across the corporate landscape. The Code, while still maintaining the flexible advantages of ‘comply and explain’, is becoming more assertive and, in particular, the proposed revision of the guidance on

board effectiveness which accompanies the Code, while still not mandatory, provides a much more strident and clear view of what makes an effective board based on best practice and experience. Th is in turn will be the driving framework for external, independent board evaluators in undertaking their reviews of the board. The guidance also extends board effectiveness to include a much more prominent role for the board and nominations committee, the ‘Cinderella’ of the board committees, in achieving sustainable outcomes. For example, the nominations committee ‘brief’ is being ramped up in the Code’s guidance on board effectiveness to specifically include; ■■ Values and behaviours “The nomination committee should be clear about the values and behaviours expected when recruiting new directors and senior management and build a proper assessment of this into the recruitment process” ■■ A direct focus on diversity “The nomination committee should take an active role in setting and meeting www.ethicalboardroom.com

Corporate Governance | Board Leadership diversity objectives and strategies for the company as a whole and in monitoring the impact of diversity initiatives” and ■■ Optimising talent management “nomination committees should consider taking a more active interest in how talent is managed throughout the organisation” All this extends the board’s active oversight and engagement into widening the board’s stakeholder oversight, with a major focus on employees – “The Code requires boards to establish a method for gathering the views of the workforce and suggests three ways this might be achieved”.

Focussing on boards

There is a clear determination by the Financial Reporting Council (FRC), heavily encouraged by cross-party parliamentary support (Green Paper Consultation on Corporate Governance Reform August 2017), to take a more active and proactive focus on boards. Many discussions having taken place about the FRC having binding powers and regulation of boards, similar to its role with auditors, accountants and actuaries. The FRC published its annual report on corporate culture against what it called a ‘backdrop of falling public trust in business’. The watchdog is looking to expand its oversight powers – particularly around requirements for directors of public and private companies to ‘focus on generating and preserving value for shareholders for the long-term, taking account of the interests of the company’s workforce and the impact on other stakeholders such as customers, suppliers, the community and the environment’. This will have a significant impact on the shape of the non-executive director (NED) of the future, with clear and accountable pro-active responsibilities for ensuring the sustainability of the company, outside the interests of short-term shareholder considerations. It will require an artful board that is able to engage beyond the CEO and CFO and occasional presentations from the leadership executives. It brings some reality and accountability to the omnipresent statements from boards of ‘people being our business’. as the board will be required to both articulate and report on what this means and how they are achieving the same. Will this ‘new’ enhanced approach have any impact, or does it only affect the landscape of the FTSE 100 ‘super stars’? There is an interesting perspective to consider when looking at the board effectiveness guidance, where many of the core new interventions have been placed, in order to keep the main Code simple. This has the impact of ‘beefing up’ the guidance in line with other Code guidance, such as the guidance on audit committees et al. The www.ethicalboardroom.com

guidance on board effectiveness comes with accountants with pale, female and stale a series of ‘ready-made’ checklist/suggestions accountants. The INSEAD Governance for governance of an effective board, which Institute talks of the increasing speed and will undoubtable be picked up by the rating complexity of business and the need for agencies to update their current corporate NEDs who bring a multiple ‘triple’ range governance effectiveness indexes. This will of capabilities to the board, from expertise in turn inform the investor community and experience across at least two core and fuel the obsession of companies to get functional areas of expertise, with a third ‘good’ governance rating, especially where contribution from an alternative sector, they are looking for inward investment. culture or nationality perspective, in order An additional influence is the cadre to achieve a truly diverse international NED. of new, ambitious and increasingly We have been building towards these professionalised NEDs, who are seeing shifts as an evolving process over 25 the NED role as part of their ‘corporate years, spurred over the last 10 years by the career cycle’ and engaging with their decaying trust in the corporate leadership new, expanding responsibilities and environment, which called in to question accountabilities zealously, keen to use the motivations of our companies and the ‘career ladder’ of the FTSE 250 as vicariously their leaders. We have also seen a positive and reputation-enhancing over that 25 years a dramatic reduction in experience. This in turn ups the pressure the tenure of CEOs, with UK CEOs averaging on these FTSE 250 chairmen and women 4.8 years in the top job (with a five-year to respond to their desire for an appropriate global average), reducing from 8.3 years in corporate governance framework, as these 2010. This has handed the baton of corporate talented and aspiring new NEDs perform continuity and sustainability firmly into their due diligence. If your corporate the hands of the board and NEDs. This governance is not ‘up to scratch’, these requires a definition and strengthening of talented NEDs will be told from various the boardroom culture and accountability, network sources to avoid you. with a clear set of sustainable ‘values’ and This changing landscape is well illustrated ‘principles’ that can be carried across by the multi-faceted pressure on gender corporate generations. diversity on boards. In addition to the new There is also a continuing pressure on code being very specific about the board’s boards to increase the coherence, integration responsibility for action on and alignment of the board’s We have been diversity, the governmentstrategy, policies and backed Hampton-Alexander with CEO and building towards initiatives Report provides a specific executive reward in a more these shifts of 33 per cent female board meaningful way. The board membership target for discussion and consultation as an evolving chairmen and boards to forums are increasingly process over 25 strident on the simple process achieve by 2020. The Report also targets the FTSE 250 of targeting CEO remuneration years, spurred executive committees and to include the delivery of over the last their director reports, to the company’s behavioural 10 years by the and stakeholder objectives. achieve a similar 33 per cent female participation. This As the CEOs become targeted decaying trust is rigorously supported by to ‘move the dial’ on the in the corporate diversity and gender balance diversity lobbying groups, the increasing number of of the executive pipeline, leadership new female NEDs on boards it will increasingly motivate environment, and the annual diversity their attention. progress report from If we are to remain the which called in Cranfield University. This global leaders and the to question the standard bearer in effective creates a corresponding motivations of annual media frenzy on the corporate governance, with ‘worst performers’, with a assurance this brings to our companies the reinforcing maelstrom of the investors and stakeholder new gender pay gap reporting. and vicariously communities, we should You feel almost sorry for the seek to get this transition their leaders poor chairman who achieves right and demonstrate that the accolade of the least diverse, highest paid an evolutionary self-reflecting process can male executives with widest gender pay gap! work and is not hijacked by vested interests. This expanding landscape for boards will While this has not been an exhaustive require a new profile for NEDs, who will need review of all the Code changes, which are to be increasingly diverse themselves, not many and various, we should finish as we just around gender, but also in their thinking started with the words of Bob Dylan, “You and strategic horizons. There is little point better start swimmin’ or you’ll sink like a in replacing a bunch of pale, male and stale stone, For the times they are a-changing”. Winter 2018 | Ethical Boardroom 39

Global News The Americas New CEO for Canada’s networking firm

Vale migrates to the Novo Mercado Vale, the world’s largest iron ore mining company, has migrated its shares to Novo Mercado, Brazil’s strictest market segment at the B3 stock exchange — reserved for those companies aiming for high standards of corporate governance and transparency. According to Vale, the move will provide benefits to shareholders with a simplified

corporate structure and greater liquidity of its shares. Vale celebrated the move at an event held at B3’s headquarters in São Paulo, where the mining company’s CEO Fabio Schvartsman (pictured above, centre) rang the traditional market opening bell to mark entry into the new segment.

Facebook steps up cybersecurity efforts Facebook has hired former White House official Nathaniel Gleicher as its first head of cybersecurity policy. The appointment follows claims that Facebook has struggled to keep a small number of users from posting hate speech and spreading fake news on the site. Jacqueline Ramos, an adjunct fellow at the Center for a New American Security, told The Hill: “Facebook’s hire of its first ever head of cybersecurity policy is recognition that protecting corporations from foreign hacking is an increasingly serious matter. “In this new era, US companies must bolster their defences and leverage advanced cyber tools designed to stop state-sponsored attacks.”

Casino operator slammed over governance Wynn Resorts, an $18.5billion company with casinos in Las Vegas and the Chinese territory of Macau, has been criticised for ‘weak corporate governance’. The company’s board has also come under fire for its ‘deference’ to founder and chairman, Steve Wynn — currently under investigation following allegations of serial sexual harassment. Nevada gambling regulators say they are looking into complaints about the casino mogul, alleging he had harassed female employees for years at his resorts. Jeffrey Sonnenfeld, senior associate dean for leadership studies at the Yale School of Management, told Bloomberg News: “A board’s governance committee, auditing committee, should have been looking at him. If they didn’t know this, how come they didn’t?”

40 Ethical Boardroom | Winter 2018

Camilla Sutton (right) has been appointed president and CEO of the board of directors at Women in Capital Markets (WCM), the non-profit organisation that promotes the development of women in Canadian capital markets. WCM focusses on the advancement of women in industry and increasing the number of women in senior leadership roles in the Canadian economy. “Women in Capital Markets has played a critical role in advancing the conversation about gender diversity in the financial services industry and within the broader Canadian economy,” said Sutton. Sutton succeeds Jeannie CollinsArdern, who was appointed interim president and CEO following the resignation of former president and CEO Jennifer Reynolds in August 2017.

Lula corruption conviction upheld Former Brazilian president Luiz Inácio Lula da Silva is still a favourite in polls for the upcoming Brazilian presidential contest, despite an appeals court upholding his conviction on corruption charges. A Brazilian court has upheld the conviction of Lula for corruption and money laundering, which could mean he will be barred from running for a third term. Lula was found guilty of receiving a seaside duplex apartment worth around £540,00 from a construction company called OAS as part of a multibilliondollar bribe scheme involving state-run oil company Petrobras. His defence denies the accusations, stating that the property had always belonged to OAS and that Lula was condemned without evidence.

www.ethicalboardroom.com

CHANGE ONLY 60% GETS FASTER. NEARLY

OF PUBLIC COMPANY DIRECTORS BELIEVE THAT INDUSTRY CHANGE WILL HAVE THE GREATEST IMPACT ON THEIR COMPANIES OVER THE NEXT 12 MONTHS. Source: 2017–2018 NACD Public Company Governance Survey

NACD helps boards keep pace with insights and tools that equip directors to address emerging board issues.

Board leadership today requires constant, multidimensional awareness: directors must draw on their experience, stay alert to what’s happening now, and be able to anticipate what’s coming next. NACD helps directors embrace change with • Benchmarks on emerging governance trends

• Early warnings about emerging issues and disruptors

• Insights from the leading minds in governance

• Direct access to authoritative experts

• Continuous-board-improvement programs

• Recommended priorities

• Commentary from subject-matter experts

• Proven practices

• Lessons learned from fellow directors

• Peer networking and much more

This is why your peers have already joined NACD: they can draw on the combined knowledge and awareness of more than 1,250 boards and 18,000 director members.

SAVE 20%

ON A NEW NACD FULL-BOARD MEMBERSHIP. ENROLL BETWEEN FEBRUARY 15 - MARCH 15, 2018. 571-367-3708 • JOIN@NACDONLINE.ORG • NACDONLINE.ORG/JOIN

Board Governance | Audit Committee

Timothy Copnell

Chairman of KPMGâ&#x20AC;&#x2122;s UK Audit Committee Institute

Global audit committee issues in 2018 Risk management is one of the biggest concerns for audit committees, boards and their companies in the year ahead 42 Ethical Boardroom | Winter 2018

www.ethicalboardroom.com

Audit Committee | Board Governance

Financial reporting, compliance and the risk and internal control environment will continue to be put to the test in 2018 by slow growth and economic uncertainty, technology advances and business model disruption, cyber risk, greater regulatory scrutiny and investor demands for transparency, as well as dramatic political swings and policy changes in the UK, US and elsewhere.

Focussed, yet flexible audit committee agendas – exercising judgement about what does and does not belong on the committee’s agenda and when to take deep dives – will be critical. In the Audit Committee Institute’s 2017 Global Audit Committee Survey, nearly half of the 800 audit committee members who responded said it is ‘increasingly difficult’ to oversee the major risks on the audit committee’s agenda in addition to the committee’s core oversight responsibilities (financial reporting and related internal controls and oversight of internal and external auditors). Aside from any new agenda items, the risks that many audit committees have had on their plates for some time – cybersecurity and IT risks, supply chain and other operational risks, legal and regulatory compliance – have become more complex, as have the audit committee’s core responsibilities. Issue #1 for 2018 is staying focussed on the basics – including financial reporting integrity – and then reassessing whether the committee has the time and expertise to oversee these other major risks. Does cyber risk require more attention at the full-board level – or perhaps the focus of a separate board committee? Is there a need for a compliance committee? Keeping the audit committee’s agenda focussed – and its eye on the ball – will require discipline and vigilance in 2018. Issue #2 is recognising that financial reporting quality starts with the CFO and the finance team. In the Audit Committee Institute’s 2017 Global Audit Committee Survey, 44 per cent of respondents were not satisfied that their agenda was properly focussed on CFO succession planning. Furthermore, few were satisfied with the level of focus on talent and skills in the finance team. Given the increasing demands on the finance team and its leadership – financial reporting and controls www.ethicalboardroom.com

(including the implementation of new accounting standards), risk management, analysing mergers and acquisitions and other growth initiatives, shareholder engagement and more – it is essential that the audit committee can devote adequate time to the finance talent pipeline, training and resources, as well as succession plans for the CFO and other key executives in the finance team. Audit committees are thinking about whether finance teams are incentivised to stay focussed on long-term performance and looking to internal and external auditors to share their thoughts about the talent and skills in the finance organisation, including the organisation’s leadership.

expressed concern about the undue prominence given to APMs over the equivalent generally accepted accounting principles (GAAP) measures. While APMs can provide valuable insight into a company and the extent to which its business model is successful, audit committees should be having a robust dialogue with management about the process and controls by which management develops and selects the APMs reported upon, their correlation to the actual state of the business and results, and whether they are being used to improve transparency rather than to distort the balance of the annual report. The committee should be questioning what broader drivers of value contribute to the long-term success of the company and how Impact of change they should be disclosed. Think about what The new accounting changes on the near sources of value have not been recognised in horizon are just one of the increased the financial statements and how are those demands facing finance teams – but an sources of value managed, sustained and important one. Issue #3 for the Audit developed (for example, a highly-trained committee for 2018 is monitoring the workforce, intellectual property or internallycompany’s implementation plans and generated intangible assets, where these activities for major accounting changes, are relevant to an understanding of the particularly the new revenue recognition and company’s development, performance, leasing International Financial Reporting position or impact of its activity). Standards. The scope and complexity Issue #5 for the audit committee in 2018 of these implementation efforts and is increased transparency around audit the impact on the business, systems, processes. This is now high on the agenda controls and resource requirements, for both internal regulators and the should be a key area of focus. While the investment community. Under International impact of the new revenue Standards on Auditing standard will vary across (ISA 701), auditors are now The risks that industries, many required to describe in many audit companies – particularly the audit reports of listed those with large, complex entities the key areas they committees have contracts – will need to focussed on in the audit had on their plates and what audit work they make many critical judgements and estimates. performed in those areas; for some time — Audit committees will in the US, the Public cybersecurity and and want to understand the Company Accounting IT risks, supply underlying process and Oversight Board (PCAOB) how judgements and issued a final standard chain and other estimates are reached. on the auditors’ reporting operational risks, Under the new leasing model, which requires standard, many companies legal and regulatory a description of ‘critical will face significant audit matters’ in the compliance – implementation challenges auditor’s report. during the transition Auditors may have the have become period. Implementation of primary responsibility more complex these two new standards for implementing the is not just an accounting requirements, but they are exercise; audit committees will want to relevant to and affect other stakeholders receive periodic updates on the status as well, in particular the audit committee. of implementation activities across the Audit committees will need to interact company (including possible trouble comprehensively with the auditor from spots), the adequacy of resources devoted the audit planning stage through to the to the effort and the plan to communicate finalisation of the audit report. In particular, with stakeholders. think about whether disclosures in the Issue #4 in a similar vein, audit committees financial statements, or elsewhere in the need to ensure appropriate attention is given annual report and/or in other investor to non-GAAP financial measures within communications, need refreshing, otherwise corporate reports. Following the European the auditor might be disclosing more Securities and Markets Authority’s (ESMA) information about an item than the company. final report on alternative performance Engaging in early and open communication measures (APMs), other regulators have with the auditor is crucial in this regard. Winter 2018 | Ethical Boardroom 43

Board Governance | Audit Committee Issue #6 is the quality of the audit internal audit play in auditing the culture committee’s report – an issue around which of the company? Audit committees should both regulators and investors and increasingly be setting clear expectations and helping to focussed. This is particularly important when ensure that internal audit has the resources, it comes to any disclosures relating to the audit skills and expertise to succeed; as well as committee’s consideration of the significant helping the head of internal audit think financial reporting issues and the external through the impact of new technologies on audit relationship – including the committee’s the internal audit function. role in the appointment, reappointment or Issue #8 on the audit committee agenda removal of the external auditor. – and of particular importance is that the EU Audit committees should consider Public Interest Entities (PIEs) is reinforcing providing investors with more insight the audit committee’s direct responsibility into how they carry out their oversight for the external audit. Overseeing the auditor responsibilities, particularly their role in selection process including any (mandatory) helping to maintain audit quality. Consider tender process, and auditor independence, how the committee can engage with should be a key part of any audit committee’s investors to help enhance investor confidence role. Regular audit tendering and rotation in audit and the oversight discharged by is already ‘business as usual’ for EU public the committee. Does any audit committee/ interest entities (PIEs), but the new regulatory investor dialogue focus on matters specific regime includes some requirements that to the company and the current year, or are difficult to navigate and, in some cases, explain what the committee actually did and will significantly impact the way audit how it added value using active, descriptive committees operate in practice. To ensure the language? Is the audit committee transparent auditor’s independence from management as to the key issues it considered during and to obtain critical judgements and insights the year, their context, the relevant policies and processes, the conclusions drawn and their consequences for the company and its reporting? Is the committee transparent as to the key judgements it made and the sources of assurance and other evidence drawn upon to satisfy it of the appropriateness of its conclusions? Issue #7 relates more broadly - as recent headlines suggest it should - to failure to manage key risks – tone at the top, culture, legal/regulatory compliance, incentive structures, cybersecurity, data privacy, global supply chain and outsourcing risks and environmental, social and governance risks, etc – that can potentially damage corporate Failure to manage reputations and impact financial performance. key risks can that add value to the A key task for the audit potentially company, the audit committee is ensuring the damage corporate committee’s direct company is focussed on oversight responsibility identifying those risks that reputations and for the auditor must be pose the greatest threat to impact financial more than just words in the company’s reputation, the audit committee’s strategy and operations, performance charter. All parties – the and helping to ensure that audit committee, external internal audit is focussed auditor and senior management – must on these key risks and related controls. acknowledge and continually reinforce this Audit committees are spending more time direct reporting relationship between the looking at audit plans and ensuring they audit committee and the external auditor are both risk-based and flexible. Does the in their everyday interactions, activities, audit plan adjust to changing business communications and expectations. and risk conditions? What has changed in the operating environment? What are Monitoring behaviour the risks posed by the company’s digital In recent years, a number of highly transformation and by the company’s publicised corporate crises that have extended organisation – sourcing, damaged corporate reputations were due, in outsourcing, sales and distribution part, to failures to manage key risks posed channels? Is the company sensitive to early by the company’s culture, tone at the top warning signs regarding safety, product and incentive structures. Issue #9 for 2018 is quality and compliance? What role should 44 Ethical Boardroom | Winter 2018

monitoring the impact of the tone at the top and the corporate culture on the company’s compliance programmes, as well as the wider business and regulatory environment. This is particularly true in a complex business environment as companies move quickly to innovate and capitalise on opportunities in new markets, leverage new technologies and data, engage with more vendors and third parties across longer and increasingly complex supply chains and, as a result, face heightened compliance risks. As a result of the radical transparency enabled by social media, the company’s culture and values, commitment to integrity and legal compliance and brand reputation are on display as never before, so audit committees need to use all the tools at their disposal – including internal audit and other assurance functions to assess whether the desired culture is the culture that actually persists throughout the organisation. Issue #10 finishes this round-up of audit committee issues for 2018, and it is around making the most of the audit committee’s

TIME FOR AN AUDIT SHAKEUP? Assess if your committee is ready for 2018’s challenges

time together. Audit committees should look at streamlining committee meetings by insisting on quality pre-meeting materials (and expecting them to have been read), making use of consent agendas and reach a level of comfort with management and auditors so that routine financial reporting and compliance activities can be ‘process routine’ (freeing up time for more substantive issues). Think about how the committee can best leverage the array of resources and perspectives necessary to support its work. Does the committee spread the workload by allocating oversight duties to each member, rather than relying on the committee chair to shoulder most of the work? Does the committee spend time with management and the auditors outside of the boardroom to get a fuller picture of the issues? Take a hard, honest look at the committee’s composition, independence and leadership. Is there a need for a fresh set of eyes? Is it time for a rotation? www.ethicalboardroom.com

Board Governance | Culture & Behaviour

Jan Otten & Inge van der Meulen

Jan is founder of ACS and partner at ACS Behavioural Auditing. Inge is partner at ACS Behavioural Auditing

Behavioural auditing For a long time, studying behaviour in organisations was the domain of specialists in organisational and human behaviour, such as industrial and organisational psychologists, organisational sociologists and anthropologists.

However, in recent years, auditors and accountants have also become aware of the impact of human behaviour on governance and management issues in organisations. Culture and behaviour are now fully accepted as an audit object. How this object should be audited is an issue that is still under discussion within the profession. As outlined in a 2016 Chartered Institute of Internal Auditors’ (IIA) report, auditors and accountants are struggling with this issue.1

How organisations are assessing corporate culture and behaviour

In this article, we introduce behavioural auditing as a tried and tested new approach to gain insight into relevant cultural and behavioural issues in organisations on the basis of solid research.

Culture and behaviour

Auditors often describe culture as ‘the way we do things around here’. The aforementioned IIA report also uses this definition, which was formulated for the first time by Dean and Kennedy in 1982. The behavioural auditing

definition of culture and behaviour is slightly different and is inspired by Geert Hofstede. In his famous study of the Shell company culture, Hofstede states that culture is the ‘collective mental programming’ of a group of people.2 Mental programmes are developed over a lifetime. They are learned by education, social environment, professional training and personal experiences. They are not static and may change over time as a result of new insights and experiences. Mental programmes inspire people to do what they do and how they do it. Culture is, so to speak, the software of the mind. Hofstede’s definition is closely related to the concept ‘mental models’ as developed by Massachusetts Institute of Technology (MIT) researchers, such as Senge, Argyris and Schein.3 Both concepts are very useful because they

GAUGING OPINIONS It’s important to understand how members behave and how they perceive 46 Ethical Boardroom | Winter 2018

www.ethicalboardroom.com

Behavioural Audits | Board Governance focus our attention not only on actual behaviour but also on behavioural drivers. Many organisations use values as a shorthand for culture. Board and senior management are primarily responsible for defining these values and promoting them into the organisation in order to create a ‘healthy’ or ‘just’ culture. But culture is about more than values. Auditors, for instance, must be careful to distinguish between ‘espoused’ values and ‘lived’ values. Argyris concepts of ‘theory espoused’ and ‘theory in use’ define the difference between the two. ‘Theory espoused’ is what people will tell you about their values and what they feel is important when you ask them. ‘Theory in use’ is what really drives them and reveals their mental models. Argyris stated that although people do not (always) behave congruently with their espoused theories (what they say), they do behave congruently with their theories-in-use, their mental models.4 Behavioural auditing focusses on the mental models and perceptions that drive organisational members’ behaviour.

Behavioural auditing control framework

A behavioural audit is carefully designed to obtain insight into organisational members’ behaviour, to report on the results and by doing so influencing the socio-psychological climate and the organisational culture. These topics, as such, are not new to auditors. New are their framing in a separate audit discipline, based on new concepts and a different research methodology, techniques and automated support. Behavioural auditing combines theory and research methods from the behavioural and social-cultural sciences in a way that is new to the professional field. Before discussing the behavioural audit approach in more depth, we need to explain our view on behaviour, culture and behaviour related control issues. Auditors like to use concepts such as ‘hard’ and ‘soft’ controls to indicate the difference between behavioural control measures. Soft controls is usually understood to mean the intangible

behavioural factors in an organisation that are important for achieving the organisation’s objectives. Th is is in contrast to the so-called hard controls. A clear definition, however, is missing. For one author, soft controls are ‘intangible, difficult-to-objectify motives for behaviour’. Others describe soft controls as ‘measures that affect, for instance, the motivation, loyalty, integrity, inspiration, and norms and values of employees’. Other authors do not even attempt to define the concept and assume that by now, everyone knows the difference between hard and soft controls. Apart from the confusion that exists regarding the meaning of the concept soft control, it simply does not make sense to talk about control in relation to terms such as informal, subjective and intangible. Instead of hard and soft controls, we prefer to talk about ‘physical’ and ‘infrastructural’ controls.

A behavioural audit is carefully designed to obtain insight into organisational members’ behaviour, to report on the results and by doing so influencing the socio-psychological climate and the organisational culture Physical and infrastructural controls determine the playing field in which organisation members are deemed to carry out their work. Th is playing field is created by physical measures, for example, locks on doors, access passes, admission controls and more advanced access systems. These are what we refer to as physical controls. The framework within which organisation members are supposed to act is furthermore determined by formal agreements, rules, procedures, and regulations. Influencing behaviour is also

FIGURE 1. THE BEHAVIOURAL AUDIT PROCESS Preparation

Data collection

Data processing

Reporting 1

Reporting 2

Preparatory discussions client & audit team

Noticeable results

Qualitative data analysis

Narrative report

Audit report

Sensitising concepts

Interviews

Validation

Behavioural observation Document research www.ethicalboardroom.com

Organised material: themes and concepts

Feedback on narrative and dialogue

an important part of the leadership duties of board and managers. Together, all the formal agreements, procedures, rules, regulations, as well as the board’s and managers’ verbal or written expressions intended to influence organisational members’ behaviour, whether or not through official channels, we refer to as infrastructural controls. How organisation members actually behave and whether or not they will act within the physically and infrastructurally determined frameworks depends, of course, on the quality of these controls and the control framework as a whole. However, at least as important as the quality of the controls is how they are perceived. Thanks to the MIT researchers we know that organisation members interpretation of what’s going on in their daily work environment and how they act has to do with their mental programming. These mental models reveal themselves in perceptions, images and assumptions about themselves, other people, their work, the leadership, the organisation, etc. In a behavioural audit, we want to find out how organisation members perceive the organisational environment and how they behave, based on those perceptions.

Behavioural audit methodology Einstein once said that ‘not everything that counts can be counted and not everything that can be counted counts’. Perceptions and mental models cannot simply be quantified. Quantitative research methods therefore, are not suitable for the kind of research a behavioural audit requires. Qualitative research methods focus on experiences that cannot be counted. They uncover perceptions, behavioural drives and mental models and help us understand why people think what they are thinking and why they do what they are doing. We, therefore, prefer qualitative research methods for our behavioural audits. Every audit, including the behavioural audit, must be relevant and urgent in the eyes of the (internal) client, be valid and reliable and carried out as efficiently as possible. In this article we cannot discuss every step of the behavioural audit process in detail. We will focus on the main differences between a ‘common’ audit and a behavioural audit (see Figure 1). During the preparation phase, auditors and (internal) client together identify preliminary relevant sensitising concepts for the research. Sensitising concepts serve as a guiding tool for the auditors during the fieldwork and give direction without prescribing the way. Shared values, ethical standards, responsibility, communication are some examples of frequently used concepts. Superficially, a set of sensitising concepts may look like a ‘normal’ frame of reference. But, even though the words may be the same, there is a big difference between sensitising concepts and the ‘classic’ frame of reference.

Winter 2018 | Ethical Boardroom 47

Board Governance | Culture & Behaviour A frame of reference is fi xed and provides pre-defined assessment criteria. These criteria reflect the auditor’s opinion of what is important and what should be measured. Sensitising concepts are preliminary. They reflect what the (internal) client and the auditors expect what might be important. Sensitising concepts can either be adapted or changed during the research, based on the auditees’ perceptions of what is important related to the audit question. In a behavioural audit, the most relevant information is collected during in-depth interviews, or reflective conversations as we prefer to call them. Each interview starts with some noticeable results related to the audit question. How we do this and why this is done is explained elsewhere.5 Advanced interview techniques combined with a strict interview protocol encourage auditees to reach the desired depth that will bring up their mental models and perceptions. Another important difference with a ‘classic’ audit is that in a behavioural audit we will never ask directly for information about sensitising concepts. But if auditees start talking about

them spontaneously, we will invite them to dig deeper into the subject. All interviews are recorded and fully transcribed. The transcriptions are analysed in three steps. During the first step, interview fragments that accord to the auditors’ opinion are related to the audit question are marked with a code. A code is a keyword or a brief description that characterises the content of the text fragment. In the second phase, related codes are grouped into themes or categories. These themes reflect what the audit team has found to be important in the collected material. Based on the research question, the audit team looks for connections and patterns in and between the clusters. This is the third step in the analysis. The point is to structure the findings in a meaningful way. During this process, the auditors gain an increased understanding of what is going on in the organisation.

Reporting

After the data processing, the auditors know a lot about the audit subject. They can explain why certain things happened in the past and they

can predict what will happen in the future if nothing is changed. But reporting on culture and behaviour may be a tricky thing. A report with findings about the tone at the top, for example, and a negative qualification by the auditor will usually trigger a lot of resistance. Many auditors, therefore, prefer to report only verbally, especially when they have to rely on their gut feeling. That is not what we want. A behavioural audit is a solid research project with a well-defined audit trail and we want acceptance of the results and, if necessary, the willingness to improve. We present the results of the analysis in a two-column format. One column is reserved for quotes from the interviews with the auditees. We order the material in such a way that an ongoing story is created. In the other column, this story is commented on by the auditors. The design is directly related to the purpose of this type of research. It is not about a uniformly formulated final judgment by the auditors. Instead, multiple perspectives are illustrated relating to relevant themes that were found in the research material. Statements by auditees that are displayed in the report are representative of how organisation members perceive the organisation and how they act accordingly.

Validation

The concept report is presented to the auditees during a validation workshop. It’s crucial for the auditors to make sure that auditees have the feeling that it’s about them and their daily work. In all cases, immediately after reading the report a lively dialogue starts about the meaning of the story and where improvements are necessary. Following the validation workshop the narrative report is converted into an audit report. We write down the findings of the analysis, supplemented with the dialogue of the validation workshop. We end with a conclusion that is consistent with the conclusion(s) of the participants in the validation workshop. All our audit reports so far have been accepted without any further discussion.

Afterwords

A behavioural audit is not about testing the operating effectiveness of a set of espoused company values. The narrative report is based on solid research and reveals the real issues in the organisation as perceived by organisation members. They accept the story in the report because it’s their own and it urges them to come into action. The findings in all the audit reports we produced later have never been contested. HOW PEOPLE WORK Effective behavioural audits can reveal how people feel about their organisation

48 Ethical Boardroom | Winter 2018

1 See e.g. Organisational Culture – Evolving Approaches To Embedding And Assurance 2016. www.iia.org.uk. 2 Geert Hofstede; Culture’s Consequences, International Differences In Work-related Values, 1980. 3 Van der Meulen & Otten; E book Behavioural Auditing, www.behaviouralauditing.nl. 4Chris Argyris; Overcoming Organizational Defenses, 1990. 5See 3.

www.ethicalboardroom.com

FIGHT FRAUD THROUGH TEACHING

The Anti-Fraud Collaboration is pleased to share its most recent case study, LDC Cloud Systems Case Study. With a plot centered on a bribery allegation and questionable accounting oversight within the company, LDC Cloud Systems is a guided case study designed to provide the reader a better appreciation of how fraud situations can unfold and be addressed, including the importance of strong board oversight. Find this case study and related resources, all offered free of charge, at antifraudcollaboration.org

Board Governance | Ethical Behaviour

Ethics: Leading from the top Internal audit can be a key player in ensuring boards challenge organisational culture and prepare for ethical missteps

management and expected of employees at all rungs of the organisational ladder. So important is tone at the top that I believe a tone that is strong but inappropriate can undermine even valid, well-crafted internal control processes and policies. Boards and executives have a leading role to play in ensuring the right plans are in place before and after an ethical misstep and internal audit can provide strong support.

Richard F. Chambers

Why internal audit?

President & CEO, The Institute of Internal Auditors

There is never a right time to relax on ethical behaviour. Recent headlines provide ample proof of the consequences of leaving open even a tiny window of opportunity. Human nature has shown time and again that, in the right (or wrong) circumstances, even smart people can do dumb things and good people can behave badly.

Commitment to ethics must be more than a once-a-year ‘ethics day’, with a picnic and a brief chat from the CEO. It requires constant attention, regular activities and ongoing follow-up, all focussed on expectations of zero defects in ethical behaviour. It starts with setting the tone at the top: ethical conduct modelled by the board and senior

It is no surprise that I would advocate for the benefits that internal audit can bring to many facets of business, including ethics. I am an internal auditor by training and experience and I now lead The Institute of Internal Auditors (IIA), the world’s largest organisation of internal audit professionals. The IIA takes ethics seriously; in fact, the organisation requires adherence to a Code of Ethics to be a member and to hold its certifications. The IIA’s Code of Ethics is built on four pillars that define the behaviour expected of those engaging in internal audit activities: integrity, objectivity, confidentiality and competency. Internal auditors who perform their duties in alignment with these pillars build trust with audit clients, inspire confidence in the validity of their findings, avoid conflicts of interest and communicate the results of their work with transparency and empathy. This standard of behaviour is critical because of the role

internal audit plays in most enterprises’ whistle-blower programmes. In many cases, internal auditors uncover evidence of ethical breaches during regular or managementrequested audits. In addition, internal audit is often responsible for the enterprise’s whistle-blower programme, a duty sometimes shared with the legal and/or compliance functions. Even in enterprises where internal audit does not manage the whistle-blower programme, it generally receives copies of all complaints (the most common exception being HR-related issues). An efficient and effective internal audit function is crucial for enhancing and protecting organisational value – value that can be quickly and, potentially, permanently eroded by ethical breaches.

Before an ethical breach

Establishing an ongoing ethical awareness and response programme is similar to holding certain insurance policies: we buy them and keep up the payments in the hope we will never need them, but appreciate their value when we do. Waiting until after a breach happens to get started on creating an ethics programme is, at best, too little, too late. At worst, it may reflect a dereliction of governance responsibility. Ethics programmes vary by organisation, but they generally specify a need for board oversight, management responsibility,

SUPER LEADERS Setting tone at the top demonstrates a firm commitment towards honesty and integrity

50 Ethical Boardroom | Winter 2018

www.ethicalboardroom.com

Ethical Behaviour | Board Governance

written policies and procedures, risk assessments, training, monitoring, reporting and corrective actions. The following are some activities that can underpin the ethics programme and support enterprise preparedness. Set up a defence-in-depth structure Organisations that are serious about addressing risks, including those that accompany ethical breaches, know better than to rely on only one safeguard. They implement risk-based controls designed to prevent the occurrence of ethical misbehaviour (the first line of defence is business line management, responsible for setting, communicating and modelling desired behaviour). If those controls break down, internal monitoring should detect it (the second line – the management and oversight function, which monitors risk and compliance and provides advice to the first line). Finally, internal audit (the third line, which evaluates adherence to the organisation’s standards and its corporate culture) must have the authority to report the issue directly to the board. Some enterprises consider senior management and the audit committee as fourth and fifth lines because of their responsibility for ensuring the other three lines are established and working smoothly. When the three (or more) lines work together effectively, the enterprise has a fighting chance to avoid a whistle-blower situation. Ensure a relationship of trust between the audit committee and the chief audit executive (CAE) The CAE is the ranking staff member responsible for internal audit and the audit committee is the board’s eyes and ears relative to audit issues; therefore, their

www.ethicalboardroom.com

relationship must be built on complete trust. In other words, the audit committee must feel secure that the CAE will bring forward any significant risk and the CAE must believe that problems surfaced will receive appropriate attention and action by the audit committee. They must share the conviction that no part of the organisation is off limits to internal audit. This may seem obvious, but it is not universally practiced. A recent Internal Audit Foundation survey of nearly 15,000 internal auditors worldwide, from staff to CAEs, reported shocking evidence of a betrayal of trust: a global average of 23 per cent reported receiving pressure at least once to modify or suppress audit findings

Boards and executives have a leading role to play in ensuring the right plans are in place before and after an ethical misstep and internal audit can provide strong support (an additional 11 per cent ‘preferred not to answer’). Especially dismaying was the fact that, among those who reported being pressured to change an audit report, 43 per cent indicated that the pressure came from the CEO, the board, the audit committee, or legal/general counsel. Build employees’ trust of internal policies (especially the whistle-blower policy) Most organisations would prefer that employees report suspected issues internally for investigation and remediation, rather

than marching straight to an external agency with whistle in hand. Yet, companies sometimes overlook a defining factor in ensuring that outcome: building employees’ trust in the company’s policies. When employees trust the company, they feel confident that their concerns will be heard, respected and acted upon and they will suffer no negative ramifications for speaking up. If they sense they will not be heard or their career growth will be affected, they may feel the need to go public. So, how can employee trust be fostered? First, ensure that the whistle-blower policy clearly treats whistle-blowers as concerned, diligent employees, not ‘snitches’. Second, make it a regular practice to talk about ethics. Board members, executives and management should openly discuss ethical complexities that may arise in a work environment, treat ethical behaviour as non-negotiable, show respect for differing opinions and acknowledge examples of ethical conduct. Go beyond hotlines While company hotlines are a common means by which employees can report a concern, they are not the only way to uncover potential ethical issues. Watch for comments posted on Facebook, Twitter, or other platforms. Investigate relevant remarks made by employees in their exit interviews. Pay attention to anonymous emails or calls that suggest the existence of an ethical issue. Make it easy and comfortable for employees to walk into the internal audit department, or security, or human resources to discuss a problem.

Winter 2018 | Ethical Boardroom 51

Board Governance | Ethical Behaviour Communicate the whistle-blower process When the whistle sounds, the response plan must be executed immediately, effectively and entirely. This happens only when all parties understand the process well in advance. Employees should be informed how to report, to whom to report and what will happen after the report. Responders must know what to do and whom to involve. Boards need to know there is a programme in place to protect the enterprise and they should be provided with periodic reporting on the status of investigation and remediation activities.

After an ethical breach

Despite the most thorough and well-vetted plans, the most open and consistent communication and the most effective

RISK-BASED EVALUATIONS Identify areas of concern through internal audit

training, an ethical issue may still arise. So, policies must clearly outline what happens next. The following are a few suggestions. Start strong Any process that involves multiple steps, departments and individuals is likely to contain many critical junctures at which something can go wrong. The first and perhaps most important of these junctures in an ethics response plan is triage, in which the organisation hears a new allegation, sorts through the details and decides how to respond. Making good decisions requires an understanding of the legal, accounting and reputational implications of the reported misdeed – a breadth of knowledge that may be beyond the capacity of just one person. For that reason, some enterprises appoint a committee to perform triage, bringing a more diverse perspective to the decisions needed. 52 Ethical Boardroom | Winter 2018

Call in internal audit Because of their everyday activities, internal auditors generally have a working understanding of all parts of an organisation. Couple that with their independence and objectivity and they are well-suited to handle allegations competently and confidentially. As mentioned earlier, in many organisations internal audit ‘owns’ the whistle-blower programme or is engaged in its review and evaluation, so it is a natural fit for the board to rely on internal auditors for assurance that the programme’s policies and procedures are applied appropriately when an instance occurs.

packages and reimbursement policies that discourage ethical breaches. Review selected messages the CEO sends to the employees; do they emphasise the importance of ethical behaviour and assure a blame-free environment for those who raise concerns?

Addressing ethics through a focus on culture

In addition to the suggestions I have already described, I have a recommendation I feel certain will improve every enterprise’s ethical position and it is an activity that boards can single-handedly bring about: charge internal audit with the responsibility to audit organisational culture. The culture Remain alert Despite the natural desire within an enterprise is the petri dish in to breathe a sigh of relief and relax after which ethical failures grow or wither. an ethical incident is remediated, it is Assessing it is a proactive step to ensure behaviours match expectations – from the corner office to the loading dock. Many internal audit teams include a review of culture as part of the annual audit plan’s scheduled activities. However, in cases where a risk-based evaluation has identified an area of special concern, internal audit may perform a specific audit outside the annual plan. Regardless of the approach, the effectiveness of culture audits depends on the board’s and audit committee’s vocal support of internal audit’s efforts and expectation of full staff cooperation. Surveys can be useful inputs to culture audits. A survey may consist solely of ethics and culture-related statements, such as ‘I have received ethical for my position’, The culture within training to which employees respond an enterprise is using a scale from ‘strongly agree’ to ‘strongly disagree’. the petri dish in Or, an organisation may which ethical simply include some culture and/or ethics questions failures grow or in an already existing wither. Assessing enterprise-wide employee survey. it is a proactive Negative survey responses step to ensure critical to continue should be investigated behaviours match by internal audit to diligently executing the programme. There are determine whether there expectations many things a board can is corroborating evidence. — from the corner Evidence found should do to ensure a continued focus. Ensure that be reported to the board, office to the the whistle-blower along with recommendations loading dock programme’s policies are for improvement. If no reviewed on a regular corroborating evidence is basis and updated as needed to reflect found, the outcome should be reported to changes in the enterprise’s culture, industry, appropriate management. The negative technology, business model, or laws and response may reflect a misunderstanding of regulations. Demand frequent reporting on the processes in place, which management ethics programmes and activities (perhaps can correct via clear, direct communication. a dashboard that reports information, Sadly, it is unlikely that an organisation such as ethics violations, hotline calls and can eliminate ethical missteps entirely, customer complaints). Ensure that ethics but awareness, engagement by the board and other culture-related issues appear and audit committee, preparedness and a regularly on board and audit committee well-crafted response plan can certainly agendas. Build executive compensation create a hostile environment for them. www.ethicalboardroom.com

ProfessionalDirector™

The only world-class, university accredited director education delivered to you completely online. • Work at your own convenience and pace to earn your Professional Director™ designation! • Gain conﬁdence to meet the responsibilities expected of today’s board member • Build corporate governance knowledge in your business and sector

info@professionaldirector.com | www.professionaldirector.com PROMO CODE for 10% off: ETHICAL

Board Governance | Virtual Meetings

Steven M. Haas & Charles L. Brewer Lawyers at Hunton & Williams LLP

Virtual-only shareholder meetings: A practical guide Before switching from in-person annual meetings, US companies must consider how they intend to communicate with shareholders

GOING VIRTUAL Many US companies are considering a switch from in-person meetings

54 Ethical Boardroom | Winter 2018

www.ethicalboardroom.com

Virtual Meetings | Board Governance

Last year, a record number of US public companies held virtualonly shareholder meetings and, despite some shareholder opposition, we believe this trend is likely to continue.

This article provides a practical guide for US companies deciding whether to switch to and then how implement virtual-only shareholder meetings.

Making the switch

permit virtual-only shareholder meetings. In states that do, corporations will need to review the statutory requirements carefully. In addition, corporations must confirm that their organisational documents permit virtual-only shareholder meetings. Many corporations’ bylaws may require a physical location and would therefore need to be amended to allow for a virtual-only meeting. A key aspect of holding a virtual-only shareholder meeting is providing the ability for shareholders to vote securely online. Consequently, it is likely impractical, if not impossible, for most public corporations to hold a virtual-only meeting without third-party assistance. An experienced service provider can provide a robust and usually cost-effective platform to host a virtual-only meeting more easily than a corporation could develop the technology and related expertise necessary to host a virtual-only shareholder meeting on its own. For privately-held companies, whether a third-party service provider is necessary will depend on the circumstances.

Virtual-only shareholder meetings can greatly reduce the costs of the annual meeting process while also communicating with more shareholders. Proponents of these meetings argue that the time and costs of conducting traditional, in-person meetings – which are generally poorly attended and usually perfunctory rather than substantive – outweigh the benefits. But critics of virtual-only meetings claim that nothing can replace the opportunity for shareholders to sit in the same room as a corporation’s directors and officers and ‘look them in Meeting format: audio-only or video the eye’. They also believe that corporations The most fundamental decision a may hold virtual-only meetings to avoid corporation must make regarding a answering pointed or negative questions. virtual-only meeting is whether it will be Our view is that there is no one correct audio-only or include video. An audio-only approach to holding shareholder meetings. meeting (which does not include live video Corporations will need to determine on a but may include a contemporaneous slide case-by-case basis whether in-person, presentation) is substantially similar to virtual-only or a hybrid is most appropriate an earnings call, with the key addition under the circumstances. For example, of shareholder authentication and voting corporations likely will hold contested through a secure website. A meeting that meetings in person due to the includes live video will Corporations greater complexity, need for generally resemble an discussion at the meeting, in-person shareholder should structure larger number of votes likely meeting, with the obvious the agenda of any exception that no to be cast during the meeting and increased chance that an virtual meeting to shareholders would be adjournment could be necessary. in physical attendance. bring matters to Corporations that historically So far, corporations have high in-person attendance holding virtual-only a vote, close the may also face investor backlash have polls and adjourn meetings for suddenly switching to a overwhelmingly chosen the formal part virtual-only format. audio-only meetings. Because so many US an audio-only of the meeting as Holding companies held virtual-only meeting is cheaper and quickly as possible technologically easier shareholder meetings in 2017, we believe that 2018 could be a than also broadcasting pivotal year in the US for the future of live video. Broadcasting live video, virtual-only meetings since we will see how however, which would allow shareholders many investors register their displeasure to observe the corporation’s representatives by voting against directors who authorised as they answer shareholder questions, virtual-only meetings. For that reason, many could help avoid some criticism that a US companies considering virtual-only corporation is ‘hiding’ its directors and meetings may defer their decision to 2019 in officers from shareholders by holding a order to see how investors react this year. virtual-only meeting.

Preliminary considerations

Statutory requirements and organisational documents Not all states

www.ethicalboardroom.com

Safeguarding against technological problems Any company holding a virtual-only shareholder meeting should

have contingency plans to deal with a technological failure, such as a power or network outage. These contingency plans should include scenarios in which there is a brief outage where the meeting can be promptly reconvened and a prolonged outage that requires the meeting to be reconvened on a later day. To minimise the risk of a technological failure disrupting the meeting, corporations should structure the agenda of any virtual meeting to bring matters to a vote, close the polls and adjourn the formal part of the meeting as quickly as possible. With the formal part of the meeting done, the corporation can then turn to shareholder questions or a management presentation which, if disrupted, would not prevent the shareholder vote from being effective or necessarily require that the meeting be reconvened. Whether the meeting will need to be reconvened will depend on whether the formal business was concluded or, as a matter of shareholder relations, the corporation should continue with the rest of the agenda (e.g. answering shareholder questions). Shareholder questions Question and answer sessions give most shareholders their only opportunity to engage directly with a corporation’s directors and officers. Some shareholders believe that this ‘live’ format is the best way to ensure a candid (i.e. unscripted) response to shareholder questions. For virtual-only shareholder meetings, corporations have a number of options regarding how shareholder questions can be presented, including: ■■ Live questions via telephone Corporations can structure the meeting similarly to an earnings call, with an operator managing a queue of shareholders who will ask questions via telephone using a dial-in number. This is the most similar to in-person meetings and we expect that many shareholders – particularly activist retail shareholders – would prefer this option ■■ Live questions via text Virtual meeting platforms offered by third-party service providers allow shareholders to submit questions in text during the meeting. These questions typically are not seen by other shareholders. Compared to the telephone option, shareholders may view this as less effective for presenting potentially negative questions. It also gives the corporation some discretion in choosing which questions to answer

Winter 2018 | Ethical Boardroom 55

Board Governance | Virtual Meetings ■■ Pre-submitted questions Corporations may require that shareholders submit all questions in advance, either through pre-recorded audio or video files or in writing. Some critics argue that it results in less candid answers because the corporation will prepare a scripted response in advance of the meeting. Corporations that require pre-submitted questions believe that a prepared response – which can be more substantive and complete than unprepared remarks – is more useful to shareholders without any loss of candour Unless a corporation chooses to permit live questions via telephone, it will usually need to engage in some editorial control over the questions its directors and officers answer. At a minimum, the corporation (and shareholders) would want to eliminate duplicate questions and questions that are off-topic or inappropriate. But some shareholders believe that corporations will ‘cherry pick’ favourable questions and downplay, rephrase, or ignore questions that are seen as overly negative or hostile. Corporations can take steps to alleviate this concern by providing transparency into how they select shareholder questions, such as committing to respond to all reasonable questions at the meeting or, if too many questions are received, to post all questions on a website available to shareholders and respond to them after the meeting. Shareholder proposals Shareholders of US public companies who meet certain ownership requirements may submit proposals for inclusion in a corporation’s proxy statement. Either the proponent or his or her qualified representative must present the proposal at the shareholder meeting. Corporations that intend to hold a virtual-only shareholder meeting, therefore, must determine how shareholders will present their proposals. Options include: ■■ Providing a dedicated dial-in number for the shareholder or the shareholder’s designated representative to speak ■■ Permitting proponents to provide an audio or video recording of their presentation, which the corporation would play during the meeting ■■ Designating a representative of the corporation to read the proposal or an introduction to the proposal submitted in advance by the proponent In 2016, most corporations preferred to provide a separate dial-in number for proponents. The corporation should also have a back-up plan to present the shareholder proposal on the proponent’s behalf if the proponent has a technical issue that prevents him or her from presenting the proposal personally. 56 Ethical Boardroom | Winter 2018

Pre-meeting communication Before deciding whether to hold a virtual-only meeting, corporations may want to engage privately with key shareholders to gauge their reaction. Some prominent investors have indicated they will vote against directors who authorise virtual-only meetings. Other institutional shareholders do not seem to view virtual-only meetings as a significant issue. Once a corporation decides to hold a virtual-only meeting, many decisions need to be made in advance with regard to voting, shareholder questions and shareholder proposals, as explained above. Corporations will reach different decisions on these issues in light of their particular shareholder base and their historical practices for holding shareholder meetings. Regardless of the result of any particular decision, however, corporations should publish their procedures

Before deciding whether to hold a virtual-only meeting, corporations may want to engage privately with key shareholders to gauge their reaction. Some prominent investors have indicated they will vote against directors who authorise virtual-only meetings. Other institutional shareholders do not seem to view virtual-only meetings as a significant issue for shareholder participation in virtual-only meetings – just as they would for in-person meetings – to ensure that all shareholders feel they have received a meaningful opportunity to participate in the shareholder meeting. Thoughtful, specific procedures may help forestall any complaints shareholders have regarding a virtual-only meeting taking the place of an in-person meeting.

Recap of key issues

There are numerous issues that need to be considered before holding a virtual-only meeting in the US, including: ■■ Whether to engage with institutional shareholders before deciding to hold a virtual-only meeting ■■ Whether holding a virtual-only meeting will result in significant ‘withhold’

votes or votes ‘against’ the directors ■■ Whether to permit non-shareholder attendees, such as analysts, employees, or the media, to view the meeting ■■ How to structure the agenda of the meeting in order to conclude the formal business as soon as possible ■■ What contingency plans to prepare to address a technological failure, including contingency plans for a short network outage, a prolonged network outage and the inability of a shareholder proponent to present his or her proposal ■■ Whether a recording or transcript of the meeting will be available after the meeting and, if so, for how long ■■ How shareholders will present shareholder proposals, such as through a designated dial-in number or a pre-recorded audio or video statement ■■ How shareholders can ask questions, including in advance, by text, or ‘live’ and if ‘live’ how to deal with disruptive or otherwise inappropriate behaviour ■■ How to decide which shareholder questions will be answered, including how to deal with duplicate or inappropriate questions, whether and how to respond to questions for which there is insufficient time to answer them during the meeting and the level of transparency to provide to explain how questions will be chosen ■■ How to maintain the required record of any vote or action taken by remote communication ■■ What information to include in the corporation’s proxy materials regarding its switch to a virtual-only shareholder meeting and whether to publicise shareholders’ ability to attend the meeting virtually in other locations (e.g. on the corporation’s website)

Conclusion

It is clear that switching from an in-person to a virtual-only shareholder meeting can be a lengthy process, with many issues that must be considered and decided well in advance of the meeting date. Experienced legal counsel and third-party service providers can help corporations analyse the issues, but each corporation considering whether to hold a virtual-only meeting will need to take into account its historic practices with respect to shareholder meetings, its shareholders’ previous level of engagement, its existing shareholder base and whether it expects shareholders to protest its adoption of virtual-only meetings. In addition, as virtual-only meetings become more popular, particular practices may coalesce regarding how to address the issues described in this article. Corporations and their advisors will need to continue monitoring the best practices in corporate governance and adjust their meeting procedures accordingly. www.ethicalboardroom.com

Shareholder Communications, Transformed

End-to-end solutions that are simple, smart and strategic

Corporate Issuer Solutions

Every day brings a new challenge: accelerate digital adoption, increase shareholder engagement, drive successful proxy outcomes. Broadridge sees what’s coming. Our corporate issuer solutions are designed to make you more efficient and effective at every step.

Innovative Transfer Agent Services

Comprehensive Annual Meeting Services

Essential Regulatory and Compliance Solutions

• Simplify and automate processes • Uncover opportunities with data and insights • Create more engaging shareholder experiences We provide the advice, data and tools you need to serve shareholders in the way that makes the most sense for your business—today and tomorrow—with solutions that are simple, smart and strategic.

Please visit broadridge.com/corporateissuer + 1 888 237 1900 © 2018 Broadridge Financial Solutions, Inc., Broadridge and the Broadridge logo are registered trademarks of Broadridge Financial Solutions, Inc.

Communications Technology Data and Analytics

Global News Africa The Gambia joins African Peer Review

Steinhoff corporate governance ‘collapse’ Investigations into Steinhoff have ‘painted a picture of a company with a complete collapse of corporate governance and real maladministration of its tax system’, according to Reuters. Steinhoff, which owns more than 40 brands, admitted ‘accounting irregularities’ at the end of 2017, leading to an 85 per cent share price slide that wiped more than $10billion off its market capitalisation.

The Public Servants Association (PSA) trade union in South Africa said a review of internal documents, including minutes of board meetings and financial documents dating back to 2002, show that former Steinhoff CEO Markus Jooste ‘repeatedly lied to investors and regulators in South Africa and internationally’. The PSA said that, based on the documents under review, corporate governance appeared to have ‘collapsed’ at Steinhoff.

Scores pass Nigerian governance test Corporate governance is receiving ‘rising acclaim’ in Nigeria with more companies passing a ratings test overseen by the Nigerian Stock Exchange (NSE). The Corporate Governance Rating System (CGRS) was launched in 2012 by the NSE in conjunction with Convention on Business Integrity (CBi) to rate quoted companies based on their corporate governance and anti-corruption culture. According to NSE, 34 companies and 435 directors

58 Ethical Boardroom | Winter 2018

have passed its corporate governance rating test, having scored the required 70 per cent mark. Soji Apampa, CEO at CBi, said: “The success rate and increased participation in the CGRS initiative is a testament to the rising acclaim that corporate governance is receiving in corporate Nigeria. It is important to celebrate companies and directors who are leading the renewed charge whilst encouraging others to participate.”

The Gambia has become the 37th member of the African Peer Review Mechanism (APRM), set up to encourage conformity among African Union countries over corporate governance values, codes and standards. Other members signed up to the APRM include Ghana, Kenya, Eqypt, Ethiopia and Uganda. Kenyan president Uhuru Kenyatta, current chair of the APRM, presented a report on Africa’s peer review effort at the 27th APR Forum Summit in Ethiopia in January, where The Gambia was acceded. He described the APRM as ‘more rejuvenated than it was before’ and how it had developed tools and methodologies in accordance with the goals and aspirations of the UN Sustainable Developmental Goals 2030.

KPMG appoints new leaders KPMG South Africa has announced that Professor Wiseman Nkuhlu will become its new chairman from March, while Ansie Ramalho starts as independent director. Nkuhlu is currently the chancellor of the University of Pretoria and a member of the advisory board of the South African Institute of Chartered Accountants. Ansie Ramalho was formerly the CEO at the Institute of Directors in Southern Africa. KPMG said the appointments will assist the company in marking further progress in strengthening the governance and leadership of the firm. Ramalho added: “I look forward to using my experience to help KPMG as it looks to become industry leaders on corporate governance. All professional services firms need to ensure they have governance in place that is able to deal with the growing complexity of oversight and management.”

www.ethicalboardroom.com

Powering The Growth of Africaâ&#x20AC;&#x2122;s Largest Economy

WWW.NSE.COM.NG

Africa | Governance in Zimbabwe

Zimbabwe’s lessons from Singapore

Actions speak louder than words in the evolution of corporate governance

Corporate governance, as we know it today, has come a long way. According to international governance consultant Professor Bob Garrett, it dates back more than 3,500 years and has been evolving ever since from the Greek word ‘kubernetes’ – meaning a person charged with steering or directing a ship. Garrett observes that it is from this notion that directors are appointed to give direction to companies. Over the years, corporate governance has been brought to the fore by corporate scandals. Yet studies have shown that good corporate governance leads to effective

Edward Siwela

Executive Director of the Institute of Directors Zimbabwe performance of companies and organisations at large. According to business speaker Carl Bates, governance is a game changer – ‘when governance is effective it brings a host of advantages’. Bates argues that among these advantages are the protection and upholding of the best interests of an entity, guaranteeing a return on investment, ensuring accountability of those in leadership positions, in particular boards of directors, incentivising investment and ensuring access to corporate finance. As the old adage goes, ‘practice without theory is blind, while theory without practice is of no use’, so it is important to identify success stories that provide lessons to others. In this article, Singapore has been identified as a success story in the integration of the theory and practice of corporate governance.

As a result, effort is made to identify comparisons and contrasts with Zimbabwe with a view to drawing lessons.

The case of Singapore

In Singapore, as in many countries across the world, the development of corporate governance has largely been a response to crises, characterised by corporate scandals. Joyce Koh and Annabelle Yip, writing in the Singapore Institute of Directors’ Boardroom Matters, Volume II (2016) note that ‘crises have, unfortunately, been a feature of the financial landscape both globally and locally’. They cite corporate scandals occurring between 2004 to 2006, which included one of the largest scandals in Singapore’s history involving China Aviation Oil (Singapore) Corporation. Beyond 2006, they bring to the

FROM SINGAPORE TO ZIMBABWE There can be much learned from the evolution of governance in Singapore 60 Ethical Boardroom | Winter 2018

www.ethicalboardroom.com

Governance in Zimbabwe | Africa fore corporate scandals involving ‘several S-Chips, such as China Hongxing Sports, Hongwei Technologies and China Milk Products (which) suffered from poor corporate governance, questionable accounting practices and fraud’. Koh and Yip note with benefit of hindsight that ‘there have been two key drivers of Singapore’s corporate governance development: vision and crises’. Singapore’s vision was to be ‘a financial hub in Asia’. In pursuit of this vision, Singapore developed its Code of Corporate Governance in 2001 – 36 years after gaining its independence in 1965. They note also that ‘another significant development’ was the formation of the Singapore (Stock) Exchange in 1999 (after demutualisation). They note further that earlier in 1998 ‘the Singapore Institute of Directors (SID) was formed to promote high standards of corporate governance and the professional and ethical conduct of directors’. Among the many initiatives that SID deploys towards the promotion of good corporate governance, is the hosting of its Singapore Corporate Awards, including the Best Managed Board Award. To aid the evolution of corporate governance in Singapore, the Companies Act had ‘…several rounds of significant amendments, the most recent being in 2014’. The Code of Corporate Governance was also revised in 2005 and 2012. Notably, Koh and Yip, observe that ‘indeed, the state of corporate governance in Singapore has evolved in tandem with its development as a country from third world to the developed nation status’.

Youthful Zimbabwe and its corporate governance experience

Zimbabwe gained its independence in 1980 and 35 years into its independence had its first comprehensive National Code on Corporate Governance of Zimbabwe (NCCG) launched on 9 April 2015. A striking similarity with Singapore. It should, however, be noted that with the help of the Commonwealth, Zimbabwe first developed the Principles of Corporate Governance in 1999. This was its first code of corporate governance, although it lacked comprehensiveness and buy-in from companies and other organisations. It would take 16 years to launch the second code, a vastly improved and comprehensive one. The interest in ensuring that it does not meet the same fate as the first one is thus understandable. In the preface to the National Code on Corporate Governance of Zimbabwe, Canaan F Dube – the chairman of the Project Board which provided leadership to the development of the code – observes that ‘in 2003 and 2004 Zimbabwe’s banking www.ethicalboardroom.com

sector was rocked by institutional failures arising from insider loans and involvement in non-banking business using depositors’ funds’. He cites this (corporate failures as a result of poor corporate governance) as part of the background that led to the development of the code.

The ease of doing business in Zimbabwe

As part of its ‘ease of doing business’, Zimbabwe is amending a number of pieces of legislation, notable among them, the Companies Act, Public Finance Management Act, the Banking Amendment Act and the soon-to-be-introduced Public Entities Act. All these pieces of legislation seek to strengthen corporate governance in Zimbabwe. As was the case in Singapore, the Zimbabwe Stock Exchange is going through a demutualisation process, which is about to be completed. It is important to realise that the Zimbabwe Stock Exchange is a crucial pillar in the implementation of corporate governance in listed companies. While SID came into being in 1998, by comparison, the Institute of Directors Zimbabwe (IoDZ) was formed in 1958, first as a branch of the Institute of Directors in the UK. IoDZ has been hosting the Director of the Year Awards since 2005, as a way of

There are a number of striking similarities between the two countries as far as the evolution of corporate governance is concerned. There are differences, too, which is where lessons need to be drawn for a positive development on the part of Zimbabwe promoting good corporate governance in both the private and public sectors. IoDZ, together with the Zimbabwe Leadership Forum and Standards Association of Zimbabwe, were the promoters in the development of the National Code on Corporate Governance of Zimbabwe. It has been actively involved in the training and development of directors from all sectors of the Zimbabwean economy and runs a wide array of other initiatives aimed at promoting good corporate governance. Singapore has been independent for 52 years, while Zimbabwe has been independent for 37 years. There are a number of striking similarities between the two countries as far as the evolution of corporate governance is concerned. There are differences, too, which is where lessons need to be drawn for a positive development on the part of Zimbabwe. Koh and Yip observe that ‘the Asian Corporate Governance Association and

CLSA placed Singapore and Hong Kong in the top spot in their 2013 and 2014 corporate governance rankings based on broad–ranging criteria, such as corporate governance rules and practices, enforcement, political and regulatory environment, accounting and auditing’. Interestingly, they note that Singapore was ranked top in the Asia Pacific and ASEAN regions and third worldwide, after the US and UK, by a 2014 joint KPMG and ACCA study of corporate governance requirements across 25 markets. Yet even with these accolades, Singapore still has some way to go. Koh and Yip note that studies have shown that ‘disclosures about remuneration, risk governance, board diversity and sustainability were still lacking comprehensiveness’.

Lessons from Singapore

What can be learned from Singapore? It is clear that the evolution of corporate governance is a multi-pronged development, which requires updated governance legislation, codes of corporate governance, institutions and appropriate structures. It is essential to have these in place, but more critical that they are applied with the avid dedication and commitment of a monk. Herein lies Zimbabwe’s weakness. Two years into the launch of the Code, corporate Zimbabwe, public sector and NGOs are yet to demonstrate the much-needed uptake. Zimbabwe can learn from Singapore that actions speak louder than words. The following clear lessons can be taken from the success story of Singapore: ■■ A combination of corporate failure and a clear national vision constitute key drivers to the pursuit of sound corporate governance ■■ Effective integration of corporate governance principles and practice is crucially important in delivering results ■■ Corporate legislation and corporate governance codes of best practice should be constantly reviewed, revised and amended to respond to the changes in the environment ■■ And, most importantly, the crafting of corporate legislation and updating of codes of corporate governance best practice should be accompanied by commitment and effective implementation Through steadfast development and implementation of sound corporate governance, Singapore has developed from a developing country to a developed, first world one. Zimbabwe is not shy of modern corporate legislation and codes of corporate governance best practice, but what it urgently needs is a change of mindset and the need for action, action, action, as it gears itself to implement these tools of economic, social and environmental progress. Winter 2018 | Ethical Boardroom 61

Activism & Engagement | Social Networking

Steve Wolosky, Andrew Freedman and Ron S. Berenblat Members of Olshan Frome Wolosky’s Activist & Equity Investment Group

Social media and shareholder activism Activists are increasingly turning to digital and social networking platforms to get their message out during proxy campaigns As shareholder activism continues to spread across the globe, activists are becoming more creative and sophisticated in deploying their investment strategies to maximise shareholder value.

As part of this trend, we have recently seen activists begin to utilise multiple social media platforms as part of a comprehensive digital strategy for their campaigns. In the US, notable examples of social media action during the 2017 proxy season included Elliott Management’s successful activist campaign at Arconic and Pershing Square’s proxy contest at Automatic Data Processing. Outside the US, Elliott Management used 62 Ethical Boardroom | Winter 2018

Facebook in its campaign to maximise value at BHP Billiton. Th is article discusses the reasons why we should expect to see social media usage become more prevalent in proxy contests all over the world. We also delve into the legal considerations for utilising social media in proxy solicitations that are conducted in the US. It is important to note that the use of social media in proxy solicitations outside the US will be subject to the laws of the applicable local jurisdiction. Social media has gained tremendous popularity not only as a news source but as a means of communicating any type of mass messaging with the click of a button. While a number of prominent investors have used social media for years (e.g. Carl Icahn with Twitter), it was only a matter of time before

other activists followed suit. Today, other developments have made social media platforms more appealing and accessible to shareholder activists. Shareholder activists have the ability to gain a significant advantage in election contests by hitting social media to communicate with shareholders and solicit votes. Specifically, a shareholder activist can embrace social media as follows: ■ Social media communications Brief topical digital communications through platforms, such as Twitter and Facebook, can quickly and directly keep a target audience, including shareholders, informed on an ongoing campaign and communicate important developments in ‘real time’ www.ethicalboardroom.com

Social Networking | Activism & Engagement ■ Links within social media communications Links embedded within digital communications can drive traffic to shareholder activists’ campaign websites. These websites, which are now commonly used in election contests, provide dynamic and impactful content, including graphics and videos, and help to maximise engagement with the target audience ■ Social media advertisements Paid social media advertisements relating to an election contest can target an audience, including shareholders, based on interest in the company, geography and other attributes. Such advertisements can also ensure that communications will be prioritised and not buried beneath other posts. Social media advertisements can also be deployed in conjunction with search engine marketing ■ Data analytics Data analytics can allow shareholder activists to measure interest in particular content viewed on social media platforms and help them refine their communications to optimise results For less digitally savvy activists, who wouldn’t know the difference between a Tweet and a Snap, there are now advisors who specialise in building digital and social media platforms for activist campaigns. It behoves shareholder activists to utilise social media in their election contests as there is a strong likelihood their targets will already be able to do so through existing social media capabilities. Publicly traded companies are increasingly using social media platforms on a regular basis as part of their ordinary-course marketing strategies and investor relations efforts. As a result, many companies are already well-positioned to leverage an established digital and social media presence, as well as knowledge of their shareholder base, to help solicit votes in proxy campaigns. This requires shareholder activists to make up ground to build a social media presence and compete for the attention of a large audience of social media users. A few examples of social media communications by high-profi le activist shareholders are included (above right) for reference.

Addressing concerns

In the US, shareholder activists and their legal counsel are becoming more comfortable utilising social media in proxy contests from a compliance standpoint. Most of the disclosure and anti-fraud provisions of the US proxy rules applicable to shareholder communications were enacted well before the advent of social media, initially raising questions and concerns regarding the applicability of these rules to various forms of digital communications. www.ethicalboardroom.com

However, guidance from the US Securities and Exchange Commission (SEC) regarding the applicability of the proxy rules to communications through social media and digital platforms has assuaged concerns regarding inadvertent proxy rule violations. Constant dialogue and coordination between shareholder activists and their legal counsel is still strongly recommended to ensure continuous compliance with SEC rules or the rules of the applicable local jurisdiction for proxy contests outside the US.

Many companies are already well-positioned to leverage an established digital and social media presence... This requires shareholder activists to make up ground and compete for attention The US has strict rules governing the ‘solicitation’ of proxies. The SEC broadly defines solicitation to include the furnishing of any communication to shareholders under circumstances reasonably calculated to result in the procurement, withholding or revocation of a proxy, subject to certain exceptions. In the context of the solicitation rules, the term ‘communication’ is interpreted broadly and covers electronic communications made over social media platforms. As a result, social media posts and advertisements generally are subject to the same rules as traditional written communications, such as press releases, letters and newspaper advertisements.

All soliciting materials must be fi led with the SEC no later than 5:30pm Eastern time on the date they are fi rst disseminated to shareholders. Th is fi ling requirement applies to the text of any social media posts or advertisements. Transcripts of any audio or video content used in a solicitation must also be fi led. In our experience, the process for preparing and formatting an SEC fi ling disclosing the content of solicitation materials often takes longer for graphic-intensive communications and audio or video content that is required to be transcribed. As a result, shareholder activists and their legal counsel must coordinate closely to ensure that these types of soliciting materials are timely fi led. Experienced shareholder activists and their counsel have become particularly adept at responding to events in ‘real time’ during the course of a proxy campaign utilising social media while acting quickly to satisfy this strict fi ling requirement. The SEC rules generally prohibit any solicitations unless the person solicited is or has been furnished with a proxy statement containing the information required under the federal proxy rules. There is an exception to this rule under Exchange Act Rule 14a-12(a) that permits solicitations made before a proxy statement is furnished to shareholders if any such written communication includes a legend containing the following information: (i) specified information regarding the participants in the solicitation, or a prominent legend advising shareholders where they can obtain that information; and (ii) a prominent legend advising shareholders to read the proxy statement when it is available and that they can obtain the proxy statement, and any other relevant documents, for free at the SEC’s website, and describing which documents are available for free from the participants. The Rule 14a-12 legend can become lengthy, especially when there are numerous participants in the solicitation. The requirement to include lengthy Rule 14a-12 legends in social media communications could be problematic as a result of the particular social media platform’s applicable space and character constraints (e.g. Twitter’s 280-character limitation). These technical constraints could make the legend obtrusive or impossible to include in full. The SEC addressed this particular complication in an interpretation of Rule 14a-12 fi rst published in 2014. In that interpretation, the SEC acknowledged that limitations on the number of characters or amount of text that may be included within a social media communication may make the inclusion of the Rule 14a-12 legend impossible. Winter 2018 | Ethical Boardroom 63

Activism & Engagement | Social Networking In those instances, the SEC stated that it would not object to the use of a hyperlink to the Rule 14a-12 legend that prominently states that important or required information is provided through the hyperlink. From a technical standpoint, compliance is achieved by styling the hyperlink as ‘important information’ or ‘SEC legend’. Posts on social media platforms that do not have such limitations must include the full legend. In our experience, the technical issues created by the applicability of the Rule 14a-12 legend to social media communications typically do not arise as shareholder activists infrequently take their campaigns to social media platforms prior to fi ling a definitive proxy statement. Th is is a strategically driven approach that will likely evolve as the use of social media in activist situations becomes more commonplace. Nevertheless, there is precedent for shareholder activists relying on the SEC’s interpretation to utilise social media prior to fi ling a definitive proxy statement.

Cautionary legends

A trickier question counsel to shareholder activists have grappled with is the applicability of the SEC’s interpretation to social media advertisements and search engine marketing. By their very nature, the character and spatial limitations associated with most social media advertisements and search engine marketing make the inclusion of a legend impossible.

For a conventional newspaper or magazine advertisement, where sufficient space always can be purchased, having enough room to insert the requisite legend is not a practical concern. However, for advertisements on social media platforms and search engine marketing that would be otherwise effectively off-limits prior to the fi ling of a definitive proxy statement due to the inability to include the full legend, a reasonable argument can be made that the SEC should permit the advertisement with a hyperlink to the legend.

As long as the global shareholder activism phenomenon continues to grow, we expect to see activists around the world expand their use of social media to communicate with shareholders Solicitations utilising social media are also subject to the anti-fraud provisions of the proxy rules. These anti-fraud rules prohibit any solicitation containing any statement which, at the time and in the light of the circumstances under which it is made, is false or misleading with respect to any material fact, or which omits to state any material fact necessary in order to make the statements therein not false or misleading.

The following statements are strictly prohibited under the anti-fraud rules: (i) predictions as to specific future market values; (ii) statements directly or indirectly impugning character, integrity or personal reputation, or directly or indirectly making charges concerning improper, illegal or immoral conduct or associations, without factual foundation; and (iii) claims made prior to a meeting regarding the results of a solicitation. The anti-fraud rules also extend to third party information re-transmitted, linked to or otherwise endorsed in the shareholder activist’s communications. Therefore, shareholder activists are often advised to refrain from hyperlinking to third party websites and to exercise caution when taking any other action that can be considered as an endorsement of third party content. The rules discussed above apply to proxy solicitations conducted in the US. Proxy solicitations outside the US will be subject to the rules of the local jurisdiction. Because the use of social media platforms by shareholder activists has been more prevalent in the US than in foreign jurisdictions, the applicability of the proxy rules of the foreign jurisdiction to social media may be uncertain and not as well developed as in the US. Nevertheless, as long as the global shareholder activism phenomenon continues to grow, we expect to see activists around the world expand their use of social media to communicate with shareholders.

GETTING HEARD ON SOCIAL MEDIA SEC guidance on proxy solicitation will help activists to communicate 64 Ethical Boardroom | Winter 2018

www.ethicalboardroom.com

Featuring all sides of shareholder activism and corporate governance

www.13dmonitorconference.com

Activism & Engagement | Hedge Funds

Hedge fund activism & the market for corporate control Controlling for selection decisions, activist interventions substantially increase the probability of a takeover offer

TIME TO TAKE THE TAKEOVER ROUTE? Activists can help overcome managerial resistance to mergers 66 Ethical Boardroom | Winter 2018

www.ethicalboardroom.com

Hedge Funds | Activism & Engagement

Hedge fund activist involvement in the market for corporate control has become increasingly common in recent years, despite a historical tendency to view shareholder activism and corporate takeovers as mutually exclusive activities.

For example, in the year 2000 approximately three per cent of takeover bids in the United States involved a hedge fund activist as a significant shareholder in the target fi rm. By 2012, this proportion had grown to 29 per cent.2 Further, merger-related activism (hereafter referred to as ‘merger activism’) represents a substantial proportion of all activism campaigns conducted by hedge funds. On average, about 22 per cent of activism campaigns involve hedge funds encouraging target fi rms to consider a merger, and this proportion has also grown over time. In addition, activist involvement sharply increases the probability that a fi rm will receive a takeover bid. The unconditional probability of receiving a takeover bid in a given year is nearly five per cent, while the probability that a fi rm will receive a takeover bid while an activist is involved is nearly 25 per cent, or a five-fold increase. Th is finding is not driven by activist bids and the result is stronger for financial bidders relative to strategic bidders. 3 Merger activism leads to significant gains for target fi rm shareholders. Figure 1 illustrates this finding by plotting

Nicole M. Boyson, PhD

Associate Professor of Finance, D’Amore-McKim School of Business, Northeastern University1 cumulative long-term returns to all activism events for the 2000-2012 period, beginning one month before (t-1) and ending 22 months after (t+22) activism is announced. These returns are calculated in excess of overall stock market performance and are divided into four categories: all activism events, events in which the target fi rm receives an offer and is acquired, events in which the target fi rm receives an offer and is not acquired and events in which the target fi rm does not receive an offer. Figure 1 highlights several important findings. On average, only merger activism leads to long-term stock market outperformance of target firms. As indicated by the yellow line, non-merger activism delivers long-term stock returns that do not differ from the overall market. Within this category, there are several cases in which activism adds value, but the net effect of non-merger activism on long-term stock performance is insignificant. The best long-term returns accrue to target fi rms that receive offers and are subsequently acquired. The average cumulative two-year stock return for these events delivers a 40 per cent premium to the average overall stock market return for the same period. Finally, the next-best long-term returns accrue to target fi rms that receive offers but are not subsequently acquired. For these fi rms, the average cumulative two-year stock

return in excess of the market is about 18 per cent. Strikingly, despite not being acquired, these fi rms substantially outperform the overall stock market.

The role of activists in merger outcomes

Ideally, hedge fund activists can help overcome frictions caused by target fi rm managerial self-interest because the hedge fund’s incentives are aligned with shareholders, not with target fi rm management or with potential bidders. By supporting third-party offers made by strategic or financial bidders, activists can alleviate managerial resistance by providing a certification effect signaling to target fi rm shareholders that the offer is fair. This certification allows the bidder to offer a higher price: in a 2000-2012 sample of third-party bids for target firms, the stock price for targets with activist involvement increased by 55 per cent relative to the target firm’s stock price 25 days before the merger was announced (hereafter, the ‘acquisition premium’). For third-party takeover attempts without activist involvement, the acquisition premium was eight per cent lower, at about 47 per cent.4 Further, the probability that a third-party initiated merger would be consummated was 96 per cent when an activist was involved, relative to 93 per cent for the sample without activist involvement. These differences can be attributed to the certifying effect of the activist, which lowers the costs of the acquisition and increases the probability that the merger will be successfully completed.

FIGURE 1: LONG-TERM CUMULATIVE ABNORMAL RETURNS OF ACTIVISM TARGETS 45.00% All events 40.00%

EVENT TIME IN MONTHS Receives offer Receives offer and acquired not acquired

Does not receive offer

35.00% 30.00% 25.00% 20.00% 15.00% 10.00% 5.00% 0.00% -5.00%

t-1

t+1

t+2

www.ethicalboardroom.com

t+3 t+4 t+5 t+6

t+7 t+8 t+9 t+10 t+11 t+12 t+13 t+14 t+15 t+16 t+17 t+18 t+19 t+20 t+21 t+22

Winter 2018 | Ethical Boardroom 67

Activism & Engagement | Hedge Funds By contrast, when activists are themselves the bidders, the certifying effect of hedge fund activists on mergers appears to be less relevant. Rather than supporting the interests of all shareholders, activist bidders have private incentives to acquire the firm cheaply, potentially leading to uncertainty among management and shareholders regarding the fairness of the bid price. During the period 2000-2012, hedge fund activist bids comprised about 15 per cent of all merger activism events. The acquisition premia for these offers averaged 32 per cent, 23 per cent lower than the average premia for third party offers with activist involvement of 55 per cent. Further, the probability that a hedge-fund initiated merger would eventually be consummated was sharply lower at about 50 per cent, relative to the 96 per cent completion rate for merger activism involving third-party offers.5 Hence, the potential benefits of activists in facilitating merger outcomes could be undermined when the activistâ&#x20AC;&#x2122;s incentives are not directly aligned with the incentives of other target firm shareholders. Taken together, these data provide support for a value-enhancing role of hedge fund activists in the merger process. In the presence of a third-party bidder, the activist plays a certification role that can overcome managerial resistance, leading to better returns for target firm shareholders and an increased probability that the merger will be consummated. By contrast, when hedge fund activists bid for target firms, it is possible that misaligned incentives result in lower acquisition premia and a sharply lower probability that the merger will be consummated.

Why do activists sometimes bid for targets?

There are several possible explanations for the finding that activist bids involve lower acquisition premia and a lower likelihood of merger completion. One possibility is that hedge funds make offers as an attempt to draw attention to the target firm and attract higher bids from third parties. The data weakly supports this hypothesis: more than 30 per cent of hedge fund offers are followed by third-party bids. About two-thirds of these offers are completed by the third party, while the hedge fund buys the firm in the remaining one-third of events. However, the acquisition premia for these eventual third-party purchases do not differ relative to cases in which the hedge fund is the only bidder, incompatible with the theory that activists make low-ball offers in an attempt to put the firm in play for higher priced third party offers. Another possibility is that hedge fund offers lead to an increase in target firm value, even if the merger is unsuccessful. Figure 1 provides evidence that target firm value increases upon the announcement of a merger, and that this value persists (albeit at a lower level) even when the merger is not consummated, leading 68 Ethical Boardroom | Winter 2018

to significantly higher valuation of merger activism targets relative to targets of non-merger activism. This increase in valuation emanates primarily from positive operational and financial policy changes that result from the activist intervention. For all activism events between 2000-2012 in which target firms are not acquired within two years of activism, target firms that receive bids but are not acquired have better operating and financial performance than the target firms that do not receive bids. Specifically, the return on assets (ROA) for the firms with a bid but no merger increases by about three per cent (300 basis points) relative to firms that do not receive a bid. Return on sales (ROS) increases by about 25 per cent for the firms with a bid but no merger relative to firms that do not receive a bid. These firms that receive a bid but do not merge also make other policy changes; increasing capital expenditures by about three per cent and increasing book leverage by just over six per cent relative to firms that do not receive a bid.

Hedge fund activist involvement in mergers has significant effects on the likelihood of the merger, the short-term and long-term target firm stock returns associated with the merger, and the returns to bidders from mergers Hence, the strong improvements in stock price for merger activism targets that are not eventually acquired are consistent with improvements in operating and financial target firm performance. These performance improvements also help to explain why activists make bids, despite their relatively high rate of non-completion: the very real threat posed by these bids appears to have sufficient credibility to prod target firm management to make real and lasting improvements in their firms. By contrast, activism that is not accompanied by an activist bid does not have the same effect on target firm management.

Bidder returns

If, as suggested earlier, hedge fund activists provide a certification role in third-party bids by reducing managerial resistance, the probability of bidder overpayment for target firms should be reduced. Consistent with this explanation, for the sample of all mergers in US firms between 2000-2012, the short-term bidder stock return upon the announcement of a merger is about 1.3 per cent (130 basis points) higher when an activist is involved relative to bids that do not involve an activist. Hence, while target firm shareholders benefit from activist

involvement in mergers through higher acquisition premia, higher long-term stock returns, and higher completion probabilities, bidder shareholders benefit as well through better announcement period stock returns.

Implications

In conclusion, hedge fund activist involvement in mergers has significant effects on the likelihood of the merger, the short-term and long-term target firm stock returns associated with the merger and the returns to bidders from mergers. The data presented in this article are consistent with the idea that hedge fund activists play a certification role in third-party mergers because activist and shareholder incentives are properly aligned. Further, activists can help overcome managerial resistance to mergers, thereby increasing the likelihood that the merger will be consummated. From a corporate governance perspective, this role is important and valuable to target firm â&#x20AC;&#x201C; and to bidder firm â&#x20AC;&#x201C; shareholders. When hedge fund activists themselves bid for firms, the acquisition premium and completion rates for these mergers are significantly worse than takeover attempts involving third-party bidders. While one explanation for this finding might be that in these cases hedge fund activist incentives are not properly aligned with shareholder incentives, a closer look at the data indicates that just over 25 per cent of activist bids are ultimately consummated by the hedge funds. Another 25 per cent of the time, the firm merges with a third-party bidder, and the acquisition premia in these cases are indistinguishable from the premia obtained by other third-party mergers in which activists do not themselves make bids. More important, in the 50 per cent of cases in which hedge funds make bids but the firm does not merge, target firm stock and operating performance improves significantly relative to activist campaigns that involve neither a third party bid nor an activist bid. These findings indicate that the very real threat of a merger spurs target firm management to make positive and lasting operational and policy changes. 1 Much of the data for this article derives from Boyson, N., N. Gantchev, and A. Shivdasani. 2017. Activism mergers. Journal of Financial Economics 126, 54-73. 2These data involve only cases in which the hedge fund activist was present in the firm before the merger was announced, and therefore exclude risk arbitrage activities of hedge funds who purchase shares of the target firm after a merger announcement. 3This finding does not appear to be driven by a selection effect in which hedge funds simply choose firms with a higher merger probability, because the probability of a merger among activist holdings by a hedge fund is six times as likely the probability of a merger among passive holdings by the same hedge fund. Additionally, when hedge funds switch their intentions from active to passive within the same target firm, the probability of a merger increases threefold. 4This finding is even stronger when we measure the acquisition premium relative to the 25 days prior to the announcement of hedge fund activism, rather than relative to the announcement of the merger. 5 In the campaigns involving hedge fund offers, about half the consummated acquisitions were by the hedge fund, while the other half were by a third-party bidder.

www.ethicalboardroom.com

Enhancing engagement & optimising shareholder response

A global leader in proxy solicitation, M&A and corporate governance advisory

Part of Link Group | Corporate Markets

dfkingltd.com

1224.9 09/17 ISS2

Unrivalled international expertise | 75 years of securing shareholder support | Worldwide partner

Activism & Engagement | Shareholder Votes

Re-evaluating shareholder voting rights in M&A transactions With many high-profile company takeovers leading to negative returns, is it time for compulsory voting? The management and finance literature exploring the causes and consequences of acquisition transactions is vast – the focus in part because acquisitions are likely the most important corporate decisions made by managers. Empirical studies consistently find that public company bidders often overpay for public company targets, imposing significant losses on bidder shareholders. Not only do shareholders of public company bidders lose, but losses from the worst-performing deals can be staggering.

From a corporate governance standpoint, there is much debate about how to address the bidder overpayment problem. Shareholders have three major tools at hand: selling, suing or voting. To determine which of these tools may be best suited to address bidder overpayment, it is important to understand what contributes to overpayment and the role of the various decision-makers – boards, management and shareholders – in the acquisition process.

Bidder overpayment and its causes

Empirical research indicates that the bidder overpayment problem varies by type of bidder and the bidding scenario. Private acquirers tend to pay less in acquisitions than public bidders, and private companies that make acquisitions tend to outperform their public peers. Bidder overpayment is particularly acute when public company bidders acquire public company targets. The disastrous combination of firms, such as America Online and Time Warner, or the problem-laden acquisition of Countrywide by Bank of America, are often touted as examples of deals that proved disastrous for the 70 Ethical Boardroom | Winter 2018

Afra Afsharipour

Professor of Law and Martin Luther King, Jr. Hall Research Scholar, UC Davis School of Law acquirer. More recently, the 2011 acquisition of British company Autonomy for $10.3billion by Hewlett Packard (HP), a venerated Silicon Valley fi rm, similarly falls in the same vein. The acquisition was controversial with HP shareholders who claimed that HP was overpaying for Autonomy. Only a year later, HP announced a write-down of $8.8billion related to the Autonomy acquisition with more than $5billion due to accounting irregularities at Autonomy. Not only did HP fail to realise the gains it expected from the Autonomy acquisition, but the transaction led to various lawsuits between HP and Autonomy management and resulted in a large securities class action against HP. The Autonomy deal was just one in a string of questionable acquisitions by HP during a busy acquisition spree.

Acquisitions tend to highlight conﬂicts of interest between managers and shareholders in large public corporations Why do public company bidders overpay? Numerous empirical studies have connected bidder overpayment with managerial agency costs and behavioural biases. These reasons are not mutually exclusive explanations for the overpayment problem in public company acquisitions. Acquisitions tend to highlight confl icts of interest between managers and shareholders in large public corporations, presenting opportunities for managers to obtain personal gain at the expense of shareholders. Several studies provide evidence that management, particularly CEOs, can gain increased power, prestige, and additional compensation in connection with an acquisition. Studies fi nd that CEOs are fi nancially rewarded for acquisitions,

but are not similarly rewarded for other types of major capital expenditures. Behavioural biases, such as overconfidence and ego gratification, also play an important role in acquisitions. Managers may overestimate their ability to price a target accurately or their ability to integrate the target’s operations and generate synergies. Managers may also be flawed in their decision-making regarding targets by other factors, such as extensive social ties (for instance educational background or employment history) between managers of bidders and targets, or a desire to keep up with peers undertaking acquisitions. There is reason to think that deal advisors can magnify the effects of managerial agency costs and reinforce management biases. Financial advisors receive significant fees for advising on M&A transactions; and these fees are based primarily on the size of the deal, with a significant portion contingent on closing. Advisors also gain prestige from working on successful deals. In cases where management stands to benefit from a deal, the often-close relationship between management and advisors can induce advisors to recommend transactions to avoid upsetting management’s plans. Once management and its advisors begin to feel committed to a deal and have expended significant resources to move forward on a transaction, abandoning plans can be quite difficult.

The role of the board in acquisitions

The empirical evidence on various soft conflicts on the part of bidder management and advisors necessarily raises the question: where is the board of directors in all of this? A central fiduciary duty of the board is the protection and promotion of the interests of the company and its shareholders. The board’s advisory and monitoring roles should www.ethicalboardroom.com

Shareholder Votes | Activism & Engagement result in directors playing an important decision-making role in major corporate transactions, especially transformative acquisitions. Nevertheless, in some public company acquisitions, boards may fall short in effectively supervising management. In virtually all significant acquisitions by public companies, some level of board involvement is the norm. While boards are generally not involved in identifying acquisition targets, once a target has been identified and significant efforts are made to move forward with an acquisition, boards often become more involved in the acquisition process. As part of their role as fiduciaries, directors must undertake sufficient investigation and obtain all reasonably available information regarding the acquisition. For many boards, their primary involvement in the acquisition process is an advisory and oversight role to ensure ‘a reality check’ on management’s plan. Moreover, in almost all public company acquisitions, seeking the approval of the bidder’s board is the corporate norm. Experts caution that boards are at times reluctant to be deeply involved in acquisitions or to challenge management’s often optimistic assumptions about a deal’s value. A survey of directors about the board’s role in M&A found that at least one-third of directors believe that their boards ‘could be more involved in shaping M&A strategy and in evaluating deals proposed by management’.1 Given challenges with integration of public company acquisition targets, experts also recommend that boards closely monitor post-merger integration plans. The acquisition of Autonomy by HP exemplifies how boards can fall short in overseeing management’s acquisition zeal. The failure of the Autonomy transaction was not unexpected. HP’s then-CFO had allegedly opposed the CEO’s pursuit of Autonomy. Moreover, the HP board had sounded some alarm about the Autonomy acquisition. According to reports, HP’s then-board chair had raised concerns about the Autonomy acquisition, but then-CEO Leo Apotheker was reluctant to back away. Unfortunately, the board did not press any further. The reluctance to abandon an acquisition can be strong, even in the face of significant shareholder opposition. For example, in Kraft’s $19billion acquisition of Cadbury, Kraft shareholders, including Warren Buffet who owned 9.4 per cent of Kraft’s then outstanding stock, warned against the acquisition and claimed that he would vote against the share www.ethicalboardroom.com

issuance necessary to close the deal. Kraft’s response was to restructure the acquisition to avoid the ability of its shareholders to vote on the transaction, an option that is available under US corporate law.

Shareholders and the bidder overpayment problem

What role do shareholders have in acquisition decisions? Two structures – a one-step triangular merger, or a two-step transaction involving a tender offer followed by a merger – are often used to acquire publicly traded firms in the US. Under both structures, target shareholders are commonly provided a say, either through a vote or through the decision to sell their shares. Target shareholders may access courts to address any harm they have suffered by bringing fiduciary duty claims against the board and management, and/or securities fraud cases related to corporate disclosures on the transaction. Furthermore, in some transactions target shareholders may bring appraisal proceedings where shareholders ask the courts to determine the ‘fair value’ of their shares. US law, however, provides much fewer rights to bidder shareholders. Transactions can be structured so that under state corporate law or stock exchange listing rules, bidder shareholders are denied voting rights in acquisitions. Even in transactions where bidder shareholders have voting rights, under the structures used to undertake public company

acquisitions, bidder shareholders do not receive any appraisal rights. Neither the right to sell nor the right to sue effectively addresses the bidder overpayment problem and the underlying factors contributing to it. Selling serves as a weak monitoring mechanism for bidder stockholders who often can only sell their shares after the share price has fallen following announcement of the signing of the acquisition. Once an acquisition agreement has been signed, even if bidder shareholders react negatively to the announced deal, the opportunity for the bidder to walk away is low. Furthermore, even the spectre of a share drop following an acquisition announcement does little to deter bidder management, given weaknesses in the market for corporate control. Suing is currently unlikely to protect bidder shareholders. Theoretically, bidder boards’ decision-making role in major acquisitions could make them vulnerable to shareholder lawsuits. Unlike the vast number of fiduciary duty cases against target boards, however, fiduciary duty cases against bidder boards are rarely brought and even more rarely successfully litigated. Not only do suits entail significant costs and delays, but for bidder shareholders the barriers to a successful suit are quite high, given that fiduciary duty cases likely will be subject to the deferential business judgement review.

RIGHT TO VOTE Shareholders could advocate for advisory or binding votes on signiﬁcant acquisitions

Winter 2018 | Ethical Boardroom 71

Activism & Engagement | Shareholder Votes

The value of the shareholder vote

Shareholder voting plays a central role in corporate governance. Yet, for many US public company acquisitions, only the target firm’s shareholders can exercise voting rights. Is it time to re-examine voting for bidder shareholders given the existing, relatively low voting incidences and shortcomings with selling and suing? In general, voting by shareholders has become an increasingly important tool in US corporate governance. Several important developments have led to the rise of shareholder voting: (1) government regulations that require many institutions to vote their stock in the best interests of their beneficiaries; (2) the emergence and increasing importance of proxy advisory firms that can help coordinate shareholder action; and (3) the increasingly significant corporate governance role played by activist investors, such as hedge funds, which has led to greater use of the ballot box and the

VOTE IS CAST Powerful shareholders value voting rights

accompanying result of greater institutional shareholder engagement with voting rights. Shareholder voting, at least with respect to significant corporate decisions, could lead to better governance of the company. Shareholder voting can serve a complementary monitoring role to that played by the board and discourage opportunistic behaviour by management. This supplemental monitoring role is particularly important when there are management conflicts of interest or biases, and when the opportunity for management to obtain private gains at the expense of the firm is high. These soft conflicts, agency problems, and biases are the exact types of situations that research indicates are implicated in significant public company acquisitions. Recent research shows that compulsory shareholder voting reduces the problem of bidder overpayment. A study by Becht et al. addresses head on the value of voting on acquisitions, looking at the UK market where 72 Ethical Boardroom | Winter 2018

shareholder voting on large acquisitions is mandatory and binding under the UK listing rules.2 The study of acquisitions made by UK companies between 1992 and 2010 shows that mandatory bidder shareholder voting increases firm value. Moreover, the results of the study suggest that mandatory voting, which cannot be avoided by management in the UK as it can be in the US, changes the incentive of acquirers and constrains management’s pricing decisions in acquisitions. Another recent study by Li et al. similarly finds value in bidder shareholder voting.3 The study investigates the effects of bidder shareholder voting by comparing deals subject to a vote with those not subject to a vote in a hand-collected sample of US stock deals over the period 1995-2015. The study finds that bidder management substitutes stock with cash to avoid a shareholder vote, especially when there are high agency costs, high deal risk and lower bidder institutional share ownership. The study also shows that in

expensive and uncertain, especially in a significant transaction, and could potentially lead to additional deal risk. Voting rights may also not result in shareholders making an informed decision, especially if shareholders are apathetic and/or suffer from collective action problems. The above arguments against shareholder voting are tempered by the rise of institutional investors. Institutional investors have significant voting power since they own large stakes in publicly traded companies. The change in ownership of US public companies, resulting in a greater concentration of ownership in the hands of institutional shareholders, makes voting by bidder shareholders in large public company acquisitions much more palatable. Their large ownership stake coupled with the increasing influence of other market participants, such as hedge funds and proxy advisory firms, may mean that institutional investors have strong economic and political interests in monitoring management’s decisions via voting. Moreover, voting rights may invite interference from activists who focus on deals that may be risky or more prone to overpayment. Studies suggest that even the threat of monitoring by institutional shareholders may be enough to address the bidder overpayment problem, and may play an important role in management calculations about an acquisition. The argument for shareholder voice in significant public company acquisition decisions is not an argument for shareholder voting rights in all transactions, but rather an argument for shareholder voice in situations of high importance to firm value and share price, and where empirical inquiry

Shareholder voting plays a central role in corporate governance. Yet, for many US public company acquisitions, only the target firm’s shareholders can exercise voting rights deals where the vote of bidder shareholders was avoided, bidder announcement returns were three per cent lower than in deals with a shareholder vote. The study suggests that a shareholder vote incentivises management to offer lower premiums and to acquire targets with greater synergies. Studies also indicate that powerful shareholders, such as institutional investors, value voting rights. For example, a study examining institutional investor voting in merger transactions finds that although the votes are still overall in favour of the merger, shareholders solely invested in the acquirer are generally four times more likely to vote against a merger as a cross-owner.4 Two arguments against bidder shareholder voting rights in acquisitions relate to the cost of the vote as well as to concerns about the value of shareholder decisions. Voting is

seems to consistently demonstrate agency problems and shortcomings in the board’s monitoring role. This editorial is based on a symposium article in the Oklahoma Law Review Symposium, Confronting New Market Realities: Implications for Stockholder Rights to Vote, Sell, and Sue. The article, Reevaluating Shareholder Voting Rights in M&A Transactions, is available at https://ssrn.com/abstract=3049362 1 See KPMG, The Board’s Perspectives On M&A: From Due Diligence To Day 1 And Beyond (2013), available at http://www.execed.kpmg.com/content/PDF/TheBoards-Perspective-on-MA.pdf. 2Marco Becht et al., Does Mandatory Shareholder Voting Prevent Bad Acquisitions?, 29 REV. FIN. STUD. 3035, 3037 (2016). 3See Kai Li et al., Vote Avoidance and Shareholder Voting in Mergers and Acquisitions 1-2 (European Corp. Governance Inst. Working Paper Series in Fin., Paper No. 481/2016), https://ssrn. com/abstract=2801580. 4See Gregor Matvos & Michael Ostrovsky, Cross-Ownership, Returns, and Voting in Mergers, 89 J. FIN. ECON. 391, 399 (2008).

www.ethicalboardroom.com

PROVEN LEADERSHIP FOR COMPLEX LEGAL CHALLENGES FIRST-TIER NATIONAL RANKING IN CORPORATE LAW — U.S. News – Best Lawyers® “Best Law Firms” Survey 2017

Sophisticated advice for the full spectrum of corporate governance issues. Ever-evolving laws and regulations, coupled with heightened scrutiny into corporate governance and compensation practices, have created an increasingly complex environment for publicly traded corporations, privately held entities and their individual executives and directors. We offer our clients advice on a range of issues impacting their business, including board management, financial reporting compliance, risk management and crisis preparedness, takeover defenses, proxy contests, shareholder relations and executive compensation. TALENT. TEAMWORK. RESULTS.

Holly J. Gregory holly.gregory@sidley.com +1 212 839 5853 John P. Kelsh jkelsh@sidley.com +1 312 853 7097

AMERICA • ASIA PACIFIC • EUROPE

sidley.com Attorney Advertising - Sidley Austin LLP, One South Dearborn, Chicago, IL 60603. +1 312 853 7000. Prior results do not guarantee a similar outcome. MN-5240

Activism & Engagement | Corporate Reporting

The path to robust non-financial information Richard Karmel Partner, Mazars LLP

Corporate reporting fatigue is becoming widespread. Given the ever-increasing size of annual reports and the plethora of reporting requirements, there has been an increase in focus on the purpose of these reports.

Who are they actually serving? Why do they contain so much information, which isnâ&#x20AC;&#x2122;t

Key questions non-execs need to ask on their journey to assurance meaningful to most stakeholders? Can anyone but a highly trained accountant actually understand them? These questions are all valid and have

particularly come to the fore ever since the global financial crisis of 2008. Many of the companies that went under at that time, or banks that needed to be rescued, had annual reports with clean audit reports. So if they were compliant, why didnâ&#x20AC;&#x2122;t we see the crisis coming? As annual reports were the main window that external parties had on the performance of these companies/banks then maybe the reporting rules werenâ&#x20AC;&#x2122;t fit for purpose. A tough pill for regulators and standard setters to swallow!

NOT JUST A NUMBERS GAME Companies need to report on non-financial disclosures to demonstrate their strategy

74 Ethical Boardroom | Winter 2018

www.ethicalboardroom.com

Corporate Reporting | Activism & Engagement

There is now a groundswell of opinion that indicates that if these annual reports had more non-financial information and less financially detailed information then maybe, just maybe, we would have had some inkling as to the incoming crisis. Even regulators are acknowledging this, as demonstrated by the UK’s Financial Conduct Authority – it is requiring certain companies in the financial services sector to have their cultures reviewed and reported on. The premise is simple: if the regulators had a better idea as to the ‘profit-above-all-else’ cultures that existed at the time, then maybe certain companies would have been called to account before disaster struck and the lives of employees, customers and wider society were so profoundly impacted. However, culture is only one aspect that could have helped the regulators and other interested parties better understand the potential future performance of companies. And it is these other areas that the EU has picked up on through its Non-Financial Reporting Directive (NFRD), which is required to be enforced in the EU’s 28 states (including the UK – Brexit won’t help companies avoid its requirements). Specifically, the NFRD requires the EU’s publicly listed companies with more than 500 employees to report on the steps they are taking to respect the environment, human rights (i.e. people) and to prevent bribery and corruption. In this case, reporting is being used as a tool to improve performance and to enable external parties, like you and I, achieve a better understanding of how companies deal with a wider range of risks, including those that affect all stakeholders and society. At another level, it helps us to better understand which companies are actively contributing to society, i.e. producing more with less, eradicating discrimination, widening the payment of living wages, etc. Put another way, this directive is actively helping companies regain a measure of trust within society. We mustn’t forget that companies are the primary levers within capitalist societies. Without successful companies, there is no income for employees, no taxes to pay governments who use these funds for our

www.ethicalboardroom.com

public services and no innovation to help society evolve and progress. With stock markets currently on a bull run, it has been estimated that 80 per cent of the value of companies are intangible assets most of which haven’t been audited as they’re not on the balance sheet. That means the audited part of annual reports only really inform us on 20 per cent of the value of companies; and even then, it is historical information and rapidly out of date. So, back to the question posed at the beginning of this article: what is the purpose of annual reports?

Moving forward

Leading companies are beginning to follow the International Integrated Reporting Council’s more meaningful reporting framework that is formed around integrated thinking. It is based on the premise that every company has six capitals (financial, manufactured, intellectual, natural, human and ‘social and relationship’) and that it should report holistically covering all these areas in order to give the reader a fair picture of not only past performance but also future prospects and wider strategic intent.

We mustn’t forget that companies are the primary levers within capitalist societies. Without successful companies, there is no income for employees, no taxes to pay governments who use these funds for our public services and no innovation to help society evolve and progress One consequence of the increase in the above reporting is the independent assurance of such non-financial information. Previously, this wasn’t a major issue because the quality of non-financial disclosures was often poor and drafted by marketing departments that naturally only wanted to portray the company in the best light. However, as many regulators have pointed out, there was little in there that was fair and even less that could be considered balanced. How many companies do you know previously reported on their negative environmental and human rights impacts? Now that companies are having to approach this form of reporting more objectively, they are wanting this information to be independently verified. Th is not only demonstrates the seriousness with which

they are addressing these areas but it gives their reporting more credibility and increases the reader’s confidence in what they are being told. Recently, my fi rm Mazars, together with Shift – the leading not-for-profit organisation on the UN Guiding Principles – published its follow-on guidance to the widely adopted UNGP Reporting Framework1, the UNGP Assurance Guidance on human rights performance and reporting.2 Th is guidance was as a result of the previously widely held view that human rights auditing was not fit for purpose following several tragedies linked to multi-national companies. The aim of this guidance is to help those professionals either working in internal audit within companies or external assurance providers better understand the roadmap and principles to be followed when reviewing this form of non-financial performance and/or reporting. The guidance includes a suite of indicators showing the types of evidence they should look for when assessing the appropriateness and effectiveness of these non-financial policies and procedures. A key issue is whether there are suitably qualified teams to undertake such assignments. Corporate understanding of how to respect human rights is relatively new; the result being that education and training is lagging the market. Non-executive directors who sit on audit committees are quite rightly asking more questions about non-financial disclosures included in their annual reports. The key one being ‘how can we be confident that the processes that lead to non-financial disclosures are as robust as those that lead to the financial disclosures?’ These non-execs are looking fi rstly for comfort from the internal auditors, and then secondly from the external assurance providers. The follow-on key question to these teams is ‘what skills do you have to actually perform such engagements?’. So, while we are in the midst of a transition in the move to more non-financial reporting, it would appear that the internal and external audit professions are playing catch-up. But catch-up they will as this is what their clients are asking for. So maybe market forces can be a force for good; enhancing the trust that the corporate sector has within society. And what of that previous question posed ‘what is the purpose of annual reports?’. If companies understand that their reporting should be to serve all their stakeholders, not just their shareholders, then I am confident they will find the answer. www.UNGPreporting.org www.UNGPreporting.org/assurance

Winter 2018 | Ethical Boardroom 75

Global News Europe ‘Darkest day’ for governance in Romania

Volkswagen suspends sustainability exec Carmaker Volkswagen has suspended its head of external relations and sustainability – at his own request – after acknowledging that he had known about experiments in which monkeys were locked in small chambers and exposed to diesel exhaust. Thomas Steg stepped down amid scrutiny of Volkswagen’s financing of the diesel emissions experiments after it emerged that an agency known as EUGT, jointly funded by VW, Daimler and BMW, had carried out the animal testing in the US. In 2015, VW admitted installing software in 11 million diesel cars to cheat emissions tests. At the end of 2017, former VW executive Oliver Schmidt was sentenced to seven years in prison in the US and given a £293,000 fine after admitting he helped the firm evade clean-air laws.

New chairman to guide UK governance reforms James Wates, who chairs one of the UK’s largest family-owned construction companies, is to head a UK government panel charged with developing a corporate governance code for private companies. As part of the government’s package of corporate governance reforms, Wates will work with the Financial Reporting Council, the Institute of Directors and the Trades Union Congress to draw up the UK’s first-ever set of guiding principles for large private companies.

The voluntary principles aim to ensure that large private companies are transparent and accountable, addressing concerns that a minority of companies are falling short of high standards. Wates, who is chairman of the Wates Group, said: “I hope that the standards produced through this effort will help promote and enable ever-stronger and more consistent corporate governance amongst large private companies, which generate significant value for the UK economy and society.”

‘Kremlin list’ could affect investors The decision by the US Treasury to publish a list of officials and businessmen close to the Kremlin ‘could affect the interests of European investors and increase uncertainty in Russia’s business environment’, according to the Association of European Businesses (AEB). The list names 210 top Russians as part of a sanctions law aimed at punishing Moscow for

76 Ethical Boardroom | Winter 2018

meddling in the US elections — 114 of them are in the government or linked to it, while the other 96 are oligarchs worth more than $1bn. Russian President Vladimir Putin said the so-called ‘Kremlin list’ was an unfriendly move and would harm relations between Moscow and Washington. The AEB said it could undermine the prospects of future economic cooperation.

Fondul Proprietatea, a Romanian closed-end fund managed by Franklin Templeton Investments, has slammed a new law that exempts certain state-owned companies from meeting corporate governance rules. Romania’s Chamber of Deputies voted several amendments to legislation on corporate governance that exempted more than 100 stateowned enterprises (SOEs), including Bucharest Airports, Transelectrica and Constanta Maritime Ports. Amendments include removing the obligation to appoint professional and politically independent management and boards and removing the transparency and reporting obligation to publish annual and half-yearly financial statements. Greg Konieczny, CEO of Fondul Proprietatea, said: “If 2017 was a difficult year, marked by blatant disregard, attacks and systematic abuses of corporate governance, yesterday we witnessed the darkest day in the history of corporate governance in Romania.”

French NGOs slam Samsung

Two French non-governmental organisations (NGOs) have lodged a complaint against South Korean technology firm Samsung Electronics Co Ltd over alleged deceptive marketing practices. According to Reuters, Sherpa and ActionAid-Peuples Solidaires campaigners also allege that children had been found in Chinese plants producing Samsung products, and that other staff faced severe health problems. The NGOs allege that Samsung Electronics and its French subsidiary Samsung Electronics France violated the fundamental rights of its employees in factories located in China and South Korea, contradicting commitments it had made, which it had used as a marketing tool. Samsung said: “We believe it is our responsibility to hold ourselves and our suppliers to the highest standards of labour practices while strictly complying with local labour regulations and international labour standards.” www.ethicalboardroom.com

Europe | Corporate Governance

Corporate governance codes:

Not an end in themselves National authorities need to actively review legislation to understand how rules are applied in practice Reliable disclosure is an essential element of good corporate governance and the concept of comply or explain is at the heart of European corporate governance codes. Contrary to strict binding provisions, the recommendations of a corporate governance code applied on a comply or explain basis allow companies to deviate from the code’s recommendations, provided they clearly state the reasons for doing so.

Besides increased transparency, this approach promotes companies’ accountability, as it incentivises boards to reﬂect on companies’ corporate governance arrangements and engage in discussions internally and externally with relevant stakeholders on the need for improvements. Th is approach, fi rst conceived in the UK in 19921 has been institutionalised in the European Union with the adoption of the Audit Directive in 20062 (and its revisions of 2013)3 and has also been accepted by other jurisdictions worldwide. While the approaches ‘on paper’ that companies 78 Ethical Boardroom | Winter 2018

Gian Piero Cigna, Milot Ahma & Pavle Djuri´ c

Gian Piero is Associate Director, Senior Counsel, Milot is an Associate and Pavle is Counsel at the European Bank for Reconstruction and Development should take to implement the codes are very similar, the actual implementation and monitoring vary greatly across countries. The lack of active monitoring on how codes are implemented has brought about a misunderstanding that the codes are an end in themselves, forgetting that the real value is instead in their implementation. There are a few examples of this active monitoring. For example, in Spain, the securities market regulator Comisión Nacional del Mercado de Valores (CNMV) actively monitors how the Spanish Corporate Governance code is implemented by analysing the annual corporate governance reports published by listed companies and contacting them when inconsistencies are found. The CNMV issues a regular monitoring report, which includes both statistical information and references to companies’ practices.4 In July 2016, the CNMV also published a technical guide on good practices for the application of the comply or explain principle, designed to improve the quality of companies’ reporting by advising them on how to frame the explanations provided in annual corporate governance reports for not following code recommendations.5

The French regulator Autorité des Marchés Financiers (AMF) goes a step further, ‘naming and shaming’ companies with questionable governance practices in its annual report and building its own considerations upon the analysis undertaken by AFEP-MEDEF (the ‘owner’ of the code), which evaluates the status of corporate governance in the French market.6 In the United Kingdom, the Financial Reporting Council (FRC) is the owner of the UK Corporate Governance Code and UK Stewardship Code. The FRC publishes an annual monitoring report on the level of company compliance with the Code, based on the analysis undertaken by Grant Thornton every year. In each theme, the FRC report summarises the most relevant changes in the national corporate governance framework during the year, company practices, and sets the agenda for the coming months. The agenda includes expectations and future targets, as well as a timeframe for future code revisions or other initiatives. The FRC is active in providing guidance to market participants, selecting and sharing what is considered best practice through the publication of guidance notes www.ethicalboardroom.com

Corporate Governance | Europe

and has also adopted the UK Stewardship Code for institutional investors, which deals, inter alia, with improving the investors’ engagement with investee companies. There are about 300 asset managers, asset owners and service providers that have signed up to the Stewardship Code. Signatories are encouraged to publish a statement on their website of the extent to which they have complied with the Code (comply or explain), to notify the FRC when they have done so and whenever the statement is updated. The FRC soon realised that in some cases, the signing of the Code was just a mere declaration, with no material action. Hence, it started reviewing the quality of the compliance statements and ‘name and shame’ or ‘name and shine’ asset managers, asset owners and service providers, by including them into tiers based on the quality of their code statements. It seems that this approach is bringing good results. However, despite these and a few other good examples, corporate governance codes remain scarcely implemented in many countries and the explanations provided for non-compliance leave much to be desired. We try to draw conclusions on steps needed to enhance the application of corporate governance codes by examining the cases of Croatia, Hungary, Romania and Russia – each chosen for specific reasons outlined below.

Croatia

The Croatian Corporate Governance Code was adopted in 2007 (and revised in 2010) jointly by the Zagreb Stock Exchange (ZSE) and Croatian Financial Services Supervisory Agency (HANFA). The Code is to be implemented on a comply or explain basis by all listed companies, who must submit their answers annually to the stock exchange by way of a questionnaire (attached to the code), disclosing their compliance with the code and explaining reasons for any deviations. Both the ZSE and HANFA are monitoring www.ethicalboardroom.com

corporate governance statements made by listed companies and both publish annual reports on corporate governance practices.7 The reports made by HANFA are predominantly statistical and do not analyse the quality of companies’ disclosure. The report by ZSE is more explicit in this respect and provides useful recommendations on how companies can improve their disclosures. In addition to disclosing the total average percentage of non-compliance for the reviewed sample of listed companies (which was 31.4 per cent in 2016), the ZSE report recognises that companies often do not reveal the full reasons for non-compliance and resort frequently to formal responses, thereby failing to provide any information of value. It does not, however, contain granular information on compliance with the individual code recommendations, but is based on the analysis of the code’s chapters

Corporate governance codes do not exist in a vacuum – they need to be based on the rules of the corporate law in force in order to complement them. However, there are cases where the law and the code are not fully aligned instead. It should be noted that HANFA and ZSE are undertaking efforts to enhance their monitoring and are working on an expanded toolkit that will enable them to highlight poor disclosure practices where necessary. In 2017, one of the biggest corporate scandals ever to happen in Central and Eastern Europe took place in Croatia. The accumulation of Croatian retail giant Agrokor Group’s debts to its creditors and suppliers of more than €5.5billion left the group of more than 70 companies with negative capital and in dire need of restructuring.

In well-functioning markets, poor corporate governance disclosure might serve as a signal of inherent weaknesses in the issuer’s operations. However, this does not seem to have been the case for Agrokor despite numerous disclosed departures from the Code by a number of ZSE-listed Agrokor subsidiaries, whose explanations for deviating from very important recommendations - such as those on independent directors, board evaluation, internal controls, nomination and remuneration committees - were at times either non-existent or very superficial.

Hungary

Corporate governance codes do not exist in a vacuum – they need to be based on the rules of the corporate law in force in order to complement them. However, there are cases where the law and the code are not fully aligned. Such is the case of Hungary, where new company law-related provisions were adopted in 2013, whereas the current version of the corporate governance recommendations was issued by the Budapest Stock Exchange in 2012. The substantial changes in the 2013 Civil Code left supervisory boards in the two-tier system with rather vague responsibilities, which caused corporate governance to look more like a “hybrid” system, than a real two-tier system. Under the current Hungarian framework, the supervisory board has no real power – especially when it comes to strategic responsibilities, including the authority to appoint/dismiss senior management – and all decision-making is essentially retained by the management board and general shareholders’ meeting. When the new legislative framework is compared with the Code’s recommendations, some peculiar outcomes arise. For example, the corporate governance recommendations suggest that the management body – which in the two-tier structure is the management board – should be comprised of both executive and non-executive directors. Winter 2018 | Ethical Boardroom 79

Europe | Corporate Governance In a standard two-tier board structure, this recommendation seems awkward, as we would expect the management board to be made of executives only. In order to comply with the code, companies now tend to have non-executive members on both their management board and supervisory board. Th is adds another layer to the already complex governance structure, whose value is still to be proven. Finally, it is unclear which body (if any) is responsible for monitoring listed companies’ compliance with the corporate governance recommendations. According to expert reports, the corporate governance committee of the stock exchange is responsible for this function, but we could not locate any monitoring reports.8

Romania

The Romanian Corporate Governance Code was adopted in 2001 and reviewed ﬁ rst in 2008 and then in 2015 by the Bucharest Stock Exchange. The Code is based on the comply or explain approach, and the listing rules of the Bucharest Stock Exchange require companies to disclose their compliance with the Code according to a template, which includes 34 items.9 In order to help companies disclose corporate governance information as accurately as possible and in order to facilitate the explanations of deviations from the code, the Stock Exchange has also introduced a manual for reporting corporate governance and a compendium of corporate governance practices.10 Despite the fact that no monitoring report has been yet issued, it seems that the Bucharest Stock Exchange has started to monitor the practices of the issuers listed on its main market, especially as regards the information disclosed on the investor relations section on companies’ websites. In October 2017, the Stock Exchange published the third edition11 of the Whitebook on Communication of Listed Companies the purpose of which is to evaluate the quality and accuracy of information provided to the investor community.12 Such assessments – albeit limited in scope – are good steps ahead in providing good pressure to companies for better disclosure.

Based on our review of annual reports published in 2017, it seems that most companies listed on the Premium Tier of the Bucharest Stock Exchange have improved both their compliance with the code and the quality of explanations when compared to their 2016 disclosure. On average, those companies exhibited non-compliance with about 16 per cent of the code’s provisions, down from almost a third when compared to the previous year.13 However, despite the improvements, we found the quality of explanations for deviations from the code to still be largely not satisfactory i.e. the companies have either not followed-up on their “promises” to comply with a certain provision within a specific timeframe, made in the previous year’s disclosures, or they have provided explanations which are neither verifiable, nor meaningful or complete. What is equally (or even more) concerning is that we found, upon a cursory review, that many companies declare to be compliant with a certain CG Code provision, when in fact they are not. A more comprehensive and robust monitoring report assessing both how the code is being implemented and the quality of explanations would be a natural step further in challenging companies over their disclosure and – in turn – improving corporate governance practices in the country. While there are positive developments on the corporate governance framework for listed companies, concerns remain on corporate governance of state-owned enterprises, where there are legislative initiatives to dramatically limit the positive effects of EO 109/Law 111.

Russia

In Russia, a new Corporate Governance Code was adopted in 2014 by the Bank of Russia (CBR) thus replacing the Code of Corporate Conduct that was adopted in 2002.14 The new Code is divided in two main sections: (i) the Principles of Corporate Governance (the actual code); and (ii) the Recommendations on the Principles of Corporate Governance, intended to facilitate practical implementation of the principles. All listed companies are required to present a comply or explain statement in their annual reports.

With the adoption of the Code, the Bank of Russia committed to oversee its implementation, to develop standards for the disclosure of information on compliance with the code and provide guidance for the application of those standards, with the goal of eliminating the ‘formal’ approach taken by companies when disclosing compliance with the previous Code.15 The Bank of Russia (CBR) kept its commitment and following the code’s entry into force and a publication of a manual for issuers in February 2016 – to provide guidance ahead of preparation of their annual reports – the CBR issued the fi rst ever monitoring report in April 2017.16 The report served two main purposes: (i) it helped the CBR to have a clear understanding of the practices in place versus the code’s recommendations; and (ii) it triggered a new level of dialogue between the ‘owner’ of the code and market participants. Following the issuance of the monitoring report, the CBR also sent a few letters to various issuers asking for clarifications over their disclosure. Soon companies started realising that the framework had changed. They realised that their disclosure was monitored and scrutinised and consequently became more conscious about what they were publishing in their annual reports. The active role of the regulator also made other players more proactive in engaging with companies, which all added to a better governance framework. During the recent OECDMoscow Exchange Russian Corporate Governance Roundtable, it was striking to see that most of the discussion was centred on companies’ practices – a dialogue unimaginable a few years ago. In its fi rst report, CBR analysed corporate governance statements of listed companies for 2015 and found that the overall level of code compliance of companies listed on the top two segments of the Moscow Exchange was 58 per cent. No single company reached full compliance, although one company came close by

COMPLY OR EXPLAIN The European Commission allows companies to decide best practice, provided they give reasons for doing so 80 Ethical Boardroom | Winter 2018

www.ethicalboardroom.com

Corporate Governance | Europe

GOVERNANCE STATEMENTS Many companies have not explained why they do not observe certain code principles

implementing 97.5 per cent of all code’s principles. When it comes to explanations, the CBR found that in a rather large number of cases their quality left much to be desired. Many companies did not provide exhaustive explanations in case of non-observance of certain of the Code’s Principles. According to the CBR, this level of quality of these explanations indicates the inability of many companies to pay serious attention to conducting an in-depth analysis of the reasons for the deviation as well as to provide meaningful information to investors. At the time of writing this article, the CBR published its second monitoring report, thus reinforcing its objective to promote the implementation of the Corporate Governance Code.17

The path to better explanations

Determined to raise the quality of listed companies’ corporate governance statements and explanations of departures from corporate governance codes, in 2014 the European Commission issued a recommendation on the quality of corporate governance reporting (comply or explain).18 The recommendation focusses on the quality of information to be provided in corporate governance statements and elaborates that the information on how a company has applied a corporate governance code should be ‘suﬃciently clear, accurate and comprehensive to enable shareholders, investors and other stakeholders to gain a good understanding of the manner in which the company is governed’. When it comes to the quality of explanations in case of departure from a code, the recommendation sets out the elements of an explanation that should be clearly provided for all speciﬁc recommendations a company has departed from. www.ethicalboardroom.com

In order to achieve the desired quality of information, there needs to be a consensus on what constitutes a good explanation. In this process, the input from investors is essential, as any further guidance needs to be tailored to the expectations of the market. Those expectations, coupled with appropriate guidance can then form a solid basis from which companies can be expected to nurture a ‘culture of explanations’ that goes beyond a box-ticking exercise and provides real meaning and value to stakeholders.

Maintaining good pressure

An effective comply or explain approach requires efficient monitoring to motivate businesses to comply with a code and to give meaningful explanations for non-compliance. As the comply or explain approach is essentially a dialogue between companies and the market, it is essential that there is feedback on the basis of companies’ reporting. In many of the mentioned cases, it is the owner of the corporate governance code that comes back to the market with a monitoring report, so to provide pressure on companies and guidance to the market. The EC recommendation also supports this by stressing that ‘efficient monitoring needs to be carried out at national level, within the framework of the existing monitoring arrangements’. International Organization of Securities Commissions (IOSCO) is advocating for an active role of regulators in promoting corporate governance,19 which reflects the trend that saw an increasing number of regulators “owning” the corporate governance code and monitoring its implementation. However, despite many good examples from developed markets, many regulators still do not really look at corporate governance. Maybe a problem in

this regard is that many of them are confined to what is prescribed by law and do not have a qualitative, holistic approach necessary for corporate governance. We believe that increased focus of national regulators and other code owners on corporate governance practices of listed companies can be instrumental in raising both the companies’ and investors’ awareness of the need for good governance and appropriate transparency. Institutional investors also have a part to play in this and should strive toward enhanced engagement with their companies. The UK approach, with a stewardship code for institutional investors and its separate monitoring mechanism implemented by the FRC might be a good example to follow. The opinions expressed are the authors’ only and do not necessarily represent the views of the European Bank for Reconstruction and Development (EBRD). The first Corporate Governance Code that included this approach was the Cadbury Code. 2Directive 2006/46/EC required all companies listed in EU to ‘include a corporate governance statement in its annual report, which shall include (…) an explanation by the company as to which parts of the corporate governance code it departs from and the reasons for doing so’. 3Directive 2013/34/EU 4 The most recent report in English is available at: https:// www.cnmv.es/DocPortal/Publicaciones/Informes/ IAGC_2015en.PDF 5The Technical Guide is available at: https://www.cnmv.es/DocPortal/Publicaciones/ CodigoGov/GuiaCumplirExplicar_en.pdf 6The most recent report is available in French at: http://www. amf-france.org/en_US/Publications/Rapports-etudeset-analyses/Societes-cotees-et-operations-financieres. html?docId=workspace per cent3A per cent2F per cent2FSpacesStore per cent2Fca40eea2-a001-47338829-251472fff252 7The reports are available at: http:// zse.hr/default.aspx?id=144 (in Croatian only) and http:// www.hanfa.hr/publications/annual-report-on-corporategovernance/ 8See e.g. ecoDa, ‘Corporate Governance Compliance and Monitoring Systems Across The EU’, available at: http://ecoda.org/uploads/media/31719_ EcoDa_CGC_report_v2.pdf?wb48617274=B32619AB 9 11 items in Section A ‘Responsibilities of the Board’; 12 items in Section B ‘Risk management and internal control system’; 1 item in Section C ‘Fair rewards and motivation’; 10 items in Section D ‘Building value through investors’ relations’ 10Available at: http://www.bvb.ro/ info/Rapoarte/Diverse/EN_EBRD__Manual%20for%20 reporting_CG_18.09.2015_note per cent206.01.2017.pdf and http://www.bvb.ro/info/Rapoarte/Diverse/EN_EBRD__ BVB_Compendium_18.09.2015_note per cent206.01.2017. pdf 11First edition of the Whitebook was published in June 2016. Second edition of the Whitebook was published in May 2017. 12Bucharest Stock Exchange ‘The Whitebook on Communication of Listed Companies’ (2017). Available at: http://www.bvb.ro/info/Whitebook3_EN.pdf 13On average, Premium Tier companies in 2016 were compliant with 28.5 Code’s Recommendations and not compliant with 5.5 Code’s Recommendations. By comparison, in 2015 Premium Tier companies were compliant with 24 Code’s Recommendations and not compliant with 10 Code’s Recommendations. 14Besides being the country’s monetary authority and banking supervisor, CBR is also the Russian securities regulator. 15See, Central Bank of Russia, ‘Guidelines for the Development of the Russian Financial Market in 2016–2018’, available at: https://www. cbr.ru/eng/finmarkets/files/development/onrfr_2016-18_e. pdf 16The report is available in Russian at: https://www.cbr. ru/StaticHtml/File/14233/Review_17042017.pdf 17Second monitoring report, the Central Bank of Russia (available in Russian): http://www.cbr.ru/Content/Document/File/33001/ Review_27122017.pdf. 18Available at: http://eur-lex.europa. eu/legal-content/EN/TXT/?uri=CELEX:32014H0208& wb48617274=B32619ABx 19See, e.g. IOSCO: Report on Corporate Governance, October 2016, available at: https:// www.iosco.org/library/pubdocs/pdf/IOSCOPD544.pdf. 1

Winter 2018 | Ethical Boardroom 81

Europe | Italy

Marcello Bianchi & Mateja Miliˇc

Marcello is Deputy Director General at Assonime and Chair of Technical Secretariat, ICGC. Mateja is Assonime and Staff at the ICGC

Corporate governance in Italy: Behind the scenes The 2017 Italy Corporate Governance Conference, hosted once more by the Italian Corporate Governance Committee (ICGC), provided an opportunity for an open dialogue between public institutions, issuers and investors about the evolution of corporate governance in the country and beyond.

Organised by Assogestioni and Assonime, in cooperation with the OECD and with the support of the Italian Stock Exchange, the conference represents the long-standing commitment of the Italian system, which began with a corporate governance meeting in December 2014 during the semester of the Italian Presidency of the EU Council and has carried on with conferences since. The attendance of policymakers and key market players testifies to the importance of such an event in promoting a stronger development of the Italian capital markets, through candid and constructive debate on main corporate governance issues. Corporate governance provides investors with confidence and encourages companies to open their capital to the market. Th is delicate mechanism faces important challenges raised by a rapid and deep evolution of financial markets, with new forms of intermediation, new trading platforms and techniques, as well as new business models. All developed economies, particularly after the financial crisis, have experienced a structural and deep decline in the ability of capital markets to attract new companies and to support their growth – and this problem is particularly relevant in Italy. Although there are some positive signals that this trend can be reversed, there is still a big gap between the increasing amount of savings and the growing need for investments (especially for SMEs) that are necessary to support growth that can meet demand for long term economic sustainability on a global scale. 82 Ethical Boardroom | Winter 2018

An open debate is needed between policymakers, companies and investors on best practice evolution Collaboration of key players

Th is is the reason why the Italian Corporate Governance Committee, which represents all the main actors of our capital markets (issuers, financial intermediaries, institutional investors and the Stock Exchange), brings together experts from Italian and international sides to discuss the main issues and the way ahead. And, for this reason, the OECD’s active engagement at this event is very important. The role of corporate governance in creating value and supporting growth is well acknowledged by the main international fora, such as the G20, whose endorsement of the OECD Principles, revised in 2015 to face those new challenges and fi rst presented to an international audience at the fi rst Italy conference here in 2015, represents a milestone for economic policymaking. On the fi rst day of the Conference, the participants focussed on the need for a

Corporate governance provides investors with confidence and encourages companies to open their capital to the market. This delicate mechanism faces important challenges raised by a rapid and deep evolution of financial markets, with new forms of intermediation, new trading platforms and techniques, and new business models

flexible and proportionate approach to policymaking on corporate governance in order to support growth, with a particular nod to small and recently listed companies. The panel also considered a more specific issue regarding the role of the board in changing ownership structures of listed fi rms, especially in larger Italian companies, where the growing weight and activism of institutional investors and some peculiar features of the Italian framework are challenging the traditional distinction between controlling and minority shareholders. In this regard, Professor Stella Richter, considering the effects of legal provisions regulating the composition of Italian boards, affi rmed that expert, independent, plural and diverse boards require more leeway for self-regulation, which would ‘enable each listed company to adopt its own proper organisational solutions, finally doing away with a ‘one-size-fits-all’ approach’.

Board effectiveness

The second day of the conference addressed the role of corporate governance in creating incentives for a more responsible business, with particular regard to a board’s effectiveness and accountability. Sustainability issues are of growing importance for all listed companies, inasmuch they are carefully considered by a number of investors and companies face increased expectations by civil society for higher standards of ethical behaviour. Regulation and self-regulation meet those expectations through increased disclosure duties, new and more detailed recommendations on long-term strategies, company’s culture and core board’s responsibilities (e.g. G20/OECD Principles). “Such sustainability issues put into question many of the pillars of traditional corporate governance culture: the purpose of corporation, the nature of fiduciary duties of both companies and institutional investors, the information to be provided on the www.ethicalboardroom.com

Italy | Europe impact of business activity on the social and environmental framework”, said Stefano Micossi, director general of Assonime. On this regard, Micossi pointed out that such challenges ‘need to be faced with a substantial but balanced and flexible approach, providing for an adequate and suitable system of incentives for companies and investors’. Finally, the debate addressed the key function of the board of directors in developing an appropriate, efficient and long-term management of the company. The corporate governance scandals and the financial crisis have cast doubts on the effective functioning of corporate boards and on their ability to ensure an effective management of the different tasks they are called to perform to set the strategies and to monitor their implementation. International standard setters highlighted the fundamental responsibility of the board in guiding corporate strategy, monitoring managerial performance and the effectiveness of internal control and risk management systems (OECD Principles core recommendations). Innocenzo Cipolletta, chairman of Assonime, highlighted that also in Italy ‘an increasing attention is given to some aspects of board effectiveness, such as the disclosure about the effective completeness and promptness of the pre-meeting information and the role of the board in ensuring adequate skills and competences of its members’. These areas of further improvement are, together with other aspects, clearly highlighted in Assonime-Emittenti Titoli’s analysis of the corporate governance of Italian listed companies, an in-depth annual study, issued since 2002, on their compliance with Italian Corporate Governance Code recommendations. According to the Assonime-Emittenti Titoli analysis, “The Italian Corporate Governance Committee recognises the board evaluation process as a key tool for dealing with board’s effectiveness and the goal of smooth but thoughtful decisionmaking.’ In fact, in its 2017 annual report, the Committee calls upon issuers to carefully consider the opportunity to widen the board assessment on its effective performance, considering, among other tasks, the adoption of strategic plans and effective board oversight, especially with regard to an appropriate system of internal control and risk management.

Italian Governance Code THE PALAZZO REALE DI MILANO Host of Italy’s 2017 governance conference www.ethicalboardroom.com

As in the past, the Conference included the Italian Corporate Governance Committee’s meeting and the approval of its 5th Annual Report on the compliance with the Italian Corporate Governance Code. Winter 2018 | Ethical Boardroom 83

Europe | Italy The Committee, promoted by main issuers’ and investors’ association and the Italian stock exchange, pursue the promotion of good corporate governance of Italian listed companies, either by a constant alignment of the Corporate Governance Code for listed companies with best practices or through other initiatives which would enhance the credibility of the Code. Assonime is actively engaged in the Committee’s activities, providing data analysis on the evolution of corporate governance in Italy, which is the main basis for the Committee’s annual report. This year, the report provides a general overview on the Committee’s activities, updates on national and international developments in corporate governance and an in-depth analysis of Italian corporate governance and the compliance of Italian listed companies with main Code recommendations. Such analysis gave the Committee the chance to identify main areas of weak compliance or scant disclosure in order to ask Italian listed companies for a better implementation of the Code but

ITALY’S COMMITMENT 90 per cent of listed Italian companies adhere to the Code

also to have a detailed overview of the new challenges for Italian corporate governance, identifying current standards and practices that could be further improved in order to meet investors’ requests and to settle on market developments. The Committee monitors corporate governance trends and evolutions at European and international level, in order to detect the evolution of new best practices and assess market expectations toward listed companies. To this aim, the report analyses the debate and initiatives regarding corporate governance codes, as a primary self-regulatory standard for listed companies in the main countries and the evolution of rules and regulations that affect the corporate governance of Italian listed companies. At the same time, the report provides information about the Committee’s active involvement in the corporate governance debate in Europe and internationally through: (i) the active involvement of its chair through the organisation of meetings with the representatives of other corporate governance committees in France, Germany, the Netherlands and the United Kingdom and the publication of common statements regarding national and European legislators’ approach to corporate governance issues; (ii) 84 Ethical Boardroom | Winter 2018

the contribution, through the chair of its technical secretariat, to the OECD international standard setting on corporate governance; (iii) the participation through its representatives in the European Corporate Governance Codes Network. Considering such developments, the Committee observed some general trends that are developing all over Europe and at international level, pointing out the increasing interest of policymakers in: (i) developing flexibility and proportionality in corporate governance ruling, both at self-regulation and mandatory regulation levels, in particular to encourage smaller and growth companies’ access to capital markets; (ii) enhancing institutional investors’ stewardship responsibilities, to be discharged also through the development of an open dialogue with investee companies, with the provision of adequate procedures from both investors’ and companies’ side; (iii) promoting sustainability as a key principle in defining a company’s corporate governance model, long-term oriented strategies and remuneration policies and overall company culture.

According to the Code’s requirements, companies mostly always explain individual cases of non-compliance, but the quality of such explanations should be improved to enable investors to assess a company’s governance and take their own decisions, both for trading and engagement purposes. The main areas of weaker compliance and disclosure, where the Committee calls on issuers for a stronger implementation of the Code, are: (i) the promptness and completeness of the board pre-meeting information; (ii) the role of the nomination committee (in companies with a more concentrated ownership structure and the quality of disclosure regarding their effective activity); (iii) aspects of the remuneration policy – having particular regard to the long term-orientation of variable components for executives, the provision of claw-back clauses and a clear governance of possible severance payments. At the same time, the Committee identified further areas for evolution of corporate governance, where companies reached a high compliance rate with individual Code recommendations, but their governance model might still be improved in order to meet market expectations and evolve in the international governance framework. In this regard, the Committee suggested listed companies consider: (i) the adoption of well-structured succession plans for executive directors, in order to ensure

The Committee monitors corporate governance trends and evolutions at European and international level, in order to detect the evolution of new best practices and assess market expectations toward listed companies As to the Italian framework, the report provides a global overview on the compliance rate of all Italian listed companies with main Corporate Governance Code recommendations. The adoption of the Corporate Governance Code is voluntary, but once companies opt in to such a governance system, their non-compliance with one or more Code recommendations must be clearly disclosed in their Corporate Governance Report. As to 2017 data, 90 per cent of Italian listed companies have adopting the last edition of the Corporate Governance Code and their compliance rate is generally high.

Compliance and disclosure

Considering the most important CG Code recommendations, the Committee observed that, on average, companies implement effectively about 75 per cent of these – with a significant size-related effect: overall compliance picks up to 90 per cent among larger firms, while it is about 80 per cent for medium-sized ones and around 65 per cent for smaller companies.

continuity and stability in the company’s management; (ii) a thorough evaluation and disclosure about effective directors’ independence, considering also the appropriateness of their remunerations; (iii) the enhancement of the board evaluation process, through the assessment of a board’s effectiveness and performance, considering, among other tasks, the adoption of strategic plans and a board’s oversight on company’s management and on the appropriateness of the internal control system. In this respect, the Committee will continue with its aim of enhancing the evolution of corporate governance standards and the behaviour of Italian listed companies, as well as promoting stronger engagement by investors. These goals will be pursued through the strengthening of code recommendations on the main critical issues highlighted in the Committee’s monitoring activity and more generally to support companies to develop strong corporate governance that focusses on sustainability of business activity. www.ethicalboardroom.com

perspective noun \pər∙`spek∙ tiv\

“That eye-opening moment when I saw things differently—the challenges became more defined, the solutions more clear.”

upcoming leadership programs:

Define your Wharton moment. What kind of leader are you? Uncover your most effective leadership style with Wharton Executive Education’s Leadership Programs. You will explore proven strategies and innovative approaches from the world’s top business leaders. And you will learn exactly what it takes to motivate and move your organization forward.

it’s time to inspire.

WhartonForLeaders.com

NEW

Leveraging Neuroscience for Business Impact

apr. 23–26, 2018

Becoming a Leader of Leaders: Pathways for Success apr. 29–may 4, 2018

The Leadership Edge: Strategies for the New Leader may 7–11, 2018

Creating and Implementing Strategy for Competitive Advantage jun. 4–8, 2018

Creating and Leading High-Performing Teams jun. 4–8, 2018

Europe | Corporate Governance

Effective governance

Good corporate governance is a prerequisite for attracting market capital; it’s also likely to create more value than your competitors Why should a company assure separation of ownership and control, have a competent board of directors, insure a compensation system oriented towards proper behaviour, have effective risk management and work towards professionalising the corporate organisation?

To put it in a nutshell, why should a company have a good corporate governance system? An initial response could be that it ensures it has the effective and efficient management of a company – an explanation that might, at first glance, seem simple, but one which must be broken down and examined from a number of perspectives. 86 Ethical Boardroom | Winter 2018

Marco Visani

Head of the Governance & Executive Compensation unit of The European House — Ambrosetti An effective governance system is one of the main investment criteria for institutional market operators. The Observatory on Corporate Governance Excellence in Italy created by The European House – Ambrosetti has carried out its third survey of a select sample of national and international institutional investors who, overall, manage more than €4,400billion (an amount nearly seven times that of the capitalisation of the entire Italian stock market). The survey asked them, specifically, what criteria they used in selecting potential investment targets (see Figure 1).

According to the respondents, the most important factor is that of management quality, i.e. the individuals at the top who guide the company. The second criterion is that of company basics involving, essentially, its business, reference geographic markets, sales channels and efficiency. The third key aspect in selection is that of the quality of the corporate governance system. In this regard, the areas that companies should focus on should include: ■■ Form a suitable board of directors (BoD) with the proper professional expertise and skills to allow for constructive discussion aimed at making the best decisions www.ethicalboardroom.com

Corporate Governance | Europe ■■ Provide a system for risk planning, control and management that allows businesses to govern growth more effectively ■■ Create a compensation system in line with company strategy that makes it possible to orient proper behaviour and attract the professional expertise required In the future, governance quality – together with the level of social-environmental responsibility (which came fourth in the survey) – will become an increasingly important criterion in the evaluation process of the institutional investors. Attracting private capital is even more important for a country, such as Italy, which, firstly, has significant budget restraints and therefore cannot exploit public investment to relaunch economic growth and employment and, secondly, is not at the top of the list regarding foreign direct investment in terms of gross domestic product. In essence, if a company wants to take advantage of private investment, it must adopt an effective and efficient governance system. This is true not only for large, listed corporations, but perhaps even more so for small- and medium-sized enterprises to allow them to diversify their sources of financing compared with the traditional bank-centred approach in Italy.

Measuring the quality of the governance system: the EG Index

But how can the quality of a company’s governance system be assessed? Motivated by the deep conviction that it is difficult to manage what cannot be measured, in 2010 The European House – Ambrosetti developed a special methodological approach (the Index of Governance System – EG Index) that is able to provide an objective assessment of the quality of a company’s governance system through the mapping of a portfolio of qualitative/quantitative indicators that make up the EG Index. This index, comprised of 32 key performance indicators (KPIs), covers five survey areas: ■■ Shareholder representation and structure ■■ Composition of the BoD ■■ Functioning of the BoD ■■ Remuneration and incentive mechanisms ■■ Control system and risk management Focussing attention on the main companies that raise capital on the Italian stock exchange (FTSE MIB index), the EG Index revealed long-term progress: the largest listed companies in Italy have shown continuous improvement in the quality of their corporate governance (see Figure 2). These improvements are undoubtedly ascribable, in part, to new regulations (both regulatory and involving changes in the www.ethicalboardroom.com

In essence, if a company wants to take advantage of private investment, it must adopt an effective and efficient governance system self-regulating code) that involved the relationship to remuneration, composition of the BoD and focus on risk management. It is undeniable that companies have also invested and worked hard towards improving the quality of their governance systems, especially in terms of increasing the level of regulatory enforcement, but also focussing on the evolution of governance mechanisms that ensure management efficacy and efficiency. Support for the push to improve the governance system has come from the awareness of the importance of these issues to institutional investors (as reflected in our survey). The increased weight of these professional operators in the shareholding of more highly capitalised Italian companies has brought about greater rapidity in adherence to accepted good governance practices. For example, on average, for FTSE MIB companies, share ownership of the

major shareholder decreased from 48 per cent in 2011 to approximately 37 per cent in 2016 and the difference was essentially ‘compensated for’ by institutional investors. Further confirmation of the fact that firms are increasingly attentive to the needs of the market is that some large institutions, such as Intesa Sanpaolo Bank, have modified their administrative and control model from the traditional Italian model that is essentially unlike any other in the world, to the one-tier system. Among the things that pushed the bank to modify its system was enhanced recognition from institutional investors. In recent days, another major Italian bank, UBI has approved guidelines to adopt the one-tier model, offering the same reasons. But what are the leading aspects that have undergone change in Italy’s big listed companies? In terms of BoD composition, in FTSE MIB companies, the share of board members with managerial experience (75 per cent of the total) has increased over time, compared with board members in the ‘professions’ (lawyers, accountants, university professors, etc). The number of female board members has increased significantly, above all thanks to the law passed in 2011. In 2010, only 3.6 per cent board members were women, while in 2016 they accounted for nearly 32 per cent.

FIGURE 1: INSTITUTIONAL INVESTORS CRITERIA Source: The European House – Ambrosetti International Survey, 2017. Score based on increasing importance on a scale of 1 to 10 (1=not very important, 10=very important)

8.93

Quality of management

8.80

Baseline analysis 7.93

Quality of corporate governance

7.33

Social-environmental responsibility Shareholders’ structure

7.20

Size of company

7.20

Sector

6.93

Country/geographical area

6.87

Level of internationalisation

6.53

Technical analysis

5.87

FIGURE 2: THE TREND OF EG INDEX IN FTSE MIB COMPANIES Source: The European House – Ambrosetti analysis

6.76 6.63 6.51

6.30

6.32

2013

2014

6.10 5.80

2010

5.90

2011

2012

2015

2016

2017

Winter 2018 | Ethical Boardroom 87

Europe | Corporate Governance The number of independent board also takes into account the dividends paid pay-for-performance principle. Th is members has also increased greatly in during the same time period. translates into more detailed information recent years, testimony of their importance For this, 443 companies listed in Italy, in section two of the remuneration report in promoting effective boardroom France, Germany, Spain and the United – the section that contains retribution data discussion. Specifically, in 2010, Kingdom were analysed. The relative TSR for for the year. In this section, the connection independents represented, on average, a European reference peer group was then between results obtained and incentives 43 per cent of board members and today calculated for each company in the sample awarded should be made clearer. they account for 60 per cent. Th is means, in order to sterilise the trends in the various A second priority involves enhanced in short, that all board members who sectors. From our analysis, it emerges that availability of succession plans for the are not tied to the company must be in in 77 per cent of cases, there is a correlation CEO and directors with strategic agreement over a certain measure for it between the standing on the EG Index and responsibilities. Just a little over half of to be approved by the BoD (see Figure 3). relative TSR. Companies that invest in the the major listed companies have this Another aspect in which there has been quality of corporate governance are those important instrument. In smaller listed significant improvement in Italian listed that are most likely to ‘out-perform’ their companies, also taking into consideration companies is the average number of other European competitors. the greater concentration of shareholders, positions held by each board member. While the succession plan is generally unknown. Challenges for the future in 2009 other positions held amounted to But the greatest challenges the Italian The major Italian FTSE MIB-listed four, in 2016 the number was half that. Th is market must face are cultural in nature. companies have demonstrated over trend provides unequivocal proof that board First and foremost, companies must time an ability to improve the quality members have matured and realised that ensure that the rules that already of their governance system. As already their role involves major commitment and exist be applied more regularly. Secondly, stated, some of this improvement is responsibility, making it impossible for them small- and medium-sized enterprises exogenous, in the to fulfi l multiple positions in (both listed and non-listed) must convince A good corporate sense that it is linked a conscientious way. In fact, themselves of the fact that having a it is not surprising that when governance system to changes in primary good governance system (a competent regulatory measures appointing a member of the BoD, good compensation system, or recommendations in board, many companies have increases the effective risk control system, etc) makes the self-regulating code. a set maximum of positions it possible to assure enhanced company probability that a However, a significant the candidate may hold. management and does not represent company attains part of the improvement Italian issuers have also – as many businessmen often believe is endogenous, the result improved greatly in terms – a bureaucratic constraint. Bearing in value creation of the desire of issuers to of transparency in their mind that the Italian economy consists performance that improve their governance corporate governance report. overwhelmingly of non-listed small- and is higher than systems in the knowledge On the basis of the proposal medium-sized companies, it is crucial that that, fi rstly, this makes from The European House these enterprises understand the importance its competitors it possible to improve the – Ambrosetti Observatory, of good governance. In this regard, the efficacy and efficiency of the management of many Italian companies have introduced recent publication in May 2017 of the the company and, secondly, to enhance their an executive summary into their corporate self-regulating code for non-listed, attractiveness to institutional investors. governance report that provides a synthesis family-run companies would seem a step Bearing in mind, however, that of the most important points and allows for in the right direction. The code is intended improvement in the governance system is more rapid and effective reading by external not only to define a number of important more a process than a fi xed goal, it is clear analysts. The remuneration report, principles of good corporate management, that there are a number of priority areas introduced in 2011, is among the most but also to spread the culture of good for further evolution. An initial aspect of complete, including in reference to other governance among these companies. fundamental importance is improving the markets. The level of disclosure on pay mix, ‘Good governance’ not only makes level of transparency in the remuneration parameters and incentive strategies is on a companies more attractive to potential report in order to provide the market with par with the very mature financial markets investors, but also assures sustainable input that can be used to make a complete of the UK and the US. It is not surprising that growth and, over the long-term, guarantees and informed assessment about the Italian issuers have invested heavily in terms the continuity of the company itself. of transparency and quality of corporate FIGURE 3: AVERAGE PERCENTAGE OF INDEPENDENT information since these are aspects that are BOARD MEMBERS IN THE FTSE MIB SEGMENT monitored closely by institutional investors. Source: The European House – Ambrosetti analysis 60% Does good corporate 58% governance create value? 56% A good corporate governance system 52% increases the probability that a company attains value creation performance that is 49% higher than its competitors. For each Italian FTSE MIB-listed company, the Observatory 44% 43% regularly monitors the relationship between its standing in the EG Index and its performance in terms of the relative Total Shareholders’ Return (TSR). The TSR measures the return of capital invested by a shareholder over a given period and 2010

88 Ethical Boardroom | Winter 2018

2011

2012

2013

2014

2015

2016

www.ethicalboardroom.com

Corporate Governance Awards | Introduction

Forward-thinking corporate governance

European Award Winners 2018 Good corporate governance is an essential tool for business performance and the cornerstone of trust between business and society. In 2017, the UK government unveiled corporate governance reforms aimed at enhancing the public’s opinions of business after admitting that recent behaviour had damaged trust. It has pressed ahead with plans to improve transparency and accountability and give employees a voice in the boardroom. Corporate governance reforms include support for a public register of FTSE-listed companies where more than one fi fth of shareholders have opposed resolutions on executive pay packages and other issues; new legislation requiring companies to annually report and explain the pay ratio between chief executives and their UK employees; the fi rst-ever corporate governance principles for large private companies; and a revised UK Corporate Governance Code. According to the Financial Reporting Council, which launched a consultation in December 2017 on the comprehensive shake-up, the revised Code emphasises the value of good corporate governance to the sustainable growth of a company and encourages policies and practices that

generate value for shareholders and aim to benefit society. There is a new focus on stakeholders, integrity and corporate culture, diversity and how the overall governance of the company contributes to its long-term success. In Italy, the country’s Corporate Governance Committee has outlined plans to enhance the evolution of corporate governance standards and the behaviour of Italian listed companies, as well as promote stronger engagement by investors. Additional increasing attention is given to board effectiveness, including the disclosure about the effective completeness and promptness of pre-meeting information and the role of the board in ensuring adequate skills and competencies of its members.

The Italian Corporate Governance Committee has also identified the board evaluation process as a key tool for dealing with board effectiveness and the goal of smooth but thoughtful decision-making. It has called upon issuers to carefully consider the opportunity to widen assessment of a board’s performance, and consider – among other tools – adoption of strategic plans and more effective board oversight, especially with regard to an appropriate system of internal control and risk management. These goals will be pursued through the strengthening of code recommendations on the main critical issues highlighted in the Committee’s monitoring activity and, more generally, to support companies to develop strong corporate governance, focussing on sustainability of business activity. The Ethical Boardroom Corporate Governance Awards recognise and reward outstanding companies that have exhibited exceptional leadership in the area of governance. The awards highlight the important role that corporate governance plays in dictating a company’s success and a board’s contribution to the creation of long-term value. Ethical Boardroom is proud to announce its Corporate Governance Awards Winners in Europe.

The Ethical Boardroom Corporate Governance Awards recognise and reward outstanding companies that have exhibited exceptional leadership in the area of governance

90 Ethical Boardroom | Winter 2018

www.ethicalboardroom.com

The Winners | Corporate Governance Awards

AWARDS EUROPEAN

Insurance Aviva Plc United Kingdom Engineering GKN Plc United Kingdom

Pulp & Paper Smurfit Kappa Group Plc Ireland

Technology Smiths Group Plc United Kingdom

2018WINNERS Construction Skanska Sweden

Mining Randgold Resources Ltd Jersey Transportation & Logistics Deutsche Post DHL Group Germany Conglomerate Siemens Germany

Electric Power Transmission Red Eléctrica Corporation Spain Financial Services Banco Bilbao Vizcaya Argentaria (BBVA) Spain Airlines International Consolidated Airlines Group Spain

Food & Beverage Nestlé S.A. Switzerland Pharmaceuticals Roche Switzerland

Utilities Enel Group Italy

www.ethicalboardroom.com

Winter 2018 | Ethical Boardroom 91

Corporate Governance Awards | Nestlé

AWARDS WINNER 2018 EUROPE FOOD AND BEVERAGE

Good governance ‘pays’ Does good governance and board engagement create value for shareholders? At Nestlé there is more and more evidence for it The question of correlating good governance with good performance is as old as the corporate governance discussion itself, but conclusive empirical evidence is sparse. Some 30 years ago researchers at The Conference Board (it’s a global business membership/research group) tried to correlate good governance with good performance by looking at individual indicators of good governance, such as the split of the roles of chairman and CEO, or the number of independent directors. But it soon became obvious that there was no agreement as to which indicator was best and that it was unreasonable to link the entire performance of a company with only one of these governance indicators. Some 15 years later, when there was a sufficient track record of good governance measures being adopted, a number of (financial) institutions started to link an entire series of typically about 20 indicators 92 Ethical Boardroom | Winter 2018

David Frick

Member of the Executive Board and Secretary to the Board, Nestlé S.A. of good governance with performance as measured by shareholder returns or some other indicator. Th is proved more fruitful and statistically promising. But after a few years, markets started anticipating and discounting good governance related to this array of indicators. Today’s focus is on engagement with shareholders as a measure of good governance. According to a recent study, the benefits of board-shareholder engagement are convincing enough that we should consider proposals that would effectively incentivise or even mandate such engagement.1 Many stewardship codes for institutional investors now strongly encourage engagement, including the Swiss Guidelines for Institutional Investors issued in 2014.

Nestlé’s approach

At Nestlé the evidence that good governance ‘pays’ is convincing. Good governance allows

the company to hire the right employees, because good people want to work for well-run companies. Th is is evidenced by regular ‘Nestlé and I’ employee surveys. Investors want to invest in well-run companies, as evidenced by the great interest in the company’s regular chairman’s roundtables and governance engagement meetings with investors and proxy advisors. Even customers and consumers care, as evidenced by surveys of millennials, which emphasise the value they attach to buying products from well-run companies. Therefore, Nestlé’s board of directors is highly engaged in steering the long-term strategy and providing oversight based on strong principles of governance. It has demonstrated in recent years that shareholder dialogue in a diversified shareholder structure is both possible and beneficial. A dedicated sustainability committee and integrated reporting have proven to be valuable additions. The board’s focus is on how strategy, governance and performance leads to the creation of value. The board recently reconfi rmed Nestlé’s www.ethicalboardroom.com

Nestlé | Corporate Governance Awards long-term value creation. Boards are asked to focus on strategy and how its actions create value. According to a 2016 report from a global roundtable series by Frank Bold and the Cass Business School, boards play a key role in steering corporate strategy, influencing corporate values, culture and risk appetite, and determining the attentiveness of the corporation to the interest of its stakeholders and its purpose.2 Consequently, board composition has become a new focus topic. According to a 2017 study by Russell Reynolds Associates based on interviews with investors, company directors and governance professionals, an overriding theme was the importance of board quality. Investors and proxy advisors are relying on traditional metrics (e.g. tenure, over boarding) to assess board quality, but are also asking for greater insights into the boardroom. 3

Related regulatory developments SUSTAINABLE GROWTH Nestlé has modernised its corporate governance to focus on long-term value

Under Swiss law, governance and long-term strategy are ‘inalienable’ obligations of the board. The Swiss Code of Best Practice of Corporate Governance of 2014 highlights the board’s duties to determine the strategic

NESTLÉ AGM The company’s motto reflects its commitment to deliver on promises

value creation model, delivering both top and bottom line growth as well as capital efficiency to drive continuous shareholder value creation. It stated commitments to margin expansion, streamlining the portfolio and a prudent approach toward capital allocation and M&A. It approved a share buyback programme. It facilitated the transition to a new chairman and a new CEO. A rigorous succession planning process brought in five new directors in three years.

Investor support

Board engagement and a focus on long-term strategy bring back the purpose of governance from a compliance exercise to a value adding mechanism to ensure the company’s sustainable long-term growth. Hence the benefits are recognised not only at Nestlé. Major index funds have clarified their expectations for boards to focus on www.ethicalboardroom.com

strategy and values, and satisfy itself that these and its culture are aligned.” The board should assess the basis on which the company generates value over the long term and report on this in the annual report. Under the revised UK Companies Act, the board should consider the impact of the company’s activities on five stakeholder matters and report on aspects that are material to the long-term success of the company, including environmental matters, the company’s employees, social matters, respect for human rights and anti-bribery matters. The information must include a description of the related policies, principal risks and non-financial KPIs. Pursuant to the new EU Shareholder Rights Directive, institutional investors will have to report annually about their engagement with issuers and how this is integrated into their investment strategy. They must also disclose their voting behaviour and explain significant votes and their use of proxy advisor services.

Conclusion

All of this confi rms what Nestlé’s shareholders have known for some time. Ninety-nine per cent of Nestlé’s shareholders supported the revision of its Articles of Association in 2008, which modernised its corporate governance and included a new ‘purpose clause’. Accordingly, Nestlé shall, in pursuing its business purpose, aim for long-term, sustainable value creation. The board verifies this through its sustainability committee and reports on it in the annual Nestlé In Society Report. For the fi rst time this year, the highlights of that report are fully integrated into the annual review of the past business year. The regulatory developments are promising as well. The governance debate is moving on to board composition and

Board engagement and a focus on long-term strategy bring back the purpose of governance from a compliance exercise to a value-adding mechanism to ensure the company’s sustainable long-term growth goals, but also to shape the company’s corporate governance and ensure the fundamental harmonisation of strategy, risks and finances. It should be guided by the goal of sustainable corporate development. The proposed revisions to the UK Corporate Governance Code published in December 2017 include as a very first principle: “A successful company is led by an effective and entrepreneurial board, whose function is to promote the long-term sustainable success of the company, generate value for shareholders and contribute to wider society. The board should establish the company’s purpose,

engagement. Perhaps the momentum is shifting from tick-the-box compliance to value creation and growth. Public corporations remain the best hope for reigniting sustainable growth. Good governance can be an important driver for it. The Ethical Boardroom’s 2018 award is a welcome recognition of Nestlé’s efforts in this regard. Mandating Board – Shareholder Engagement?, Lisa M. Fairfax, University Of Illinois Law Review, April 23, 2013. Corporate Governance For A Changing World, Jeroen Veldman, Filip Gregor and Paige Morrow. 3Global And Regional Trends In Corporate Governance For 2018, Jack O’Kelley, Anthony Goodman, Melissa Martin 1

Winter 2018 | Ethical Boardroom 93

Corporate Governance Awards | Enel

AWARDS

GLOBAL PRESENCE Enel’s renewable generation includes wind, solar, hydroelectric, biomass and geothermal sources

WINNER 2018 EUROPE UTILITIES

Enel: Powering its way to strong governance Europe’s largest power utility focusses on creating value for stakeholders by raising sustainability standards Enel is a world-leading multinational player in electricity generation and distribution as well as in the energy management value chain, with a particular focus on Europe and Latin America. The company was established in 1962 as a state-owned entity through the nationalisation of approximately 1,250 private power Italian companies with the mission to provide electricity throughout Italy. In 1992, Enel was transformed into a joint stock company and later, in 1999, following the liberalisation of the electricity market in Italy, it started to internationalise its activities in the power business. As a result of this international expansion, the Enel Group is now well diversified geographically across Italy, Iberia, the rest of Europe, South America and North and Central America, with a presence also in Africa, Asia and Australia. In 2017, networks, retail and renewables contributed to around 90 per cent of the group’s EBITDA, of which 75 per cent is regulated or quasi-regulated. Since 1999 Enel has been listed on the Italian Stock Exchange. With a current value of around €53billion, Enel is the biggest company by market capitalisation within European utilities. Enel has the highest number of shareholders of all Italian companies, counting approximately 850,000 between retail and institutional investors, including the most important international investment funds, insurance companies, pension funds and ethical funds. The Enel Group includes 13 companies whose shares are listed on the Argentinian, 94 Ethical Boardroom | Winter 2018

Fabio Bonomo

Head of Enel’s Corporate Affairs Department Brazilian, Chilean, Peruvian, Russian, Spanish and United States stock exchanges.

Corporate governance and achievements

Enel’s corporate governance is fully compliant with the principles set forth in the Italian Corporate Governance Code and is inspired at the same time by international best practice. Enel’s corporate governance is highly appreciated by investors mainly for the strong presence of both independent directors (78 per cent) and directors nominated by institutional investors (three out of nine), according to the slate vote mechanism. Other main strengths include a fair and transparent remuneration policy applicable to directors and senior officers and a sound internal control and risk management system. Regarding gender diversity, three out of nine directors are women, including the chairman Mrs Grieco who, as from July 2017, also chairs the Italian Corporate Governance Committee, entrusted with the task of monitoring the implementation of the Italian Corporate Governance Code and ensuring its alignment with the relevant regulatory framework and best practices. Among the most significant initiatives adopted by Enel’s board of directors on a voluntary basis to raise the corporate governance standards are: ■ Starting from 2014, the chairmanship of half of the committees set up within Enel’s

board of directors – currently, the control and risk committee and the related parties committee – has been entrusted to directors drawn from the ‘minority’ slate fi led by institutional investors ■ In 2016, Enel’s corporate governance committee was renamed corporate governance and sustainability committee, to reflect its wider accountability on sustainability issues stemming from the assignment of specific new tasks. With the enactment of the Italian legislation implementing EU Directive 2014/95 on the ‘disclosure of non-financial and diversity information’, this committee now has a stronger commitment to support the board of directors on sustainability issues ■ Both Enel’s corporate governance and sustainability committee, and nomination and remuneration committee carry out an in-depth analysis of the outcomes of the North & Central America

South America

100%

5% 38%

Networks Thermal generation Renewables Retail

45% 12%

www.ethicalboardroom.com

Enel | Corporate Governance Awards shareholders’ meetings vote, in order to evaluate any possible amendments to Enel’s governance and remuneration practices that would better meet the shareholders’ expectations. Engagement activities held with institutional investors and proxy advisors have led in recent years to outstanding results in terms of the approval of board proposals by the shareholders’ meeting. This is demonstrated by the increasing consensus on Enel’s remuneration policy, which has been approved from 2013 onwards with the favourable vote of more than 90 per cent of the share capital represented at the meeting by institutional investors ■ Another valuable governance practice was the adoption in 2016 by Enel’s board of directors of a contingency plan aimed at regulating the steps necessary to ensure that the company’s activities are regularly carried out in ‘crisis management’ cases, i.e. should an early termination of the CEO’s mandate occur ■ In May 2017 Enel was at the forefront in achieving the ISO37001:2016 certificate of conformity of its anti-bribery management system (AMS). The AMS is based on a stable commitment to the fight against corruption, as stated in the Zero Tolerance Against Corruption Plan adopted within the Enel Group. The other pillars of the AMS are the ‘organisational model’ adopted under the Italian legislation on corporate liability for crimes committed by directors, officers and employees, the Enel Group Code of Ethics and the Enel Global Compliance Programme; finally, it is worth mentioning the importance of the Enel Group whistle-blowing policy ■ In light of the Enel Group multinational and multi-listed dimension, in 2015 Enel’s board of directors approved some recommendations aimed at strengthening the corporate governance of Enel’s listed subsidiaries and ensuring the sharing of international best practices with those companies Italy

Enel’s sustainable business model is ideally positioned to navigate decarbonisation, urbanisation and electrification trends and will drive long-term shared value for the stakeholders, communities and people involved in its activities Th is handbook identifies uniform practices and solutions, applicable in the different jurisdictions of the Group companies, to the issues raised by confl ict of interests of directors and related parties’ transactions.

Sustainability as a cornerstone of business

Enel sustainable business model is ideally positioned to navigate decarbonisation, urbanisation and electrification trends and will drive long-term shared value for the stakeholders, communities and people involved in its activities. Enel is fully aware that non-financial information is increasingly scrutinised by investors to gauge the ability of companies to develop industrial plans that are sustainable over time.

Iberia

32% 51%

Europe & North Africa 23% 34%

15%

Enel’s attention to sustainability issues has evolved over time and is currently deeply embedded in day-to-day business practices, with a constant search for innovative ways of creating shared value at all levels of the value chain in the different geographies of the Group’s presence. Enel’s strategic plan 2018-2020 clearly shows the deployment, across the board of the 17 United Nations Sustainable Development Goals (SDGs), of Enel’s sustainable business model throughout the value chain. In particular, the plan confi rms and strengthens a specific commitment, originally undertaken in September 2015, to reach the following SDG targets: ■ 800,000 beneficiaries of high-quality, inclusive and fair education by 2020, doubling the previous target of 400,000 beneficiaries (SDG 4) ■ Th ree million beneficiaries of access to affordable and clean energy by 2020, mainly in Africa, Asia and South America (SDG 7) ■ Three million beneficiaries in terms of employment and sustainable and inclusive economic growth by 2020, doubling the previous target of 1.5 million (SDG 8) ■ Climate change: reduction of emissions to less than 350gCO2/KWheq by 2020 (SDG 13) The outstanding results achieved by Enel are proven by the steady presence of the company in the most important sustainability indices, such as the Dow Jones Sustainability Index (since 2004), FTSE4Good (since 2002), ECPI (since 2007), Euronext Vigeo (since 2013) and STOXX Global ESG Leaders (since 2014). Moreover, in 2017 Enel was admitted to the A-list of the CDP (formerly the Carbon Disclosure Project), which includes the companies which, at global level, stand out for the effectiveness of their strategy in taking up the opportunities and managing the risks of climate change. Overall shareholders’ profile as of September 2017

6.9 €bn 45% 16%

The corporate governance of the Enel group will soon be strengthened even further with a self-regulatory tool aimed at establishing efficient and coherent cross-border group management strategies and practices, within a framework that ensures an adequate protection of the corporate interest of each subsidiary and the fair treatment of its stakeholders. In fact, as a result of a one-year project, characterised by the participation of leading international academic governance experts, in December 2017 Enel’s board of directors approved a handbook, to be subsequently submitted to the relevant bodies of its subsidiaries.

23.6% 18%

58%

2017 Group EBITDA

100%

www.ethicalboardroom.com

8.1% 26.1%

40.6%

43%

16% 47%

Presence with operating assets

Geographical allocation of institutional investors as of September 2017

As of 2017. Breakdown excludes 27% -0.3 €bn from 10% holding and services 75% regulated/quasi-regulated

57.2%

19.2%

Ministry of Economy and Finance Retail Institutional

7.6%

17.6%

North America United Kingdom Italy Rest of Europe Rest of the World

Winter 2018 | Ethical Boardroom 95

Global News Middle East Tadawul announces key reforms in Saudi Arabia

Qatar agrees to financial disclosures State-controlled Qatar Airways has agreed to disclose financial information, following a spat with airlines in the United States regarding alleged illegal government subsidies. US airlines, including American Airlines, Delta Air Lines and United Continental Holdings, have accused Gulf carriers — Qatar, Etihad and Emirates — of being unfairly propped up by their governments. US Secretary of State Rex Tillerson told a briefing in Washington that Qatar and the US had opened a ‘strategic dialogue’ to address concerns that Gulf carriers had been unfairly propped up by their governments, putting US airlines at a competitive disadvantage.

The Saudi Stock Exchange (Tadawul) has unveiled a series of measures to ensure a ‘more efficient, liquid and secure market for investors and intermediaries that is further aligned to international best practices’. Tadawul, the sole entity authorised in the Kingdom of Saudi Arabia to act as a securities exchange, said the market improvements build on and augment reforms already successfully implemented in 2017 to improve market function and protect investors. Khalid Abdullah Al Hussan, CEO of Tadawul, said: “These measures and reforms are creating a more attractive investment climate for domestic and international investors alike and have attracted more than 100 major financial institutions to open accounts in the Kingdom.”

96 Ethical Boardroom | Winter 2018

Saudi Arabian billionaire businessman Prince Alwaleed bin Talal has been freed from detention after he made an undisclosed financial settlement with the Saudi government, according to reports. Prince Alwaleed was arrested in November on suspicion of corruption, although he has dismissed the allegations as a ‘misunderstanding’. The prince was arrested as part of a major anti-corruption clampdown in Saudi Arabia and held with dozens of other princes and billionaires in the Ritz-Carlton hotel in Riyadh. According to reports, official Saudi sources say that several prominent businessmen had reached financial settlements with the authorities, including Prince Alwaleed, who owns stakes in Apple, Twitter and Citigroup.

Oman’s SOEs need to show ‘transparency’

EU removes UAE from tax haven blacklist The UAE has been removed from the European Union’s list of ‘uncooperative tax havens’ in recognition of the region’s adherence to transparent procedures. EU officials have proposed removing eight jurisdictions in total from the blacklist. The eight delisted jurisdictions have been moved to a

Saudi billionaire ‘released’ in corruption probe

so-called grey list, which includes other 47 others that have committed to changing their tax rules to abide by EU standards on transparency and cooperation. According to Reuters, documents show that the removal of Bahrain was also initially considered, but its delisting was eventually not recommended.

Oman’s state-owned enterprises (SOEs) that list on the Muscat Securities Market will ‘enhance their efficiency’ and ‘bring transparency in the way they do business’, according to its market regulator. The executive president of the Capital Market Authority, H E Abdullah al Salmi, told Muscat Daily that state-owned firms that disclose information will ‘also ensure sustainability of these companies in the long-term’. H E Salmi said: “Disclosures by the listed companies are a major element to enhance trading. Whatever happens in the publicly-listed companies should be disclosed to the public. This information enables people to made decision [on] whether to buy, sell or hold shares of a particular company.” In the sultanate’s 2018 budget, the government also stressed the importance of good corporate governance.

www.ethicalboardroom.com

12 Hawkamah Annual Conference th

April 30, 2018 - Dubai

Navigating Transformation and Disruptions: Overcoming Governance Challenges

Enabled by government support, technological innovations are disrupting traditional business models pushing boards and executives to re-think and transform their approaches to cope with such a dynamic landscape. Hawkamahâ&#x20AC;&#x2122;s 2018 conference will explore the impact that these transformations and disruptions will have on how companies are governed. How can organizations align their decision making to match the increasing speed of change? How can Boards of Directors drive transformation and foster innovation within their businesses? How can transformation and innovation be encouraged and monitored?

Join us. Debate the future. Now.

www.hawkamahconference.org

Regulatory & Compliance | ISO 37001

ISO 37001: A year on Attention towards compliance is constantly growing. Consequently, data protection, anti-money laundering and anti-corruption have witnessed many businesses oﬀering certiﬁcations to organisations and individuals. Th is ‘certification-mania’ reached a new peak in October 2016 when the International Standard Organisation issued the ISO 37001 anti-bribery management system. Naturally, this system has been abundantly advertised by ISO providers, who also happen to be its strongest supporters. The anti-corruption management system is meant to help organisations in minimising their corruption risks as ‘specifies requirements and provides guidance for establishing, implementing, maintaining, reviewing and improving an anti-bribery management system. The system can be stand-alone or can be integrated into an overall management system’.

Getting certified does not guarantee an organisation’s full commitment nor any type of immunity Michele La Neve

Managing Partner at Whitecotton Law International A thorough dissertation on international guidelines would be beyond the scope of this article, nonetheless, all have been published by public or international organisations sources and are available for free to the public. Consequently, commonly recognised best practices on anti-corruption can be retrieved, used and implemented by any organisation, regardless its geographical location. I will now examine ISO 37001 limitations.

It is not new

This is the first critique to the ISO 37001; as mentioned above, its principles were made available publicly years before its publication, therefore, its application is unlikely to represent a valuable asset for any organisation genuinely committed toward compliance and anti-corruption. No more likely than any well-drafted, implemented and reviewed compliance programme, anyway. It could not be otherwise, as the standard is not the law and the fight against international corruption requires political, legislative and judicial efforts, which go well beyond the powers of a non-governmental organisation. Therefore, a question arises, why pay for a set of best practices that are publicly available and easily accessible with an internet search?

Repetita iuvant — corruption is a serious crime

To be awarded ISO 37001 certification, auditors, who are normally private persons, should certify an organisation’s adherence to the principles above. That said, I am afraid the ISO 37001 does not specify any requirements on the aforementioned regard, for two reasons: ■■ It’s not the law – therefore, it lacks any authority whatsoever to specify any requirement, and its application is completely on a volunteer basis ■■ The anti-corruption principles mentioned in the standard were made available long before publication in October 2016 Regarding the latter point, it is worth pointing out that back in 1991, the Federal Sentencing Guidelines considered the adoption of a compliance programme as a mitigating factor in sentencing – the very same approach was echoed in the Sarbones-Oxley Act in 2002. Moreover, the importance of a well-functioning compliance programme has also been stressed by the UK Bribery Act Guidance, issued by the UK’s Ministry of Justice and by the OECD in Recommendation for Further Combating Bribery of Foreign Public Officials in International Business Transactions.

98 Ethical Boardroom | Winter 2018

TACKLING BRIBERY Being ISO 37001 awarded is commendable but does not guarantee absence of corruption

www.ethicalboardroom.com

ISO 37001 | Regulatory & Compliance

The auditors

International corruption is a multifaceted issue, which, to be tackled effectively, may need the involvement of several professionals, from a proactive (drafting or updating a compliance programme) or a responsive (internal investigations) perspective: ■■ Legal experts to understand the local-legal framework and interact with regulators and relevant authorities ■■ Forensic accountants to identify any off-the-books or concealed payment or disproportionate or incongruous intermediary fees. Their role is also quintessential in financial due diligence, particularly when extraordinary operations, such as mergers and acquisition or joint ventures, are foreseen ■■ Investigators, since workers, particularly in high-risk countries, may be victim of extortion or may be blackmailed by

criminal organisations. Very often, in fact, we imagine that bribes are only paid to secure an advantage like signing contracts for which others are more qualified or, in general, to gain an undue advantage While this may certainly be true, it cannot be denied that sometimes bribes are paid to save one’s reputation or personal safety. It goes without saying that private investigators cannot be a substitute for law enforcement agencies but their function is supporting those facing such unpleasant situations in not feeling alone. It is worth remembering, in fact, that the workforce normally dealing with these challenges is very far away from a company’s headquarters and must face a completely different legal and business environment, oftentimes weak institutions as well. In my opinion, the most common mistake they can possibly make is pay out of their pockets. That is why, as part of a broader compliant corporate culture, no one should be afraid nor ashamed to speak up and should expect appropriate support. All the problems outlined can be tackled efficiently and effectively with mutual collaboration to ensure that no one is ‘left behind’.

Only a serious compliance programme can exclude or mitigate liability and the fact that an external auditor has approved an organisation’s anti-bribery management system does not represent an asset in this regard as the adoption of the standard does not — per se — exclude nor mitigate corporate responsibility www.ethicalboardroom.com

IT and cybersecurity specialists Being that most of our professional, and I would say also personal, lives are related to computers, tablets and smartphones, these specialists’ role is acquiring more and more importance as wrongdoers usually leave digital fingerprints of their misconducts, be it emails, SMS, instant messaging chats, databases, intranets, archives, basically anything could be relevant evidence. However, IT and cyber security specialists’ activity should be directed only in retrieving relevant data, leaving aside personal or unrelated documents. It is a delicate task since there must be compliance with applicable privacy laws, which should be completed having data protection specialists on board as well.

Translators

It should not be assumed that everyone is fluent in English or another European language because it is not always the case, rather the opposite, in my experience. Codes of conducts must be widely understood and acknowledged group-wide to be effective, and it is essential that everyone, everywhere understands them. Moreover, internal investigations require significant work on the ground, which means interviewing local stakeholders able to provide useful information, in local dialects sometimes. Translators make sure that nothing gets ‘lost in translation’ and words are taken for their true meaning. It would be a shame to miss important red flags for a misunderstanding, wouldn’t it? Furthermore, labour and safety experts may also be needed to ensure, for instance, that a foreign workforce to which part of the production has been outsourced is safe in the workplace. Besides being a moral responsibility, this would protect a foreign company from legal and reputational liabilities as there are human lives at stake. We just outlined how diverse and professionally qualified the compliance team has to be; advanced degrees (issued by recognised universities, of course), state exams and professional accreditations released by public bodies are necessary to perform such duties. An ISO 37001 auditor may very well possess the aforementioned qualifications and skills, that is beyond discussion. However, it is important to mention that the auditor qualification is awarded by private bodies. Lastly, auditors do not know your company, its culture, its employees, its challenges and its strengths. Why not then empower the internal legal/compliance team to fortify anti-corruption? It might be an excellent lead to create and develop robust and trustworthy relationships across all the business areas.

Winter 2018 | Ethical Boardroom 99

Regulatory & Compliance | ISO 37001

ISO 37001 is not a defence in case of corporate misconduct

As pointed out above, only a serious compliance programme can exclude or mitigate liability and the fact that an external auditor has approved an organisation’s anti-bribery management system does not represent an asset in this regard as the adoption of the standard does not – per se – exclude nor mitigate corporate responsibility. For instance, the US Department of Justice, in its recently released Evaluation of Corporate Compliance Programs has not even mentioned the ISO 37001 or other certifications. The French anti-corruption Agency had the same approach. It is also crucial to understand that contracting with an ISO 37001 certified counterparty does not exempt a company from due diligence duties, which have to be carried out regardless. Any ‘light’ due diligence must be avoided for the same reasons.

Confidentiality

Any thorough audit implies the knowledge of confidential information about the target organisation and anti-corruption audits are no different. Financial statements, possible participation in public tenders, names of agents and consultants and their role in securing contracts, are just a few examples of the priceless information that should be released to the auditor (to whom the attorney-client privilege may not apply). Most likely confidentiality clauses will be signed, but the ISO 37001 audit nevertheless poses unnecessary risks.

Companies under investigation Past episodes of corporate misconduct do not impede a shift toward compliance; conversely, oftentimes, these episodes trigger an interest toward ethical business, however, the situation is slightly different when organisations are under investigation or trial. Anyone with a legal background knows the golden rule ‘innocent until proven guilty’. However, issuing an anti-corruption certification while a corruption trial is pending is problematic for three reasons:

■■ Judgement ascertains responsibilities A judgement defines if a misconduct actually took place. What would be the purpose of certifying a company prior to this assessment? ■■ Judgement identifies weaknesses If bribes were paid, something went wrong and only a final judgement can say where and when; lack of training or communication, business goals too ambitious or unrealistic business goals and lack of due diligence are the most common root causes. A ruling is normally the result of a complex trial where responsibilities are ascertained; 100 Ethical Boardroom | Winter 2018

this may throw light on where internal controls or managerial guidance were lacking, and a company should acknowledge such findings to strengthen its anti-corruption initiative and implement appropriate corrective measures for the future. At this point the question is, So, how is it possible to certify that an entity is able to deter, prevent and respond appropriately to corruption while still under trial? ■■ Certification undermines respect for the judiciary Without quoting Montesquieu, anyone familiar with public and constitutional law knows that, along with executive and legislative power, judicial power is autonomous and its autonomy is fundamental for any democracy. Acknowledging its decision, it’s an act of respect for the institutions.

Responsibility

What happens if a doctor certifies that a person is healthy, but it turns out he isn’t. What happens if a chief engineer establishes that a building is safe to live in or a bridge can carry daily commuters when, in reality, they are not?

responsible for others wrongdoings. So, what is the purpose of being certified other than for the certifiers’ benefit? In conclusion, this ‘new’ anti-bribery standard is very unlikely to represent a real step forward in fighting corruption since, as we have shown, it contains some serious pitfalls. More importantly, it cannot harmonise the international efforts in fighting corruption; the ISO 37001 is not the law. For the same reason, it cannot strengthen the anti-corruption initiative in developing countries, the most affected by international bribery. These nations would rather need a serious political commitment, which cannot be substituted by external initiatives. Rather, compliance must be embedded with an organisation’s culture at a local level in order to function properly. This means that those responsible for corruption are held accountable for their actions; that the management collaborates proactively with internal and external stakeholders to identify transgressions without trying to cover them up; that whistle-blowers are not afraid to speak up because they do not fear retaliation or humiliation (sadly, this is sometimes still the case).

Anyone with a legal background knows the golden rule ‘innocent until proven guilty’, however, issuing an anti-corruption certication while a corruption trial is pending is problematic The aforementioned are obviously oversimplified examples, but the point is, certifying implies some degree of responsibility. What responsibility and what accountability is there for the auditor if a certified entity is found responsible for corruption? More than year after the publication of the ISO 37001, this question remains unanswered; even though it might be possible to foresee some kind of contractual liability under which the organisation and its management would be held accountable. Being ISO 37001 certified is not a guarantee of absolute absence of corruption nor best practices and the auditors cannot be held

Besides being favourably perceived by relevant authorities, a compliant attitude brings several advantages; corruption is almost never a stand-alone offence, oftentimes bribes are paid to gain an undue advantage that can negatively (sometimes tragically) affect others; an authorisation released without having the requisite controls in place in practice and not just on paper is an example of how corruption can seriously jeopardise a company’s reputation in the market, adding economic consequences to the legal ones. Finally, one last consideration. Compliance serves the business purpose but it should not be a business per se. www.ethicalboardroom.com

Direct to your Door! Email our team now at subscriptions@ethicalboard.com

Regulatory & Compliance | Anti-Bribery v Privacy

‘Corruption is at the heart of so many of the world’s problems. It erodes public trust in government, undermines the rule of law and may give rise to political and economic grievances that may, in conjunction with other factors, fuel violent extremism. Tackling corruption is vital for sustaining economic stability and growth, maintaining security of societies, protecting human rights, reducing poverty, protecting the environment for future generations and addressing serious and organised crime.’ Communiqué, Anti-Corruption Summit, London, 2016

‘Everyone has the right to the protection of personal data concerning him or her. Such data must be processed fairly for speciﬁed purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her and the right to have it rectiﬁed.’ Article 8 of the EU Charter of Fundamental Rights

Alexandra Wrage & Illya Antonenko

Alexandra is the president and founder of TRACE, Illya is Privacy Counsel at TRACE International

Anti-corruption and GDPR: A collision of galactic proportions 102 Ethical Boardroom | Winter 2018

www.ethicalboardroom.com

Anti-Bribery v Privacy | Regulatory & Compliance

Scientists warn us that the Milky Way galaxy, which we call home, is on a collision course with the neighbouring Andromeda galaxy. The two galaxies will collide in about… four billion years. Just like the two galaxies, two worthy causes – combatting transnational bribery and protecting personal data – have been on a collision course for some time. However, unlike the predicted Milky Way-Andromeda encounter, we do not have to wait long to witness the clash between the requirements of international anti-bribery laws and those of personal data protection laws. The first effects of this may be seen in May 2018, when the enforcement of the European Union’s General Data Protection Regulation (GDPR) will have arrived. There is even a convenient countdown clock at www.eugdpr.org for those of us who are fascinated with recurring doomsday predictions. One of the most spectacular effects to watch for is the GDPR Article 10’s prohibition on reviewing criminal background information of individuals, which is squarely opposed to the need to review criminal background information on individuals as part of anti-bribery due diligence. There is still time to resolve this potential conflict. TRACE International and McCann FitzGerald have prepared a position paper on the GDPR Article 10’s potential obstacles to anti-bribery due diligence, advocating for a coordinated implementation by EU member states of laws authorising companies to continue with robust anti-bribery due diligence reviews of third parties. Only a prompt coordinated legislative effort across the European Union may prevent the most spectacular aspect of the clash between the GDPR and international anti-bribery laws.

Anti-bribery requirements

Everyone reading this magazine is familiar with the international anti-bribery regime, which has coalesced around the US Foreign Corrupt Practices Act of 1977. Although the post-Watergate (FCPA) was all but dormant for more than two decades after its inception, with only occasional prosecutions of egregious cases, it was revived in the early 2000s. Since then, each successive FCPA enforcer has kept up the momentum. FCPA penalties against companies (often those based in the EU) have reached hundreds of millions of dollars. The combined penalties of the top 10 FCPA enforcement actions exceed $6billion and six involve companies headquartered in the EU. Despite President Trump’s criticism of the law, Attorney General Jefferson Sessions has offered assurances that FCPA enforcement will continue apace. Indeed, the latest www.ethicalboardroom.com

mega-FCPA enforcement action came down in September 2017 against Telia Company of Sweden, whose combined penalties and disgorgement were just shy of $1billion. Smaller FCPA enforcement actions against companies and individuals are announced most months. The FCPA is not alone. The UK has its Bribery Act of 2010, which in some aspects is even stricter than the FCPA. In fact, all EU member countries have adopted analogous transnational anti-bribery legislation to implement the international treaties they signed: the Organisation for Economic Co-operation and Development Convention of Combating Bribery of Foreign Public Officials in International Business Transactions, the European Union Convention Against Corruption Involving Officials and the Council of Europe Criminal Law Convention on Corruption. All these laws prohibit bribery of foreign public officials to obtain or retain business, including through the use of third parties. The prohibition against indirect bribery of foreign officials is broad. Even if a company contractually forbids its sales representatives, distributors, intermediaries, consultants, customs brokers, freight forwarders or similar service providers to pay bribes on its

Just like the two galaxies, two worthy causes — combatting transnational bribery and protecting personal data — have been on a collision course for some time. However, unlike the predicted Milky Way-Andromeda encounter, we do not have to wait long to witness the clash between the requirements of international anti-bribery laws and those of personal data protection laws behalf and further avoids giving them any explicit authorisations or directives concerning bribes, actions of such third parties in foreign countries may still lead to criminal or civil liability for the company. This may occur if the company is found to have ignored or failed to exercise reasonable efforts to discover indications that the third party would or was likely to engage in bribery. The UK Bribery Act is even more explicit in making it an offence for a company to fail to prevent bribery on its behalf.

Anti-bribery due diligence is the only effective countermeasure that companies can deploy against potentially crippling enforcement actions for misconduct of their service providers abroad. Over time, statutory provisions, prosecutions, enforcement actions, official guidance documents and less official pronouncements from law enforcement agencies and relevant intergovernmental organisations have combined to ensure that anti-bribery due diligence is a very invasive inquiry into the reputation, qualifications and background of third parties, their owners, managers, key employees and relatives. Nothing of any importance or relevance is left unturned in the search for a potential clue that the third party or associated individuals may engage in bribery. Are they qualified to provide the services in question? Where did they work in the past and what else are they doing now? Are they related or otherwise connected to government officials? Does anyone involved have official authority or influence over government decision-making? And, most importantly, is there anything in the background of the third parties or associated individuals that may indicate proclivity to engage in corrupt behaviour? In other words, anti-bribery due diligence processes corporate and personal data – lots of data.

EU data protection requirements

With all the talk about the GDPR, the EU data protection regime is not new. While the Americans have their ‘inalienable rights’ such as life, liberty and the pursuit of happiness, the Europeans have ‘fundamental rights’, among which is ‘the right to the protection of personal data’. The GDPR is the result of the progression from the European Convention on Human Rights of 1950 (which guaranteed the right to privacy), to the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data of 1980, to the EU Data Privacy Directive of 1995 and the EU Charter of Fundamental Rights of 2000. For the most part, the EU Data Privacy Directive of 1995, as implemented by member states, has not been unduly burdensome for companies and any violations have not been punished too severely. The approaching GDPR exhibits all the signs of a major change. The GDPR may even one day rival the FCPA in the onerousness and the complexity of its many compliance requirements, the worldwide reach and the size of potential penalties. First, unlike the EU Data Privacy Directive, the GDPR’s provisions will have immediate binding legal force in every EU country. Second, the 99 articles on 88 pages of the GDPR will impose numerous complex rules and require evidence-based demonstrable compliance. Third, data protection authorities will wield significant ‘corrective powers’, including: Winter 2018 | Ethical Boardroom 103

Regulatory & Compliance | Anti-Bribery v Privacy ■■ Administrative fines of up to €20million or four per cent of the total worldwide annual revenue, whichever is higher ■■ The power to restrict or ban processing of personal data ■■ The power to suspend personal data flows outside the EU or to an international organisation Like the EU Data Privacy Directive, the GDPR will require EU-based companies to apply GDPR protections to personal data of all individuals whose data they process, regardless of whether those individuals live in the EU. However, the GDPR will cover not only EU-based companies, it will also apply to non-EU companies that sell their products or services to EU residents and non-EU companies that ‘monitor [EU residents’] behaviour as far as their behaviour takes place within the Union’. This means that conducting anti-bribery due diligence on a third party that may be associated in some way with EU residents may fall within the GDPR’s purview, regardless of where the principal or third-party companies are located because such due diligence would involve monitoring behaviour of EU residents as it relates to corruption. Although these features of the new EU data protection regime are untested and the

The coming collision

Now that we have established that the two legal regimes – combatting transnational bribery and personal data privacy – are of comparable size in terms of their potential business impact and thus should both attract attention from corporate management and boards, this article’s title no longer appears so far-fetched – any conflict between anti-bribery laws and the GDPR should raise alarm. Even apart from the specific language of the laws, the two regimes have conflicting goals. One seeks to bring transparency to international transactions, uncover shady deals, expose corrupt actors, reveal bribes camouflaged as commissions or service fees. To do so, it needs to bring out into the open what some wish to hide. The other regime is all about regulating, restricting, minimising and at times prohibiting the processing of personal data and making sure that the companies, still willing to process personal data after all that, treat personal data as a valuable asset belonging to individuals and account for the use of this asset to these individuals and supervising authorities. In the opinion of EU data protection authorities, ‘even individuals engaged in illegal activities should not be subject to

for data processing are secure and implement a myriad of other safeguards, technical and organisational measures, controls and compliance mechanisms. However, the most troubling part of the GDPR for anti-bribery due diligence is its Article 10, which provides that the processing of personal data relating to criminal convictions and offences ‘shall be carried out only under the control of official authority or when the processing is authorised by Union or Member State law providing for appropriate safeguards for the rights and freedoms of data subjects’. To the author’s knowledge, there is currently no such law in the European Union that specifically authorises the processing of personal criminal background information for purposes of anti-bribery due diligence and includes appropriate safeguards.1 A prohibition to inquire into individuals’ criminal backgrounds will effectively eviscerate the anti-bribery vetting process. If this legislative gap is left unresolved by May 2018, companies may face a dilemma between complying with their international anti-bribery due diligence obligations or with the GDPR, with each option presenting a risk of an enforcement action and significant fines.

COLLISION COURSE The arrival of GDPR in May could complicate anti-bribery efforts

degree of the enforcement vigour remains to be seen, there is little likelihood that the EU data protection authorities will choose to exercise significant restraint in using all of the tools now available to them, especially given the proliferation of private data breaches in recent years and the calls for the governments to do something. To prove this point Helen Dixon, Irish Data Protection Commissioner, has stated that she is ready to impose fines to the GDPR’s limit in appropriate cases and that there will be no ‘amnesty or first or second chances’ for GDPR violators. Moreover, large potential fines destined for national coffers may prompt governments to allocate more resources to the GDPR enforcement efforts. 104 Ethical Boardroom | Winter 2018

A prohibition to inquire into individuals’ criminal backgrounds will effectively eviscerate the anti-bribery vetting process disproportionate interference with their [privacy] rights and interests’. Companies will have to find ways to reconcile the opposite goals of the two regimes. At the very least, the GDPR will require companies conducting anti-bribery due diligence to articulate the legal basis for processing personal data, justify the scope of personal data collected, be transparent about such processing, be prepared to facilitate data subjects’ exercise of their data protection rights listed in the GDPR, ensure that IT systems used

Please contact the authors if you are interested in finding out more about the GDPR Article 10’s potential obstacles to anti-bribery due diligence or to join TRACE’s working group exploring solution to these obstacles. 1 The current EU and EEA data protection regime features a patchwork of approaches, where some countries have come up with a case-by-case authorisation or licensing mechanism for processing of personal criminal data, while others have no basis for such processing in the context of anti-bribery due diligence, and yet another group of countries treat criminal data as other ‘sensitive data’. While this issue may have existed all along, the arrival of the GDPR with its sizable penalties has brought it into the open

www.ethicalboardroom.com

Steinenring 60, 4051 Basel, Switzerland +41 61 205 55 11

info@baselgovernance.org www.baselgovernance.org

Regulatory & Compliance | Money Laundering

Steve Goodrich & Ben Cowdock

Members of the Corruption Research Team at Transparency International UK

The secret life of shell companies Once seen as the preserve of exotic offshore jurisdictions, these money–laundering tools have been turning up a lot closer to home The Paradise and Panama Papers have given us an unparalleled insight into how fake businesses – often known as ‘shell companies’ – have been used globally to conceal illicit assets, evade sanctions and allow corrupt individuals to enjoy their ill-gotten gains with impunity. When a luxury London pad or house in the Home Counties is bought with illicit funds, you’re almost certain to encounter a business registered in a secrecy jurisdiction – places where the names of company owners are kept behind closed doors. Many of these can be found in the palm-fringed paradises of the UK’s Overseas Territories and the charming isles of its Crown dependencies. However, recent research by Transparency International UK shows many of these criminal schemes are made possible by those far closer to home. Through an analysis of 52 major global corruption scandals involving more than £80billion, we identified 766 different UK-registered shell companies playing a key role in transporting illicit funds. Based on what we found, there could be thousands more of these fake businesses being used to move tens of billions in corrupt wealth worldwide. Although this might seem strange at first, the prevalence of UK companies in these schemes is no coincidence. They have been hand-picked by criminals and here’s why.

Scratching the surface

Companies registered in the UK offer instant legitimacy. Its reputation as a respectable international business hub is well known. Because of this, companies registered here are often deemed lower risk by banks and other businesses interacting with them. Without proper due diligence checks, this can allow them to cause some serious damage. 106 Ethical Boardroom | Winter 2018

In one scheme alone, uncovered by the Organised Crime and Corruption Reporting Project (OCCRP), 17 UK banks handled more than half a billion pounds worth of suspicious wealth emanating from Eastern Europe, which was being channelled by hundreds of UK-registered shell companies. With the aid of British banks, these companies were able to disperse the money through investments spanning fine furs to private school fees, sometimes to unsuspecting recipients. When talking about the funds it received from the scheme, Millfield School – a prestigious private school in Somerset – said: “The payment was made from a UK bank account and did not appear in any way suspicious at the time.” Businesses failing to understand their clients and customers allow this mistake to be repeated.

Swift incorporations

Far from being an indicator of respectability, anyone can form a UK company from anywhere in the world. And it’s cheap. While a Panamanian company will set you back around £1,000, you can go online and form a UK company yourself for £12 in a matter of minutes. If you incorporate direct through Companies House there are no due diligence checks on who you are – you’d encounter less ID checks than boarding a fl ight. In theory, registering via a regulated agent – otherwise known as Trust and Company Service Providers (TCPSs) – is more secure as they are required by law to undertake money-laundering checks on all customers. However, recent studies have shown that these rules are often ignored or applied sporadically by the sector.

Company factories

We have found a number of formation agents who have been creating secretive corporate structures using UK companies on an industrial scale without even being

SHELL SUIT Fake businesses in a UK wrapper are being used to move corrupt wealth worldwide www.ethicalboardroom.com

Money Laundering | Regulatory & Compliance registered with a money-laundering supervisor – a legal requirement. Indeed, a quarter of the agents listed on Companies House’s website as bulk incorporators were unregistered. Even a handful of these rogue agents can help shift billions of illicit funds in a relatively short period of time.

Lax supervision

Even those TCSPs that are registered with a money-laundering supervisor are not sufficiently incentivised to carry out thorough checks on their clients. The last available information published by HMRC showed its fines for non-compliance in 2014/2015 averaged just over £1,100, peanuts compared to the profits to be made moving illicit money around the globe. This could explain why the sector has been so poor at reporting suspicious activity – which is required by law – to the UK’s National Crime Agency (NCA). According to the latest available data, as a whole the sector submitted just 74 reports over 12 months between 2015 and 2016. Based on the evidence we have, this is likely to be only a small fraction of potential suspicious activity within this industry. To make matters worse, money launderers are not confined to choosing a UK-based TCSP. Thanks to the ease of online incorporations, UK companies can be set-up from anywhere in the world. This global activity has not been accounted for in law, with non-UK TCSPs not bound by UK money-laundering regulations, but by those of the jurisdiction in which they operate. Relying on other jurisdictions to enforce moneylaundering rules poses significant risks. Whilst the UK’s performance in this area has been poor, other countries’ has been worse. Less than a quarter of countries assessed by the Financial Action Task Force – an international body that assesses countries’ money-laundering defences – had sufficient systems to prevent the setting up and abuse of shell companies. This means that the UK is relying on weak money-laundering systems to protect the integrity of its We have found a company register. number of formation own To compound all of the above is agents who have the wholesale trade of companies between agents, which makes been creating it unclear who should have secretive corporate undertaken due diligence checks and at what point in the process. structures using UK Recent revelations have shown companies on an how this trade works, with agents buying ‘off-the-shelf’ packages industrial scale of companies from each other, without even being depending on their client’s needs. registered with a This explains why UK agents were the second most popular money-laundering intermediaries of choice for supervisor — a legal Mossack Fonseca – the infamous law firm at the centre of the requirement Panama Papers scandal. www.ethicalboardroom.com

Winter 2018 | Ethical Boardroom 107

Regulatory & Compliance | Money Laundering Although the size of this wholesale market is unknown, based on our research we think it could involve thousands – if not tens of thousands – of UK companies. As long as these practices continue, the risks carried by companies formed and sold in this way continue to be significant.

However there are still those who are intent on ignoring these rules by not reporting a PSC or putting the name of some unsuspecting individual as their beneficial owner. So if something doesn’t seem right about a company, there are a number of details to check in order to give you peace of mind.

What is being done

Location, location, location

From 2017, most legal entities incorporated Mail forwarding and virtual offices are in the UK have to reveal the names of an essential and legitimate part of many their ultimate beneficiaries to Companies businesses. They are also a constant feature House. This is published on the persons of of companies we found to be involved in significant control (PSC) register. Available financial wrongdoing. Providing a superficial via the Companies House website, PSC has layer of legitimacy, as well as distance from added an essential insight the ultimate owner of the into who might be hiding company, certain addresses While giving the behind the corporate veil. appear repeatedly in appearance of a As with all new things, Companies House data. Half UK legal entity, there are some teething of the 766 UK companies problems. Currently, just six we identified in our research tens of thousands people at Companies House were registered at just eight of firms registered addresses, with 105 based are tasked with tackling non-compliance with at a single rundown office in here represent company law and it does not Potters Bar. The concentration little more than verify what it is submitted. of these shell companies in Despite this, the benefits of secretive offshore a relatively small number of a public register mean that clearly show hotspots companies within places the business community and of poor due diligence, which a UK ‘wrapper’ civil society can interrogate allow money laundering the data and provide activity to go unchecked. feedback to Companies House which Often these addresses house hundreds, can then make changes to improve the if not thousands, of other companies whose quality of data. In partnership with purpose or real owners are not immediately investigative journalists, we at Transparency apparent. So, if you aren’t sure about a International UK have submitted details of potential business client, it might be worth hundreds of companies we think are trying checking their registered address and the to evade these new transparency rules. background of other companies based To help navigate and interpret what is there. These ‘company factories’ are often currently being published, there are a semi-permanent fixtures, with batches number of characteristics that can help of entities dissolved en masse, often after identify if a UK company might be involved a big corruption scandal has been exposed. in money laundering. Based on what we have With this in mind, it’s worth using data seen from our research, here are some tips from Companies House or third-party and pointers on what to look out for. tools like OpenCorporates to identify the rate of incorporations and dissolutions at Offshore via the UK suspicious addresses. Cross-referencing this While giving the appearance of a UK legal data with your list of clients might produce entity, tens of thousands of firms registered some red flags for further investigation. here represent little more than secretive Nominee directors offshore companies within a UK ‘wrapper’. Whilst nominee directors don’t technically In the past, Limited Liability Partnerships exist in the UK – with directors legally (LLP) and Scottish Limited Partnerships responsible for the actions of a company (SLPs) have been popular vehicles for money – this has not deterred money launderers launderers because they can be controlled from using proxy directors to keep their by two secretive offshore corporate partners names off the paperwork. Some of these – for example, companies based in the proxies have become synonymous with British Virgin Islands or Belize (thus hiding the ultimate owner) – and their minimal reporting requirements. In recent years, both LLPs and SLPs have been brought within the scope of the UK’s PSC register, making it harder for money launderers to hide using UK companies without lying to Companies House and breaking the law. 108 Ethical Boardroom | Winter 2018

wrongdoing, such as Ian Taylor, infamous for – among a myriad of money-laundering schemes – directing a company used to help North Korea evade sanctions. If enforced properly, the UK’s PSC register mitigates the threat of proxy directors, but there is still a long way to go for Companies House to ensure these rules are implemented in practice. A quarter of the firms we identified in our research remain active today and have found a variety of ways to flout company law. If you come across companies with a suspicious director on the UK register, it is worthwhile checking as many sources as possible – from elsewhere on Companies House to the ICIJ’s Offshore Leaks database – to try and identify if the name on the screen you are dealing with is likely to be the real person controlling the company.

Follow the money

Where a company does its banking can tell you as much as anything you find on Companies House, possibly more. Our research found that money launderers based in Eastern Europe have taken advantage of the relationships between some TCSPs and Baltic banks specialising in ‘financial logistics’ (in layman’s terms this means moving money around the world). As a result, lots of UK companies – particularly LLPs and SLPs – have been sold with Baltic Bank accounts as a package. By doing this, those who control these firms gain access to the global financial system without undergoing the same level of due diligence carried out at UK banks.

Becoming a beacon for responsible business

Companies based in the UK might not be as clean as we would like to think. The 766 firms we identified are likely to be just the tip of the iceberg in terms of the widespread abuse of UK legal entities. Thousands of other suspicious firms are still active, which share the same address, proxy directors and corporate partners as those we identified. These companies and the system that allows their creation represent an ongoing threat both to the UK’s international reputation as a clean and safe place to do business, as well as those around the world who suffer from the corruption and other crimes facilitated by these firms. With Brexit just around the corner, the UK can ill-afford to develop a reputation as a place to do business for money launderers and crooks. To address this threat and become a beacon of responsible business around the world, we need data at Companies House that can be relied on and a well-regulated company service sector that can guard against criminal elements looking to hijack our financial system. www.ethicalboardroom.com

KEEPING IT ABOVE BOARD

PLACE YOUR ADVERT HERE It’s the best way to

reach your audience that is spread over

60 countries to know the latest in

Board Leadership • Board Governance Technology • Activism & Engagement Regulatory & Compliance • Risk Management “Essential reading for boards who want to stay ahead of the governance curve”

Contact: Guy Miller email: guy@ethicalboard.com twitter.com/EthicalBoard

www.linkedin.com/in/ethicalboardroom/

Regulatory & Compliance | Human Rights

Athena Arbes & Nicolas Tollet

Athena is an Associate and Nicolas is Counsel at Hughes Hubbard & Reed LLP

Upholding human rights through the lens of due diligence Businesses are expected to make clear their responsibilities and proposed action for protecting individuals from abuse Maintaining human rights has long been presumed to be the primary responsibility of the state. Since the United Nations was founded in 1945, international declarations and conventions calling for protection against violations of, for example, forced labour, discrimination and the right to fair remuneration, were addressed only to governments.

However, with the expanding global market, there has been growing attention focussed on the impact that corporations and international businesses can have on human rights and pressure is on such entities to address these issues when undertaking their activities. Allegations of exploitation of Syrian refugees1, forced labour2 and fi ring of pregnant women3 are just a few of the recent stories about allegations of human rights abuses of workers in factories supplying well-known retailers. While these abuses often occur in factories run by subcontractors and not by the retail corporation directly, companies are expected to know and prevent such abuses and can be held responsible by the press and the public when human rights abuses occur in their supply chain. Increasingly, companies face not only reputational harm but potential legal consequences in the courts, too. Indeed, the emerging international trend has been to hold companies of a certain size and scope responsible to ensure human rights are respected throughout their supply chains. To do so, over the past decade, international institutions have issued

110 Ethical Boardroom | Winter 2018

recommendations and, following suit, governments have begun to implement national legislation to create obligations on certain corporations to conduct due diligence focussed on identifying and remediating such abuses.

Guiding Principles

The United Nations was one of the first, and arguably the most influential, international institutions to call for corporate responsibility of human rights. After a six-year study, in 2011 it issued recommendations that were directed both at states and at corporations. These recommendations, entitled the United Nations Guiding Principles on Business and Human Rights, called for businesses to undertake due diligence to enable them to identify, prevent, mitigate and account for how they address potentially adverse human rights impacts caused by their operations. Since companies vary in size, scope and complexity, the UN acknowledged that a ‘one-size-fits-all’ approach was impractical and recommended that companies undertake a risk mapping exercise. To do so, companies are to evaluate the likelihood and severity of potential and actual impact that their business activities and their business partners may have on various stakeholders, including their own employees, workers in their supply chain, end-use customers of its products and services and local communities. Such an exercise is meant to be conducted periodically, as risks may change according to evolving circumstances. For companies who have already implemented corruption-focussed due diligence procedures in their compliance programmes, this approach may sound familiar. As many companies already know, third-party relationships pose perhaps the largest category of risk that a company faces in the anti-corruption context and with

human rights abuses there is similarly a heightened risk profi le flossing from such relationships. Due diligence mechanisms that seek out and prevent risks of corruption and bribery, required under laws, such as the US Foreign Corrupt Practices Act or the French anti-corruption law commonly referred to as Sapin 2, can be used here as well, albeit for a different end.

Taking action

Once a company has completed its risk mapping exercise, the UN’s guiding principles anticipate that the company will assess the impact of identified risks and take appropriate mitigating measures. Taking appropriate action means both addressing the impacts that a company can mitigate as well as reporting those actions. Th is communication may take various forms and formal disclosure is only required where a company has discovered risk of material adverse impacts pursuant to relevant contractual (e.g. financing) or legal (e.g. if the company is listed) obligations. Although the UN Guiding Principles specify that it is a company’s duty to remedy negative impacts it has caused or contributed to, obligating companies to do so has been problematic for the United Nations. As a set of ‘principles’ issued by an international body, the Guiding Principles face the same shortcomings as other international declarations and conventions; its audience is countries, not the corporations that are housed within them and, even then, the UN’s guiding principles are voluntary measures for best practices. These shortcomings are not lost on the UN itself, as the UN High Commissioner’s Office stated in its interpretive guide to these principles in 2012, a company ‘cannot be expected to provide for remediation unless or until it is obliged to do so (for instance, by a court)’.4

www.ethicalboardroom.com

Human Rights | Regulatory & Compliance Nevertheless, other international institutions have taken steps to reinforce the UN’s call for corporate responsibility for human rights through subsequent and continued recommendations, reports and conferences. The same year that the UN published its guiding principles, the OECD issued its Guidelines for Multinational Corporations, updated to reflect the UN’s work in an additional chapter on human rights and outlining its approach to due diligence and supply chain management. It has continued to issue non-binding guidance, applying the general framework of due diligence to industry-specific problems, such as recent recommendations on how to perform due diligence in the garment industry.5 More recently, the International Labour Organisation issued its Tripartite Declaration of Principles concerning Multinational Enterprises and Social Policy, updated in March 2017, yet again calling for due diligence to be performed by multinational enterprises to prevent adverse impacts on human rights through their operations, even if the company has not directly contributed to those impacts.6

Legislation

Despite these efforts of international organisations to call for due diligence to be conducted to prevent human rights abuses,

making remedial action compulsory for corporations is still left to national legislation. Binding legislation has, until 2017, been focussed primarily on reporting and disclosure requirements to encourage due diligence without attaching civil liability in case of non-compliance. For instance, while the 2015 UK Modern Slavery Act requires companies with a turnover of at least £36million and which operate in the United Kingdom to disclose actions they have taken to ensure slavery and human trafficking do not occur in their supply chains, this law is limited in scope, content and penalty.7 First, it affects only companies with respect to slavery and human trafficking and, second, the law only requires reporting of its findings, obligating the company to merely post a public statement on its website. There is no risk of financial penalty for failing to report. Similarly, the EU amended its Directive on Disclosure of Non-Financial and Diversity Information by Certain Large Undertakings and Groups for certain public interest companies with more than 500 employees.8 However, these too are general disclosure requirements, with no direct financial sanctions included in the text. In 2017, however, there have been legislative developments which seek to prevent abuses to human rights through mandatory due diligence, as envisioned by the UN.

STAMPING OUT ABUSES The UN has called for organisations to conduct due diligence regarding human rights

Although the UN Guiding Principles specify that it is a company’s duty to remedy negative impacts it has caused or contributed to, obligating companies to do so has been problematic www.ethicalboardroom.com

Winter 2018 | Ethical Boardroom 111

Regulatory & Compliance | Human Rights

In March of last year, France adopted a new law,9 known as the ‘law on the duty of care’, requiring French parent companies and their subsidiaries10 using suppliers and subcontractors to institute preventive and remedial measures on both themselves and companies within their supply chain. Specifically, to ensure the prevention of abuse to human rights, the law requires that these companies create a vigilance plan, which includes five elements: (i) an assessment to identify, analyse and categorise risks; (ii) procedures to regularly evaluate the company’s affiliates, subcontractors and service providers; (iii) actions adapted to attenuate risk and prevent such infractions; (iv) an alert system and a system for collecting these alerts; and (v) a system to monitor the implementation of these measures. These plans must be made public and published in companies’ annual reports and French courts are able to compel them to do so and to demonstrate that the plans were effectively implemented. Failing to do so will open the corporations up to monetary fines issued by the court, in the form of daily injunctive fines and those issued in general tort. France is not the only European jurisdiction in which duty of care laws have been envisaged. Germany adopted a National Action Plan for Business and Human Rights, in which there is a proposal for state-owned companies and private companies with more than 5,000 employees to conduct due diligence to prevent abuses of human rights. While still voluntary for private companies, if 50 per cent of them have not implemented such measures by 2020, the government will consider imposing binding legislation. Similarly, Switzerland contemplates establishing mandatory due diligence aimed at protecting human rights and the environment in an initiative entitled the Responsible Business Initiative.

Risk factors

Some critics view these laws as expanding the scope of corporate duty to an undue degree. Viewed through another perspective, however, these laws can be seen as incentivising companies to undertake due diligence of their supply

TAKING ACTION Compliance training is becoming more important as sanctions hold bad apples accountable for abuse

112 Ethical Boardroom | Winter 2018

chains to avoid the negative reputational and other effects that allegations of human rights abuses have, in the past few years, had on corporations. Consequences, such as loss of reputation and brand, loss of investor confidence, diminution of customer base and loss of business opportunity, have been and will continue to be significant risks that modern corporations are subjected to in the face of such allegations.

For the last several years, with increased financial exposure arising from corruption-related prosecutions, companies have been developing stronger anticorruption compliance and due diligence requirements throughout their supply chain Although the implementation of new due diligence standards to take into consideration potential human rights abuses will require additional resources, companies are encouraged – by relevant guidance and legislation – to ensure that they are undertaking such efforts with a risk-based approach. Doing so and combining where possible, the assessment of human rights risks with the assessment of other third-party risks (such as those relating to corruption) will help to mitigate the financial impact that such requirements might have. To echo the UN’s Guiding Principle 17, it is unreasonable to expect that a large corporation perform due diligence on each and every one of the entities in its value chain, the number might be too great. In such a case, businesses should devote resources to areas where the risk of the negative impact to human rights is the greatest. In addition, companies that embrace such requirements may actually find that they have greater access to financing than companies who could be considered non-compliant. Financial institutions, such as the 92 members of the Equator Principles Association which include banks, such as BNP Paribas, Banco Santander, CaixaBank, Crédit Agricole, Citigroup, First Abu Dhabi Bank, HSBC,

SMBC and export credit institutions such as UKEF, have in the past few years increasingly demanded that assessments of environmental and social risks be performed prior to granting financing.11 Companies have also been requested to include undertakings to set up a human rights compliance programme in their project financing. Similarly, investors are putting provisions in their commercial contracts, stipulating that they may inquire as to whether due diligence has been performed and auditors are requesting such information in their assessments. Statutory auditors, in particular in France following the enactment of the duty of care law referred to above, are becoming more and more curious about their clients’ human rights compliance programme. For the last several years, with increased financial exposure arising from corruption-related prosecutions, companies have been developing stronger anticorruption compliance and due diligence requirements throughout their supply chain. Corporations should take advantage of these efforts and include an assessment of human rights implications in the due diligence they perform on their suppliers, subcontractors and joint venture/ consortium partners. Companies should also consider inserting human rights audit clauses in their third-party agreements to ensure that (i) their third-party contractors abide by any applicable code of ethics and (ii) they themselves verify the like with their own third-party contractors. As the above indicates, with respect to implementing due diligence for human rights, from an ethical, financial and regulatory perspective, an ounce of prevention is worth a pound of cure. Kierean Guilbert, European Chains Profit On back of Syrian Refugees In Turkish Factories: watchdog, Reuters Online (Nov. 3, 2017). 2 Peter Bengtsen, Workers Held Captive In Indian Mills Supplying Hugo Boss, The Guardian Online (Jan. 4, 2018). 3 Emma Graham-Harrison, M&S And Others Supplied By Factories That Mistreat Workers, Rights Group Says, The Guardian Online (March 12, 2015). 4 Office of the High Commissioner, United Nations of Human Rights, The Corporate Responsibility to Respect Human Rights, An Interpretive Guide (2012). 5 OECD, OECD Due Diligence Guidance For Responsible Supply Chains In The Garment And Footwear Sector (2017). 6 International Labour Organisation, Tripartite Declaration of Principles Concerning Multinational Enterprises And Social Policy (2017). 7 Section 54 (‘Transparency in Supply Chains’), Annex A, Modern Slavery Act (2015). 8 Directive 2014/95/EU of the European Parliament and of the Council of 22 October 2014 amending Directive 2013/34/EU as regards disclosure of non-financial and diversity information by certain large undertakings and groups. 9 Loi n°2017-399 du 27 mars 2017 relative au devoir de vigilance des sociétés mères et des entreprises donneuses d’ordre (March 28, 2017). 10 Specifically, the law applies to companies incorporated or registered in France for two consecutive fiscal years which either employ 5,000 people in France or at least 10,000 people in France and abroad. 11The Equator Principles (2013). See also Thun Group of Banks, Discussion Paper on the Implications of UN Guiding Principles 13 & 17 in a Corporate and Investment Banking Context (2017). 1

www.ethicalboardroom.com

Women On Board™ Catalyst Women On Board™ accelerates change in the boardroom using a simple and powerful tool: SPONSORSHIP MEET YOUR NEXT BOARD DIRECTOR

LINDA L. ADDISON

CLAIRE BABINEAUX-FONTENOT

VICTORIA L. DOLAN

Immediate Past Managing Partner, United States Norton Rose Fulbright

Former Executive Vice President and Treasurer Walmart Stores, Inc.

Chief Transformation Officer Colgate-Palmolive Company

MENTORS/SPONSORS DAVID ABNEY Chairman and CEO UPS

PETER T. GRAUER Chairman Bloomberg LP

DOMINIC BARTON Global Managing Partner McKinsey & Company

MARILLYN A. HEWSON Chairman, President and CEO Lockheed Martin Corporation

URSULA BURNS Retired Chairman and CEO Xerox Corporation DOUGLAS R. CONANT Chairman Kellogg Executive Leadership Institute

MARIE T. GALLAGHER

KAREN M. GOLZ

STEPHANIE C. HILL

Senior Vice President and Controller PepsiCo, Inc.

Former Global Vice Chair Ernst & Young Global Limited

Senior Vice President of Corporate Strategy & Business Development Lockheed Martin Corporation

IAN COOK Chairman, President and CEO Colgate-Palmolive Company MARY CRANSTON Corporate Director VISA, The Chemours Company, MyoKardia

DR. ILHAM KADRI

CHRISTINE KATZIFF

LESLIE STARR KEATING

President & CEO Diversey

Corporate General Auditor Bank of America

Executive Vice President, Supply Chain Strategy and Transformation Advance Auto Parts

JACKI KELLEY

GALE V. KING

LORRAINE M. MARTIN

Executive Vice President and Chief Administrative Officer Nationwide Insurance Company

Executive Vice President and Deputy, Rotary and Mission Systems Lockheed Martin Corporation

LORI MITCHELL-KELLER

DIANE S. REYES

SUSAN STALNECKER

Global General Manager Consumer Industries SAP

Group General Manager and Global Head of Liquidity and Cash Management HSBC

Retired Vice President, Finance and Treasury DuPont

Deputy Chief Operating Officer Bloomberg LP

ANNE TAYLOR

MELINDA M. WHITE

Vice Chairman and Managing Partner Deloitte LLP

Chief Executive Officer Black Walnut Ventures

DAVID DILLON Retired Chairman The Kroger Co. CATHERINE ENGELBERT CEO Deloitte

MICHEL LANDEL Group CEO Sodexo MARC LAUTENBACH President & CEO Pitney Bowes Inc. TERRY LUNDGREN Executive Chairman and Chairman of the Board Macy’s Inc. CHRISTOPHER J. SWIFT Chairman & CEO The Hartford JAMES S. TURLEY Retired Chairman & CEO EY JOHN B. VEIHMEYER Retired Global Chairman KPMG International MAGGIE WILDEROTTER Retired Chairman and CEO Frontier Communications

Special thanks to The Rockefeller Foundation for its generous financial support of the Catalyst Women On Board™ US initiative, our Corporate Sponsors, and to our Program Partner, 30% Club US.

To learn more, contact: Meesha Rosa, mrosa@catalyst.org CATALYST.ORG | CATALYSTWOMENONBOARD.ORG

Global News Australasia CBA’s new CEO causes a stir

Rugby Australia appoints first female CEO Raelene Castle has become the first woman to take charge of a national rugby governing body, taking up the position of CEO at Rugby Australia. Succeeding former CEO Bill Pulver, the New Zealander is also the first female to become CEO of a major Australian sporting code. Rugby Australia chairman Cameron Clyne described Castle as an ‘extremely impressive

executive who covered every base as far as what the board was looking for in a chief executive officer to lead our game into an important new chapter’. In January, Rugby Australia announced that the country’s men and women’s rugby sevens teams will start on the same pay. Female players representing the 15-a-side team will receive test match payments for the first time.

Pacific institute promotes quality governance International Finance Corporation (IFC), a member of the World Bank Group and supported by the Australian Government, has unveiled the Pacific Corporate Governance Institute (PCGI) to promote good governance practices in the region. The PCGI, endorsed by the Reserve Bank of Fiji, will help improve the performance of Pacific companies, state-owned enterprises and banks through education of good corporate standards, market awareness and advocacy.

“In today’s world, good corporate practices are vital to help business, enterprises and banks survive and thrive,” said Deva De Silva, IFC resident representative for Fiji, Samoa, Tonga and Kiribati. “This institute could be a game-changer for the region, giving the private and public sectors an avenue to help build a more sustainable future and to ensure there are high-quality directors — and more women — sitting on the boards of companies around the region.”

Raine & Horne embroiled in graft probe Australian real estate giant Raine & Horne International’s office in Kuala Lumpur has been implicated in an alleged corruption scandal involving the sale of prime Melbourne property. The 280-room city apartment building (inset) near Melbourne University was valued by the Kuala Lumpur branch at A$43million, despite the fact that the building’s

114 Ethical Boardroom | Winter 2018

seller, Australian businessman Lionel Harber, had simultaneously valued it at $23.5million. According to The Sydney Morning Herald, it is alleged that officials working for the head of the Malaysian government’s anti-poverty fund, Mara, organised for the building to be deliberately overvalued. Raine & Horne in Australia told the newspaper that its offshore arm pays a fee to use the firm’s name, but is run by Malaysian managers, who insisted the A$43million valuation was appropriate.

The Commonwealth Bank of Australia (CBA) has been accused of ‘missing a chance to change its culture’ with the appointment of Matt Comyn as its new chief executive. Comyn, who currently heads CBA’s retail banking unit, will start the CEO role in April. He replaces Ian Narev who stepped down amid allegations that the bank had repeatedly breached anti-money-laundering and terrorism financing laws. Whistleblower Jeff Morris, who exposed corrupt practices at CBA, leading to a parliamentary inquiry, told ABC’s The 7.30 Report that he believed the board had ‘failed in its duty and missed an opportunity to make a fresh start by appointing an outsider with a mandate to make any changes thought necessary’. Morris said: “This is a deliberate statement that they don’t want it to change, that they want it to stay the same, that they want to continue putting profit before people regardless of the cost, and that basically they don’t seem to be that worried about the damage that they’ve done to their reputation so far.”

New Zealand stats on gender revealed

Bigger companies are more likely to have women directors, according to data released by the New Zealand stock exchange operator (NZX). More than a quarter of the top 50 listed companies have female board members compared with 14 per cent for companies outside the top 50. Male directors still outnumber women at NZX-listed companies with 81 per cent men and 19 per cent women. Thirty-two of 164 NZX-listed companies still lack any female thinking at the highest level with zero female board members. According to the NZX Gender Diversity Statistics report, 10 women now have a seat at previously all-male boardroom tables in New Zealand. www.ethicalboardroom.com

Risk Management | Artificial Intelligence

AI and reputational risk: An ESG perspective

Getting to grips with the ESG risks and opportunities associated with artificial intelligence In the recent past – especially in the last year – the world has witnessed a barrage of articles, pronouncements, edicts, warnings, promises and alarms about the imminent, pervasive, liberating and dangerous nature of artiﬁcial intelligence (AI).

This article examines the potential reputation risks and opportunities associated with the AI phenomenon. To do so effectively, we deploy an AI environmental, social and governance (ESG) lens, which helps us to understand and categorise AI ESG risk and opportunity, provide a snapshot of who the key actors and stakeholders are and suggest some of the questions that management and the board should be asking. The future of AI is now. We haven’t seen anything yet – we learn daily and with lightning speed what AI’s actual and potential short, medium and long-term impacts are and might be on every aspect of society, economy, politics, science and even biology. Some forms of AI – machine learning (ML) and deep learning (DL) – are still in their early stages but are progressing rapidly. See Table 1 and Figure 1 for some basics on AI, ML and DL and on how they interrelate with one another.1

TABLE 1: Basic definitions of AI, machine learning & deep learning “Artificial Intelligence is the theory and development of computer systems able to perform tasks normally requiring human intelligence, such as visual perception, speech recognition, decision–making and translation between languages.” (Oxford Dictionary) “Machine Learning is the capacity of a computer to learn from experience, i.e. to modify its processing on the basis of newly acquired information.” (Oxford Dictionary) “Deep Learning is an AI function that imitates the workings of the human brain in processing data and creating patterns for use in decision-making… it is a subset of machine learning in AI that has networks which are capable of learning unsupervised from data that is unstructured or unlabelled.” (Investopedia)

Dr Andrea Bonime–Blanc

Founder and Chief Executive Officer of GEC Risk Advisory

The ‘big five’ AI tech factors and key emerging AI stakeholders

The big five AI technology companies – Amazon, Facebook, Google, Apple, Microsoft – not to mention other key market players globally (especially in China) have deep challenges and amazing opportunities, with technological breakthroughs and improvements occurring daily. The massive change, together with its breakneck speed, could become a runaway train without proper attention from the public, governments, academia and business. It is incumbent on all of us – but in the business world especially on the powerful tech fi rms – to shape the development of AI in all its forms and nuances and in such a way that the runaway train does not crash to the detriment of the many existing and emerging stakeholders. Instead, we need to find ways to harness the energy of AI for the good of society. The tech firms’ biggest AI ESG reputation risk includes designing ﬂawed algorithms with built-in biases or unethical or illegal choices that impact stakeholders adversely or worse.

Examples of this range from autonomous cars designed to make morally questionable choices in the case of a potential accident, to algorithms designed by a thin sliver of society (mostly young, mostly white, mostly western, mostly male engineers) creating and deploying biased and potentially discriminatory algorithms into every aspect of business and social life with the very real potential of perpetuating and worsening stereotypes and inequalities. The big five AI tech firms’ greatest opportunity to enhance their reputation is to be the leader in designing and creating responsible AI products and services from their inception. Doing that would include having cross-functional, deeply diverse and expert AI ethics committees or councils made up of internal and external leaders to guide the creation of ethical and socially responsible products and services. A couple of the big five have started to do just this – Google and Microsoft. This is called embracing reputation opportunity. Figure 2 below highlights just a few of the key stakeholders with important expectations of investments in, or potential concerns about, AI.

FIGURE 1: Intersection of AI & ESG

Artificial intelligence Machine learning

ENVIRONMENTAL RISK SOCIAL RISK GOVERNANCE RISK Source: Anastassia Lauterbach & Andrea Bonime–Blanc. The Artificial Intelligence Imperative. Praeger 2018

Deep learning

FIGURE 2: Key emerging AI stakeholders Business purchasers of AI programs or companies

Owners/shareholders of AI tech companies

Communities impacted by AI-driven programs

Consumers of AI-driven social media & media

Artifical intelligence, reputation risk & opportunity stakeholders

Owners/shareholders of non-AI companies that might get disrupted

Regulators & governments seeking to regulate AI

Employees & third parties whose data is subject to AI usage

Non-governmental organisations & non-profits without AI capabilities

Source: GEC Risk Advisory.

116 Ethical Boardroom | Winter 2018

www.ethicalboardroom.com

Artificial Intelligence | Risk Management

Reputation risk and opportunity in the AI context

Before we tackle a conceptual understanding of AI reputation risk and opportunity, I would like to provide a basic definition of ‘reputation risk’ from my book The Reputation Risk Handbook: Reputation risk is an amplifier risk that layers on or attaches to other risks – especially ESG risks – adding negative or positive implications to the materiality, duration or expansion of the other risks on the affected organisation, person, product or service.2 In my Deploying Reputational Risk 2.0 article in Ethical Boardroom last year, I provided an update and more context and detail about the importance of reputation risk in our era of hyper-transparency, super-connectivity, fake news and cyber war that can be helpful to the reader in terms of understanding what reputation risk is all about. So, what then is AI reputation risk? I would offer the following: AI reputation risk occurs when the underlying AI ESG risk of an entity (that is creating or properly integrating purchased AI or not creating or properly integrating purchased AI when they should be for market and/or other strategic reasons) is not understood or properly identified, managed, mitigated when it can or should be. Conversely, AI reputation opportunity would occur under the following circumstances: AI reputation opportunity occurs when the underlying AI ESG issue or risk of an entity (that is creating or properly integrating purchased AI – or not creating or properly integrating purchased AI when they should be for market or other strategic reasons) is well-understood and properly identified, managed and mitigated, thus providing the entity with a reputation value creation opportunity.

AI & ESG: What’s the connection?

On Table 2 (overleaf) is an overview of some of the ESG risks associated with AI that my co-author Anastassia Lauterbach and I gleaned in The Artificial Intelligence Imperative, several examples of which are also provided in the book. Companies – both executives (including chief risk officers) and boards – should be thinking about which of these ESG issues (risks and opportunities) are relevant to their businesses so that they can chart the important AI-related ESG risks and opportunities that apply to their business and strategy. When analysing possible AI reputation risk from an ESG standpoint, executives and boards should be asking these basic questions:

What are the environmental risks and opportunities associated with the AI that we have or need in our company? www.ethicalboardroom.com

It is incumbent on all of us — but in the business world especially on the powerful tech firms — to shape the development of AI in all its forms and nuances and in such a way that the runaway train does not crash to the detriment of the many existing and emerging stakeholders Winter 2018 | Ethical Boardroom 117

Risk Management | Artificial Intelligence are the social risks and 2 What opportunities associated with the AI

that we have or need in our company? What are the governance risks and opportunities that we have or need in our company?

An expansive and useful ESG issue table was recently provided by MSCI (see Figure 3). Summarised below is a simple but I believe useful way for management and boards to capture the essence of AI ESG reputation risk and AI ESG reputation opportunity:

THE AI ESG REPUTATION RISK EQUATION: AI + ESG risk = AI ESG risk Unattended AI ESG risk = AI ESG reputation risk

THE AI ESG REPUTATION OPPORTUNITY EQUATION:

AI + ESG opportunity = AI ESG opportunity Well-managed AI ESG risk = AI ESG reputation opportunity & value Source: GEC Risk Advisory.

AI, ESG, risk and opportunity

Next are two illustrations of AI ESG risk and opportunities in the context of a crisis event or a value-creation situation. AI ESG reputation risk example: traditional healthcare company purchases new AI product A traditional healthcare company with little experience in deploying AI, acquires an AI program from a relatively new player who may have a lauded product, but that product does not have the track record or quality and safety protocols that would be necessary to properly protect privacy data from cyber hacking. Such a situation would present an AI privacy risk or cybersecurity risk (which would fall under the social or ‘S’ or governance or ‘G’ risk in ESG). Because the quality or effectiveness of the AI program was not properly triangulated prior to its acquisition (maybe because the management was in a hurry to adopt anything or maybe because they did not get good advice), the situation leads not only to financial risk but also possibly reputational risk affecting a variety of stakeholders adversely. AI ESG reputation opportunity example: sophisticated data processing company acquires vetted AI product An example of AI ESG reputation opportunity may happen when a more sophisticated data processing company with serious cybersecurity protections and protocols already in place (because of its more advanced Enterprise Risk Management (ERM) system), acquires a vetted and tested AI program that does a proper and expected job at protecting privacy data. When a cyberattack occurs, because of the appropriate security protections and 118 Ethical Boardroom | Winter 2018

protocols and crisis management in place, the crisis is mostly averted and negative consequences largely avoided or mitigated. In the process, the company may not only avert the most serious downsides of the cyber hack but may also gain the greater confidence and trust of its key stakeholders – consumers, third parties, the public in general – translating into greater reputational and even financial value creation. While some of the concepts outlined in this article are simple given the complexity of this topic, the intent of this whirlwind tour of AI ESG risk and opportunity is to signal to management and the board that they need to be industrious about examining their AI ESG risk and opportunity, taking into account all environmental market and strategic factors that apply to their company. It is beyond the scope of this article to delve into the details of potential risk and opportunity at each level of AI, but it is possible to state generally that when companies and other types of organisations have some form of ERM in place and incorporate a taxonomy of possible AI ESG risks and opportunities into this ERM system, they will be best positioned to compete and create value, both reputational and financial, for their key stakeholders. The reverse is true as well: when entities are not well prepared to understand their ESG issues and risks, do not have an appropriate risk management system in place (let alone an ERM system) and don’t factor environmental

situational awareness into their business strategy, they are vulnerable to incurring not only a variety of risks but also AI ESG risk. This risk can range from small incidents all the way up to existential risks associated, for example, with complete digital disruption in an industry by a competitor that better understands its overall ERM and particular AI ESG-related risks and opportunities. The bottom line is that every entity – no matter how big or small, or what sector it is in – needs to have some form of risk management (preferably ERM), including a serious understanding of all ESG issues, where AI risks and opportunities are considered and a reputation risk analysis is layered on top of the ESG and AI ESG risk consideration.

To conclude

The central and most critical role of leaders on AI today – whether they are business people (both executives and board members), elected officials, researchers, inventors, investors or academics – is to quickly gain a grasp of the basics of AI and invest thought and effort now, up front, for the long term that is specifically focussed on ethical and socially responsible design and development of AI products and services as well as products and services containing AI. Hence the importance of also understanding the reputation risks and opportunities that exist side by side with AI ESG issues. Footnotes will be run in full online.

TABLE 2: Sample of AI environmental, social & governance (ESG) issues ENVIRONMENTAL

■ Climate change ■ Sustainability ■ Environmental laws and regulations ■ Toxic waste laws and regulations

Example: Emissions There are environmental emissions consequences to the use of high-powered computers to run increasingly powerful AI programs

SOCIAL

■ ■ ■ ■

Human rights Labour rights Child labour Discrimination, harassment, bullying ■ Inclusion and diversity

Example: Labour There are serious debates about the impact on labour and the workforce from the automation of a wide variety of current jobs, from manufacturing to legal and from driving to accountants

GOVERNANCE

Corporate governance Anti–corruption Anti–fraud Anti–money laundering ■ Conflicts of interest

Example: Ethical decision–making Serious ethical concerns exist about algorithms programmed to make decisions that have potential life and death implications, such as in autonomous cars

■ ■ ■ ■

Source: GEC Risk Advisory.

FIGURE 3 Carbon emissions Labour management Corporate governance Energy efficiency Diversity & discrimination Business ethics Nature resource use Working conditions Anti-competitive practices Hazardous waste management Employee safety Corruption & instability Recycled material use Product safety Anti-bribery policy Clean technology Fair trade products Anti-money laundering policy Green buildings Advertising ethics Compensation disclosure Biodiversity programmes Human rights policy Gender diversity of board Source: MSCI ESG Research, Sustainalytics

www.ethicalboardroom.com

Internal Audit, Risk, Business & Technology Consulting

There's no test, software or process that can ensure absolute security. But with the right

partner and an approach that fits your company, you can be confident you've taken all the

right precautions. At Protiviti, we'll collaborate with you to put in place technology, people and processes that protect the areas of your business that matter most.

ÂŽ

protiviti.com

protiviti

Face the Future with Confidence

ÂŠ 2018 Protiviti Inc. An Equal Opportunity Employer. PR0-1216

Risk Management | Cyber Threats

Standards-based approach to cybersecurity Implementing a cybersecurity programme that adopts industry guidelines will bolster security defences Serious data breaches happen almost daily, despite the billions spent on safeguarding. These breaches continue to occur even in organisations at the pinnacle of cybersecurity technology, such as the CIA and NSA in the US. In response, organisational leadership and their boards are held responsible and accountable.

Executive management and the board are having trouble taking control of cyber governance as they view cybersecurity as a technical problem solved by technology and tools alone, while they focus on business operations and have little insight into the technology that powers their organisation. In contrast, security teams are focussed on highly-technical information and tasks and do not have insight into business practices. Failed cybersecurity programmes lead to loss of intellectual property, decreased shareholder value, injured reputation, reduced revenue and, ultimately, legal action. Stringent regulations and legislature has passed, holding organisations and their leadership accountable for data breaches due to lack of implementing structured cybersecurity programmes. 2017 saw its fair share of major breaches, from Yahoo to Equifax and the situation is projected to get worse. Forecasts predict that cybercrime will increase significantly over the next few years and cybercrime will cost global businesses more than $2trillion by 2019, increasing to almost four times the estimated cost of breaches in 2015. Another report predicts cybercrime to incur costs upward of $3trillion by 2025. Due to ever-increasing cybersecurity threats, the US Government implemented a

120 Ethical Boardroom | Winter 2018

Jessica S. Diaz

Chief Operating Officer at ClearArmor Corporation cybersecurity initiative through a presidential executive order on 11 May 2017. All US agencies must align their cybersecurity efforts with the National Standards and Technology Institute’s CyberSecurity Framework (NIST Framework) to manage cybersecurity risk. Organisations conducting business a with the US government will be expected to implement the same framework.

Updated regulations

The EU General Data Protection Regulation (GDPR) changes become enforceable on 25 May 2018. The biggest change is a jurisdiction change. Previously, the territorial applicability of the order was ambiguous. The current directive clarifies the ambiguity and states that GDPR now applies ‘to all companies processing the personal data of data subjects residing in the [European] Union, regardless of the company’s location’. From this date, those who fall within these constraints, must comply with the updated regulation. In addition, notification of a data breach must be disseminated within 72 hours of fi rst becoming aware of the breach. Organisations that fail to comply with the new regulation can incur fines up to four per cent of their annual revenue. That is a significant amount of an organisation’s bottom line. The UK’s new Data Protection Bill, currently under amendment, will replace the UK Data Protection Act of 1998. The new bill is legislatively similar to GDPR and will also incorporate the Police and Criminal Justice Directive – further tightening controls on personal data.

Why cybersecurity tools alone do not work

Historically, leaving cybersecurity solely in the hands of the technology department, implemented from a ‘bottom-up’ approach, has been the norm. Millions are spent on specific tools to address specific problems – termed ‘whack-a-mole’ security by cybersecurity practitioners. Over the years, more tools are added and eventually fall out of favour, then new tools take their place. Some tools do not integrate with other tools and will need certain functionality turned off. Often, they are purchased out of fear and uncertainty. Technology and tools alone are no longer sufficient countermeasures against organisational risk. They do no not define business/agency criticalities. Bad-actors have become too advanced and network footprints have become too vast due to ever-changing networks and the Internet of Th ings (IoT). True cybersecurity programmes must be based on some sort of standards with the organisation or agency in mind. A nuclear power plant will have different critical risks than a financial institution. Th is calls for a ‘top-down’ approach. Cybersecurity starts with leadership and the board, and flows down to the technology level of a company. Additionally, they must follow a process, include a logical path from its current state to its desired state, take into account each organisation’s defined business risk and have a continuance plan so that it can be sustainable over time.

www.ethicalboardroom.com

Cyber Threats | Risk Management

CYBERSECURITY FRAMEWORK Prioritise vulnerabilities and threats to sensitive assets based on the risk they pose to organisations

Why a standards-based approach?

A standards-based approach to cybersecurity enables organisations to benefit from the knowledge and experience of a wide range of industry best practices to create their cybersecurity programme and assess their cyber readiness. Adopting a standards-based approach – the NIST Framework and the European Network and Security Agency’s (ENISA) Directive on Security of Network and Information Systems (NIS Directive) and the ISO/IEC 27000 family of standards – will transform your organisation’s cybersecurity programme. Industry standards are published documents based on accepted best practices. These best practices create methods and requirements, which increase the reliability of product or service. It sets an accepted threshold against which multiple organisations can be measured. Industry standards create a low-cost effective way for organisations to access

and utilise the knowledge gained over time by industry experts. When industry standards are properly applied to cybersecurity, they allow organisations to create a robust and sustainable cybersecurity programme. When implemented correctly, industry standards have several other advantages. Cybersecurity industry standards allow an organisation or agency to assess their current state of cybersecurity readiness, define their desired state, perform a gap analysis against the two and create a plan to address the gaps. Adopting industry standards allows organisations to move to a more premeditated and structured cybersecurity programme, which protects an organisation’s critical assets and significantly reduces risk.

Adopt the gold standard

The NIST Framework focusses on using business drivers to guide cybersecurity activities and takes into consideration cyber risks as part of the organisation’s risk

management processes. It was crafted to be applied by any organisation of any size, regardless of industry and it has become the accepted gold standard. The NIST Framework suggests that a cybersecurity programme is organisation-specific, custom-designed and then implemented, as opposed to throwing the latest technology on top of the pile of existing tools. Th rough 106 specific controls, the framework addresses the business, its functions and its goals. It is a controlled application of procedures and technology, which results in a thorough and continuous cybersecurity programme that is sustainable, measurable and manageable. According to NIST: “Similar to financial and reputational risk, cybersecurity risk affects a company’s bottom line. It can drive up costs and affect revenue. It can harm an organisation’s ability to innovate and to gain and maintain customers.” NIST allows organisations to create a cybersecurity plan tailored to their individual needs, including regulatory and legal requirements, such as GDPR and ISO. Gartner, the world’s leading research and advisory company, predicts that by 2020 more than 50 per cent of organisations will implement the NIST Framework. The widespread adoption of NIST Framework makes it the gold standard for creating robust cybersecurity.

Winter 2018 | Ethical Boardroom 121

Risk Management | Cyber Threats

Why a top-down approach?

Cybersecurity industry standards dictate that in order to implement a structured cybersecurity programme, cybersecurity policy must start at the top of the organisation and should propagate down. Cybersecurity is a high priority for most organisations, but many organisations seek to address it by applying additional layers of technology. Cybersecurity should be a top-down approach from the executive level, down throughout the entire organisation, as it provides leadership with continuous oversight. More often than not, cybersecurity is not included at the executive level of an organisation’s strategy or policy, such as fiscal policy. A cyber breach can damage an institution’s reputation, have an adverse effect on its stock or value, significantly impact its bottom line and create major consequences that could have been avoided through the proper implementation of effective cybersecurity policies. A cybersecurity risk management strategy, with relevant business information and defined cybersecurity business risk, is as important as sound fiscal and other business risk management strategies. Fiscal and business risk strategies are set by the board and CEO and imposed throughout the organisation, including the expectation that the organisation will adhere to industry standards and best practices, such as financial reporting standards. To protect the organisation’s valuable assets, every team player must be involved. The strategy, objectives and mission should be disseminated and processes implemented to weave it into corporate culture. Most importantly, cultivating a cybersecurity-focussed culture from the top-down, within the organisation, will allow for employee security participation.

the organisation to direct resources and activities for effective cyber governance. Decide what technology and tools are needed Once business drivers are defined, an organisation must determine what technology and tools are needed to implement a standards-based cybersecurity programme. Some of the technologies and tools available allow for: ■■ Real-time discovery of network components ■■ Software and hardware management ■■ Password management ■■ Cybersecurity training management ■■ Patch management and validation ■■ Software whitelisting/blacklisting ■■ Hardware whitelisting/blacklisting ■■ Secure software deployment ■■ Vulnerability and configuration testing ■■ Application mapping ■■ Port flow analysis ■■ Real-time hash management ■■ Automated configuration management ■■ Active directory management

Where does an organisation start?

Implement a methodology to define business drivers Organisations must follow a process that begins with a definition of how leadership views the organisation; followed by identification of risks and vulnerabilities; and concludes with a designed and organisation-specific cybersecurity programme. Business-critical areas are identified during this process, which allows 122 Ethical Boardroom | Winter 2018

Reduce human error through automation According to the Association of Corporate Counsel Foundation’s State of Cybersecurity Report, 45 per cent of recent data breaches were the result of human-related errors. Human factors must be considered and included within a cybersecurity process. Automation of cybersecurity functions and management can help alleviate human error. Automation of functions, such as patching and software distribution, allows company assets to receive the latest software updates and minimises risk of a breach due to known vulnerabilities. Reporting and dashboards Most important, an organisation should be able to report on its current cybersecurity health. This is not only for leadership’s oversight, but also for cybersecurity risk management reporting. Implementing a complete standards-based

SECURE NETWORK Implement and govern a security system that is aligned with industry standards

A cyber breach can damage an institution’s reputation, have an adverse effect on its stock or value, significantly impact its bottom line and create major consequences that could have been avoided through the proper implementation of effective cybersecurity policies A security-focussed corporate culture is an often overlooked but core component of cyber governance and security.

state of health, we can monitor the health of the network – hardware, software, changes in traffic, patching, software updates, unauthorised access, etc.

Baseline the network and monitor it in real-time Much like defending any territory, an organisation must have a map of their network landscape. The network ‘map’ must be updated constantly to understand its cybersecurity landscape and change patterns to better prevent attacks. Baselining the network allows organisations to map what traffic is on the network. Traffic patterns then emerge and through those patterns exploits can be flagged if unusual activity is monitored. Additionally, network health can also be monitored. Much like we monitor our vitals at the doctor – blood pressure, heart rate, temperature – which all indicate a person’s

cybersecurity programme with reporting will also provide an organisation a defensible position should a breach occur. Dashboards are a daily tool necessary for all levels of the organisation. Dashboards change corporate culture and make cybersecurity a priority. High-level dashboards on overall cyber health are mostly needed at the top of the organisation, whereas detailed dashboards that drill down into log files and the like are preferred by technology practitioners. Ideally, dashboards should be customised for the organisation based on business needs. Cybersecurity is not one-and-done A cybersecurity plan, programme, system – no matter what it is called – is not one-and-done. It must be sustainable and evolve with organisational needs over time. It is iterative and must be rolled out to adapt to change, otherwise it will fail. www.ethicalboardroom.com

59% of boards say cybersecurity is the most challenging business risk.1 What do they see that the others don’t? Cyber security is a technical challenge, but the real consequences of a hack are financial. Data breaches, IT system failures, cyber extortion — these start in the server room and are felt in the boardroom. Are you confident you’ve properly valued your cyber risk and invested wisely to protect your firm? Marsh helps you reimagine cyber risk as an opportunity for performance improvement. By optimizing the efficiency of your investments in technology and insurance, we can replace worry with confidence, and help you unlock capital to power your business. So you can pursue the risks you want to take, not just the ones you are afraid of.

Assess and Analyze

Data-driven measurement of value at risk, tailored to your business.

Insure and Secure

Capitalefficient risk mitigation and award-winning risk transfer solutions.

Respond and Recover

Resilient cyber event management, from start to finish.

NACD, Public Company Governance Survey, 2016-2017

BECOME CYBER CONFIDENT To start getting ahead of cyber risk, contact Marsh’s cyber team or visit us at marsh.com/cyber. Tom Reagan +1 212 345 9452 thomas.reagan@marsh.com