Internal governance: The next frontier

0
430

By Gabe Shawn Varges – Senior Partner at HCM International & Chairman of the GECN Group

 

 

 

In the face of corporate mishaps across various industries, boards of directors in recent years have been taking heed of the call to heighten their ability to provide oversight of the company and its activities.

Boards are looking more critically in the mirror and identifying gaps in their own composition, independence, skills, structures and way of working.[1] But while boards work on their own governance, how clear a line of sight do they have on the ‘governance underneath’? Here are five central questions that boards can ask about internal governance, the governance at the management level. Not only can this allow the board to better size up the power dynamics among executives, but it can also improve the quality of information the board receives and send an important signal that the board cares about how decisions are made at all levels of the company. After all, the concept of checks and balances does not just apply between board and management, but within management itself.

1. Is it a real executive committee? CEOs have long known the benefit of organising the key members of the executive team in a formal body. This may go under different names, such as executive committee (Exco), management committee, or management board. Depending on the jurisdiction and industry, this may be an optional choice or a legal or regulatory requirement.[2] Either way, there is a range of ways in which executive committees and similar bodies operate. The board will want to understand if the Exco at its company is just a consultative body to the CEO or a real decision-making body. In the former case, the CEO may be using the Exco to gather input and motivate his or her team, but the committee members may lack any right to a formal vote or say.

In another constellation, the Exco is set up to take decisions but its ability to do so may be constrained. One restriction can be scope. The committee may be empowered to vote on certain matters – for example, approving the company’s financial statements before they go to the board – but not on others, such as on new corporate strategic initiatives. Or restrictions can be built into the voting structure. For example, each Exco member may have one vote, but the CEO may have veto power, a double vote, or can only lose a decision if every other member does not vote along with him or her. In another variation, the CEO has only one vote, like other Exco members, but, in the event of an impasse, can cast the tie-breaking vote.

Since the right Exco governance for a company depends on the totality of its circumstances, it is essential for board members to inform themselves on how it currently works at their company and forma view if adjustments are needed. If the board is worried about an unduly dominant CEO, for example, it may wish for the Exco to have a formal voting process so as to create transparency and give other members a stronger chance to be heard and have influence. On the other hand, if the CEO manages by consensus and there are other checks and balances, such as a strong chief risk officer, then the Exco’s decision-making process may not need to be as formal. Another variation is allowing the CEO to have veto power but requiring that the board be informed each time the CEO uses such power. In many cases, those joining a board don’t ask about the governance of the Exco, assuming it is immutable or solely for the CEO to determine. But if a board wants to provide effective governance leadership, it will need to concern itself with how power is allocated and exercised below its level, i.e. within the management ranks.

2. Who decides what gets reported to the board? So-called ‘information asymmetry’ is often cited as among the most significant challenges for boards.[3] The term refers to the fact that management (being day-to-day involved in the operation of the company) possesses far more information than the board ever could (which meets only a few times a year and for limited hours). This gives management tremendous advantage and reduces the board’s confidence and ability to challenge management. The board, of course, can improve its hand by asking the right questions and getting support from independent external experts.[4] But the board can hardly hope to ever achieve information symmetry with management.

However, there are ways for the board to increase its comfort that it is getting information that is a) objective and balanced, b) timely, and c) on the matters most relevant for the exercise of its oversight responsibilities.[5] One way is for the board to probe into the governance of how information gets bubbled up to it. Who besides the CEO, or a couple of his or her lieutenants, is involved in ultimately shaping what, how and when something is reported to the board? What checks and balances are there to avoid the withholding of information or the delivery of partial or delayed information? This was apparently a problem at Wells Fargo recently. There, the board was reportedly among the last to learn about the bank’s client account opening practices that ultimately resulted in billions of reduced market value, a CEO resignation, and the prospect of years of regulatory investigations and lawsuits.[6] In working to address how information comes to it, the board’s interest thus is not just the output (the information received) but the very integrity of the governance process that produces such information.

3. Does the company have IGBs? Particularly since the 2008-2009 financial crisis regulators have been pushing companies to have stronger so-called control or assurance functions. These include the internal auditor, the risk officer and the compliance officer.[7] The emphasis on these functions is justified since it is still an underdeveloped area at many companies.

However, such focus has tended to overshadow another opportunity that can also contribute to better internal governance. The opportunity lies in internal governance bodies or IGBs. These bodies, often called committees or councils, are at the management (not board) level. They are not functions (such as accounting) or departments (such as human resources) or traditional management committees, but instead cross-functional and often cross-disciplinary teams with a targeted mandate to review, report on, or even decide on certain matters important to the company. Unlike project teams or taskforces, IGBs are permanent bodies and, unlike traditional management committees, they have a well-spelled out charter that defines their governance authority and have more than just senior management members. When properly staffed and not part of the regular hierarchy, an IGB can add to the checks and balances and increase the chances of a matter being handled objectively and with less colouring from any power machinations in the company.

For example, worried about the accuracy of what they need to disclose publicly and to regulators, some companies are creating a disclosure committee (i.e. an IGB) to handle the financial, regulatory and other information required or expected to be disclosed. Rather than having a single function (e.g. legal) or a single executive (e.g. the CFO) handle disclosures, the disclosure IGB brings together professionals from a mix of functions who can help avoid inaccuracies and consider all angles of the disclosure challenge, including, for example, from a reputational and shareholder needs perspective. As indicated earlier, the value is not just in the information produced. Having a well-composed and operated disclosure IGB gives comfort to the board and the company’s external stakeholders that a disclosure went through a balanced review process and no one person unduly influenced its content or the ‘spin’ given to it.

4. Are the company’s IGBs being operated to extract the most value? Having IGB in and of themselves will not strengthen internal governance if they simply duplicate or reinforce existing hierarchical relationships. Thus, a company having a management-level risk committee may get reduced benefit if the committee’s membership simply replicates the membership of the executive committee or another senior group body, or is made up only of risk people. Instead, more value is gained if the IGB includes members who bring additional perspectives, such as from different regions, business lines and functional areas.[8] In the case of Wells Fargo, for example, it might have helped if the bank had had a well-balanced and robust sales practices IGB whose mandate included ensuring that the account growth strategy would not be pursued at the detriment of the bank’s long-term reputation or the customer’s interests.

Similar considerations are needed in selecting the chair of an IGB. For example, some companies may think it is apt to have the most senior member of the IGB serve as its chair. But using this approach only reinforces hierarchy and may contribute to an atmosphere where less senior members may be reluctant to challenge. It can be equally unhelpful having the CEO chair an IGB. Even when the CEO’s style is participatory, his or her presence on the IGB will likely have a chilling effect on open discussion. IGB members may, if only subconsciously, act more deferentially and be less frank in criticising approaches known to be supported by the CEO. The value of a well-designed and operated IGB lies in breaking down silos and opening lines of cooperation, information sharing and discussion that are sometimes stifled by hierarchy. Thus, who sits around the table as a member of the IGB and who chairs it, are as fundamental as whether the IGB exists in the first place.

Connecting to incentives

Another IGB success factor is: are its members properly incentivised on their work for the IGB? If serving on an IGB is perceived as a voluntary or peripheral task and not part of the manager’s core responsibilities, the manager may tend to give short shrift to his or her work on the IGB, particularly when faced with deadlines from the ‘real job’. One company, for example, has created a corporate responsibility IGB to address the increasing demands from investors and consumers on environmental and social issues. The members include representatives from communications, human resources, engineering, compliance and investor relations. The IGB is charged with overseeing the implementation of the company’s strategy in this area. Importantly, each member has his or her work on the IGB as part of his or her annual objectives. At the end of the year, the member is assessed on his or her performance on the IGB and on the IGB’s own performance. The results count in determining the member’s variable pay.

“The value of a well-designed and operated IGB lies in breaking down silos and opening lines of cooperation, information sharing and discussion that are sometimes stifled by hierarchy”

5. Is the board leveraging sufficiently on internal governance? IGBs are not the only manifestation of good internal governance but they can contribute considerably to it. As such, IGBs should not only be on the board’s radar but the board should find ways to leverage more on their work.

At one level, this may simply involve supporting management in creating well-crafted IGBs and other ways to give deeper focus on priority areas, while reducing undue concentrations of power or silos that can restrict information flow. Some of the types of IGBs that companies are creating today include: new business, capital & liquidity, assets & liability management, corporate culture, remediation, regulator relations, ethics, and policy exceptions committees.

In the performance and compensation areas, particular progress has been made recently with some companies creating a pay adjustments or similar IGB. Such an IGB reflects the goal of bringing more objectivity to downward adjustments made to variable pay when a manager commits a personal breach or the units for which he is responsible underperform on risk or compliance measures.[9]Such an IGB typically has several functions represented, including compliance, and is empowered to review the nature of the transgression or other compliance underperformance and determine objectively what impact this should have on the manager’s pay.

But at another level, the board may wish to take more steps to formally validate that the governance beneath its level is sound. This may involve periodically assessing the company’s internal governance in general, including IGBs. This could include mapping such IGBs to identify gaps or overlaps and doing deeper dives into specific IGBs to assess their governance health and general effectiveness. This helps not only the company in general but the board itself. For example, with the increased focus on cyber risk, the expectation is growing that the board makes this a priority topic for its oversight.[10] The board thus would not only wish to assure that IT or risk are working hard in this area, but that others who can help bring fresh ideas to this complex challenge are also involved. Having a well-calibrated cyber risk IGB could be one appropriate vehicle for this purpose and one which could also help the board in fulfilling its oversight responsibilities in this critical area.

 

About the Author:

Gabe Shawn Varges has extensive international experience as an executive, advisor, and regulator, with expertise in cutting-edge areas relating to governance, compensation, compliance, risk, and regulation. He specializes in advising, assessing, and supporting boards of directors (including compensation and audit committees), senior management, the heads of control functions, as well as public and international institutions and industry associations. He supports companies and other institutions in developed and emerging markets, including in the Gulf. He also serves on monitor teams overseeing the implementation by companies of specific legal, governance, or regulatory commitments.

His experience includes serving as Chief Compliance Officer of a major financial services international group, counselling large corporate clients at a leading international law firm, and heading the governance and remuneration areas of a key financial services regulator, where he also worked on taskforces of international standard setters. At HCM, he is a member of the Executive Committee and serves as Chairman of the Global Governance and Executive Compensation Network, GECN.

Footnotes:

1 Some boards, like that of Exxon, have even created a specific board committee to help the Board keep up with corporate governance best practices. Other boards are also beginning to consider topics given much less attention before, such as their own long-term planning and the financial and other resources they need to serve as a constructive counterweight to management. See, for example, Varges, G.S., ‘The Case for Board Budgets and Resources’, NACD Directorship, 2015.

2 In the case of jurisdictions, such as Germany, having a so-called two-tier board, the management board is created pursuant to legal requirements. In some jurisdictions, not all companies but only those in certain industries may be required to have an executive committee or management board. This is the case of banks and insurers in Switzerland, for example.

3 See, for example, Brennan, N. and Redmond, J., ‘How Much Should Boards Know?’, Governance & Compliance, June: 19-21, 2013.

4 Many countries have corporate governance codes that stipulate boards may engage independent external advisors for support, such as the Swiss Code of Best Practice and the UK Corporate Governance Code of the Financial Reporting Council. The Basel Committee on Bank Supervision sets out that the board should be able to ‘draw on external expertise as needed’. BCBS Guidelines Corporate Governance Principles for Banks, July 2015.

5 Another factor that some view as helping improve the quality of information the Board receives is the presence of independent directors. See, for example, Rutherford, M., ‘Investigating the Relationship between Board Characteristics and Board Information’, Corporate Governance an International Review, July 2007.

6 ‘Measuring Good Governance in the New Normal’, C-Suite, Winter 2017, interviewing Yale Professor J. Sonnefeld.

7 For example, the OECD expects insurers to have control functions for topics such as risk management, financial reporting, compliance and internal audit. OECD Guidelines on Insurer Governance, 2011.

8 Some companies, for example, are creating regional Audit IGBs which serve to increase management ownership of open audit issues and related problems. To increase checks-and-balances, the majority of IGB members and the Chair are not from the region in question but from other regions in the company. Thus, the Chair of the European Region IGB may be from the Asian Region and the Chair of the Asian Region IGB from the Latin American Region.

9 This is an area of increasing interest by financial services regulators, often under the banner of counteracting ‘conduct risk’. See, e.g. Financial Stability Board ‘Measures to Reduce Misconduct Risk’, November 6, 2015 and ‘Round Table on Compensation Tools to Address Misconduct in Banks’, May 10, 2016.

10 According to a recent board survey, ‘cyber risks were the highest priority for 26 per cent of board members surveyed’. Bay Dynamics Report, ‘How Boards of Directors Really Feel About Cyber Security Reports’, 2016.