By Dr Maryam Ali Ficociello, Chief Governance Officer, The Red Sea Development Company
The Red Sea Development Company (TRSDC) is a closed joint-stock company, wholly owned by the Public Investment Fund (PIF) of Saudi Arabia, established to drive the world’s most ambitious regenerative tourism project.
The Red Sea Project is a luxury tourism destination setting new standards in sustainable development and aiming to position Saudi Arabia on the global tourism map. The project, developed over 28,000 square kilometres of lands and water along Saudi Arabia’s west coast,including a vast archipelago of more than 90 islands, is on track to welcome the first guests by the end of 2022.
Dr Maryam Ali Ficociello has been the chief governance officer at The Red Sea Development Company since 2017, leading the governance, risk and compliance department.
She talks to Ethical Boardroom about embedding a holistic approach to structural governance into the business and setting new standards in good governance, compliance and risk management.
ETHICAL BOARDROOM: The Red Sea Development Company has shown strong commitment to adopting ‘best in class’ global governance practices. What are your core principles of governance and why is good governance important to your organisation?
DR MARYAM ALI FICOCIELLO: At The Red Sea Development Company we are striving to build a ground-breaking tourism destination, and that means taking a comprehensive approach that sets new standards in good governance, compliance and risk management. Ahead of welcoming our first guests to the destination in 2022, we have embedded a holistic approach to structural governance into the business at every stage, from construction through to hospitality partner management.
Our approach to governance has four key principles: transparency, fairness, accountability and responsibility. We take good governance extremely seriously because, if we are able to meet our own high expectations, this is reflected throughout all other parts of the business.
Setting new standards is a huge part of our ethos. In just the same way that we have committed to breaking new ground in regenerative tourism, generating socio-economic opportunities in our local communities and creating unrivalled experiences for guests, we are going above and beyond on our project’s governance.
We are not just complying with local legal and regulatory framework requirements – we are setting our sights higher, and plan to exceed these by adopting globally leading governance practices. Additionally, we are looking to implement international best practices in our compliance and reporting structures, adopting the Open Compliance & Ethics Group (OCEG) principled performance approach for an integrated governance, risk and compliance framework, in addition to implementing a tech-driven approach, using an integrated enterprise governance, risk management and compliance (EGRC) platform.
Our commitment to ground-breaking governance also includes the establishment of our Special Economic Zone with its own regulatory framework, based upon global leading practice, with a special emphasis on environmental sustainability, business-friendly regulation, and relaxed social norms.
EB: Why has TRSDC shifted away from a traditional governance framework to a multi-stakeholder governance approach?
MF: We wanted to build an approach that was inclusive and encompassed multiple stakeholders, internal and external to the business with a variety of expertise. As such, the board has shifted from a traditional framework to a stakeholder-based approach to corporate governance.
As part of our mandate, we focus on generating a wider range of economic, social and environmental benefits for stakeholders outside of our shareholder base. This multi-stakeholder perspective has been incorporated at the board-level by ensuring that board members represent a diversity of stakeholder groups. Furthermore, contributing to TRSDC’s stakeholder-based governance approach, we have an advisory board comprising members from international institutions and subject matter experts. It allows us to define and assign responsibilities and makes our decision-making more accountable.
As a closed joint stock company, we are only required by law to implement limited corporate governance measures; however, we have chosen to look to international best practices and standards to boost our record in this area. For example, while we are only legally required to have an active audit committee, we have gone further, creating a dedicated nomination and remuneration committee, which is responsible for overseeing governance matters, including remuneration packages of the executive management in order to ensure these are in line with the interests of our stakeholders.
Our efforts to boost our governance and compliance procedures are done with the ambition of creating a truly ground-breaking tourism destination in the most accountable, transparent, and responsible way possible. Signing up to international frameworks and reporting structures that go beyond our legal requirements is done to ensure that, every step of the way, we are developing sustainably and in accordance with our core principles.
EB: As part of the commitment to good governance, TRSDC has set out an ambitious internal control toolkit, based on the Committee of Sponsoring Organisations of the Treadway Commission’s (COSO) framework. Can you take us through the internal governance roadmap and its KPIs?
MF: We developed the Internal Controls Toolkit in an effort to simplify COSO’s guidance and create a practical roadmap. This helps us to implement internal controls that match the maturity level we are at as our project develops while maintaining best-in-class governance at every stage of our maturity. We have been following this approach since day one of TRSDC and would now like to share it as a guide for other businesses and projects to follow to achieve good governance standards.
Our Internal Control Toolkit takes us through the different maturity stages of the internal governance life cycle. A two-stage Internal Controls Toolkit for TRSDC was developed to match the different maturity levels.
The first stage is focussed on the establishment of a business entity by providing the minimum level of required internal controls. Within stage one we focus on four phases and specific key controls.
Phase zero is what we call ‘incubate’. From day one, this is when the interim legal status is defined and the board of directors and interim CEO are appointed. Core functions such as HR, legal and finance are also set up.
Within three to six months, we move to phase one or ‘launch’. It’s during this phase that the CEO and core function heads are appointed, a code of conduct and business ethics are developed, and a business plan created. During this time, a marketing and PR strategy would be developed, office space allocated and the legal entity would finally be established. In six to 12 months we transition to the ‘grow’ phase. This is when a business’ governance policies should be developed and, as part of this, external auditors are appointed, a legal and IT manual developed and CEO key performance indicators (KPIs) would also be set.
The final phase of establishment in stage one is ‘accelerate’, which falls within 12-18 months of set up. This is when an internal audit function head is appointed, and an internal audit charter developed. Sector specific policies will also be developed, and an enterprise rise management framework designed. A business would also establish its supplier code of conduct and employment practices policy.
Beyond 18 months, attention should turn to what is defined as stage two: stabilising and optimising ongoing operations (TRSDC is currently at this stage). We look at optimisation through the lens of five areas: strategic planning and governance, performance and operational enablers, technology (infrastructure and security), and monitoring and improvement. Those implementing our roadmap and looking to see it through to the second stage can find more information on each phase within our Internal Controls Toolkit.
EB: Having a strong sustainability and enhancement framework is one of the pillars of long-term value creation; which reporting frameworks has TRSDC signed up to and why?
MF: We are continually seeking to embed and formalise sustainability within the core of our governance practices. Our approach is built upon our sustainability and enhancement framework, which is overseen by our sustainability management committee. The structure of the board of directors and corporate governance framework has sustainability as a key pillar of its mandate.
Sustainability in all its forms (environmental, social and economic) is our key focus as we build The Red Sea Project. We have chosen to set new benchmarks in this area, committing to the Global Reporting Initiative (GRI) sustainability reporting, the world’s most widely used standard for sustainability reporting. We have also implemented additional sustainability reporting measures in line with the Global ESG Benchmark for Real Assets (GRESB), allowing us to contribute to global, cross-industry collaboration on sustainable development.
In 2020, we undertook our first GRESB assessment. The progress we have made in integrating ESG within our business is a testimony to our commitment to sustainability. We are not yet required to implement a sustainability reporting infrastructure, but, given the importance of protecting and enhancing the environment to our project, we have chosen to do so. We have an environment and sustainability policy that articulates our commitments toward conserving and enhancing nature and biodiversity. TRSDC is committed to delivering a global destination while conserving and enhancing the environment and biodiversity
EB: Tell us about TRSDC’s compliance framework and why you believe it’s important to create awareness and understanding of the company’s compliance culture.
MF: TRSDC is committed to ensuring that its business is conducted in accordance with the highest ethical standards where all employees, internal stakeholders and external stakeholders are responsible for ensuring compliance to both the letter and the spirit of the law, relating to their respective area of work. Compliance is embedded into the company’s activities, functions and processes to ensure that the responses to compliance obligations remain current and dynamic. It is the company’s policy to be transparent in its compliance management processes, both internally and externally, to create awareness and understanding of our compliance culture.
TRSDC has developed its compliance framework, in line with ISO 19600 Compliance Management System Guidelines and ISO 31000 Risk Management Principles and Guidelines, in terms of identifying and monitoring TRSDC’s Compliance Obligations. “Our efforts to boost our governance and compliance procedures are done with the ambition of creating a truly ground-breaking tourism destination in the most accountable, transparent, and responsible way possible.” Dr Maryam Ali Ficociello
“Our efforts to boost our governance and compliance procedures are done with the ambition of creating a truly ground-breaking tourism destination in the most accountable, transparent, and responsible way possible.” Dr Maryam Ali Ficociello
TRSDC’s compliance function has full and unrestricted access to all of the company’s departments, functions, teams and information for discharging its responsibilities in an independent manner. Furthermore, the compliance function reports to executive management, the audit committee and the board of directors of any breaches, or non-compliance with any applicable rules, regulations or policies.
As part of our awareness campaigns, we have also developed a corporate governance handbook that is issued to all of our employees and summarises our core governance policies, such as our code of conduct, conflict of interest policy, disclosure and transparency policy and whistle-blowing policy, in addition to other policies we have in place, including our anti-corruption policy and related party transactions policy. Our handbook clearly outlines the type of behaviours we expect our employees to adopt while working for TRSDC.
Our code of conduct sets out the legal and ethical behaviours we expect from our employees (from board level through to our construction workers on the ground).
This code of conduct, signed annually by all employees, outlines our most important commitments, from respecting human rights and the protection of the natural environment, through to our anti-bribery and anti-corruption policies. We are proud that all of our employees are united by a set of common goals and behaviours that are central to our core company values.
As part of this compliance infrastructure and to enhance transparency, we have also created a dedicated anonymous whistleblowing platform that any of our employees and third parties can use to report suspected illegal or unethical behaviours. This is all part of keeping us accountable and transparent across our operations. Our principles also extend to those we work with, and we have simultaneously created a supplier code of conduct to ensure that all of our stakeholders are committed to the highest standards of ethical conduct.
Additionally, we hold various training sessions for both new and existing employees on our governance practices, which also cover the company’s approach towards risk management and compliance. Furthermore, we have an independent internal audit department that has undertaken a number of audits across the company to provide assurance on the internal control environment.
EB: Gender board diversity is a relatively new concept in Saudi boardrooms; what progressive steps has TRSDC undertaken to ensure that females have a voice on the board?
MF: At TRSDC, we promote diversity and equal opportunity, offering an inclusive work, atmosphere regardless of one’s gender, age or nationality. As part of our diversity commitment, we believe in nurturing the female talent that we have here at TRSDC so that they can go on to become leaders in our executive management and effective future board members.
Currently, female employees account for 21 per cent of our staff and 11 per cent of our middle management. We are pleased to have been able to recently increase our female representation on our advisory board from 12 per cent to 37 per cent. We hope to be able to surpass this number in our overall number of female employees in the near future.
Looking at the kingdom as a whole, the labour force participation rate of Saudi women increased from 20 per cent in late 2018 to 33 per cent by the end of 2020. We are really proud to be a part of this change.
EB: As the world moves forward following the upheaval of the coronavirus, do you envisage any implications for corporate governance standards?
MF: The Covid-19 pandemic has completely changed how many businesses operate, not just temporarily, but for the long-term. The last year has certainly highlighted the close connection between business and society and brought home the threat posed by external risks stemming from societal and public health issues. TRSDC’s business resilience analyses possible risks and threats that could have an impact on continued business activity, including economic, environmental or social risks.
The business resilience function at TRSDC supports a longer-term vision, to ensure the organisation is equipped to respond to, and recover from business disruption. The function is responsible to confirm that value-creating activities are protected and to establish business resiliency strategies with actions before, during and after business disruption.
The Covid-19 pandemic has been the most recent global example of the need for organisations to have policies, structures and plans in place to respond and recover should the worst-case scenario occur. It is a sensible time for businesses to review their corporate governance standards to ensure that they remain fit for purpose in what we are now calling ‘the new normal’. At the same time, the past year shows how quickly an external risk like a public health crisis can infiltrate a business and its operations, therefore it is inevitable that there will be implications for risk assessment and related protocols.
Continual communication and consultation with both internal and external stakeholders in every stage is an integral and essential component of the TRSDC’s risk management framework. A two-way process has been established so that informed decisions can be made with regards to the level of risks and treatment of risks against the established criteria. This allows us to facilitate factual, timely, relevant, accurate and an understandable exchange of information, taking into account the confidentiality and integrity of information.
TRSDC’s risk profile is articulated after discussion with the CEO, executive leadership team, and risk champions, whereby we update our risk profile to present the current risk landscape.
About The Author
Dr Maryam Ali Ficociello, chief governance officer, oversees the governance, risk and compliance functions at The Red Sea Development Company, one of the world’s most ambitious regenerative tourism projects. In her role as head of governance, risk and compliance, she is responsible for developing effective, transparent and accountable governance practices that are compliant with local regulatory requirements.