By Beatriz Pessôa de Araújo – Partner at Baker McKenzie
Whether in a listed or unlisted company, the role of the non-executive director (NED) is always evolving. The broad scope of legal requirements imposed on directors, together with increased personal liability, make the role evermore challenging, but the most effective NEDs meet that challenge head on, armed with the most powerful weapon in the boardroom: information. Three words of advice to NEDs: ask, ask, ask.
To ask the right questions, it is vital to have a clear understanding of the responsibilities of the role, as well as the actions that fall within a director’s role of oversight, and focus on long-term and sustainable value. For a NED to succeed, he or she needs to be part of an effective board. Broadly speaking, there are four areas of responsibility in ensuring board effectiveness.
1. Focus: to guide strategy, monitor the financials, manage people and integrate risks (as well as deal with crises when these arise).
2. Value: to identify blind spots, to serve as a sounding board to management, to manage conflicts of interest and to ensure compliance and proper reporting.
3. Troubleshooting: to identify key obstacles that the board must address, to bridge the information gap between the executives and the non-executives, to consider team dynamics where these might not be working well and, of course, to negotiate the time squeeze that many board members will feel between the oversight function and the strategic function.
4. Governance: to ensure all processes and procedures set up at a governance level help the board create and protect value and, more importantly, avoid value destruction. This will include setting and monitoring corporate culture and building organisational trust and reputation, both internally and externally.
Meanwhile, board members should always be clear as to whom they owe their duties to and as to whose responsibility this is (NED or management), as well as carefully considering how they invest their time (strategy v. oversight) and ensure they have all the information necessary to perform their role.
It is important to reinforce the fact that in the majority of countries, the law stipulates that directors owe their duties first and foremost to the companies they serve – not to the parent or group company, nor to the shareholders. Understanding this is critical for directors of both listed and private companies. In listed companies, this is because of the pressure investors can exert on management and boards to deliver short-term returns. In private companies, this is because the lines between the interests of the owner and those of the board can be blurred, as the owner or manager often exerts the most influence in the boardroom.
“For a NED to assess how corporate governance is approached in a company, he or she needs to start with the question: how do things get done here?”
There is a movement in some countries, including the UK, to enforce duties of directors and boards more effectively to ensure that they also take into account the impact of their decisions on the long-term prospects of the company as well as the interests of other stakeholders such as the company’s employees, its suppliers, customers and other third-party business partners, the wider community and the environment. And of course, the lens of regulators is acutely focussed on companies maintaining a reputation for high standards of business conduct.
A voice in the boardroom
Understanding the broader picture is essential in examining the topics of governance, risk and ethics. How a company approaches each of these topics will depend on how they are viewed in the boardroom and how successfully the board embeds such views in the whole organisation. The principles of good corporate governance can act as an effective integrator of all the different strands of a company’s pursuit of its strategic model.
So how should a NED approach governance, risk and ethics on the boards he or she serves? In a nutshell, by using his or her voice in the boardroom to encourage an integrated approach to corporate governance where enterprise risk management and corporate culture sit at the heart of all decision-making. For a NED to assess how corporate governance is approached in a company, he or she needs to start with the question: how do things get done here?
The concept of corporate governance is not new. Some 25 years ago, the Cadbury Committee Report in the UK stated: “Governance is the system of rules, procedures and processes by which a company is directed and controlled. Specifically, it is a framework by which various stakeholder interests are balanced and efficiently and professionally managed.” Nor is the concept limited only to other Anglo-Saxon or advanced economies. The Organisation of Economic Co-operation and Development (OECD) defines the concept as follows: “Corporate governance involves a set of relationships between a company’s management, its shareholders and other stakeholders. Corporate governance also provides a structure through which the objectives of the company are set and the means of attaining those objectives and monitoring performance are determined.”
During the past decade or so, particularly in light of the aggressive pursuit by enforcement authorities of companies guilty of regulatory shortfalls, antitrust breaches and corrupt practices, boards have been focussed on setting up credible compliance functions and programmes in their companies or upgrading any they already had in place.
With the proliferation of regulation, punishing fines and cross-border co-operation of enforcement authorities, corporate compliance programmes have been designed specifically to help prevent corporate officers and employees from engaging in illegal practices while at the same time trying to address a wide array of other compliance and risk management challenges. This in itself presents a challenge: are risks in companies addressed holistically or piecemeal? Can the introduction of such programmes end up in a ‘tick in the box’ exercise rather than a means to an end, the end being a company with compliance culture embedded at all levels, where the stated values are lived, not just written in a code of conduct or on a website?
Over the past decade, we have been advising our clients that to be effective at meeting the wide variety of law enforcement expectations around the world, corporate compliance programmes, whether global or purely local in reach, will have the following five elements: (i) tone at the top/leadership; (ii) effective risk assessment; (iii) standards and controls; (iv) training and communication; and (v) oversight. To this we must add a decision-making process – or corporate governance regime – that includes communications and top down oversight, from managers, who are clear as to what their responsibilities are, all the way down the organisation, as well as bottom up accountability, from the lowest ranked employee up the chain to the top. This way, when employees make choices about their behaviour, they can be relied on to do the right thing, to act ethically and to live by the values set by the board. Leadership at all levels of the organisation, assisted by clear corporate governance, engenders a positive values system that over time, becomes the desired corporate culture.
Risk management, corporate culture and governance
Similarly, risk management must be integrated within the culture of the organisation and this will include mandate, leadership and commitment from the board. Achieving a good risk aware culture is ensured by establishing an appropriate risk architecture, strategy and protocols – or risk governance. Roles and responsibilities for risk management must be clear and usually this will be set out in a risk management policy.
The role of the board does not stop with identifying risk and setting the risk appetite and tolerances within the business, in the context of the strategy adopted by the board. It must also identify the information it requires from management for it to monitor risk and require any additional controls it deems appropriate. The executive will assist the board in such a monitoring role and will also be tasked with implementing the risk strategy and controls set by the board.
“Clients, customers, employees and stakeholders around the world now demand greater transparency and ethical behaviour from the businesses they engage with. Growth is no longer sufficient, what is wanted is ‘good growth’”
As with compliance programmes, risk management is inextricably linked with culture and ethics to the extent that behaviours play an important role in the action taken around specific risk categories. In turn, strong governance underpins a healthy culture and boards should demonstrate good practice in the boardroom and promote good governance throughout the business.
The board should set the company’s values and its standards and ensure that its obligations are understood and met. Directors should recognise that a healthy corporate culture is a valuable asset, a source of competitive advantage and vital to the creation and protection of long-term value; they should not wait for a crisis before they focus on company culture. It is the board’s responsibility to choose a chief executive officer who embodies the desired culture and is incentivised to lead in a way that all employees of the company and its suppliers, know the corporate values and are in turn incentivised to exhibit behaviours that reflect such values. All of the company’s interactions with stakeholders, both internally and externally, should be transparent and there should be clear accountability for actions at all levels of the organisation. Companies should engage constructively with shareholders and wider stakeholders about culture. The voice of all stakeholders in the boardroom should be strengthened.
Assuming the board is doing all of the above – setting up strong governance mechanisms throughout the company; recognising the value of culture and demonstrating leadership, including in the choice of CEO; seeking to embed and integrate that culture across the whole company and aligning the incentives – how then, does a board know that it has succeeded? This is the real challenge for many boards and the answer lies in setting metrics against which to measure progress, while receiving information that allows for the evaluation and measure of success, or lack thereof. This becomes even more critical as the reporting requirements on companies continue to grow, for example, with regard to slavery and human trafficking, tax strategies, gender pay gap reporting, payment practices and performance and non-financial reporting more generally.
And so, if a board’s role is to ‘ask, ask, ask’, here are some of the questions that a NED should be posing regarding governance, risk and ethics:
Governance How are decisions made here? Are roles and responsibilities clear? What is the hierarchy of accountability and is monitoring and supervision adequate? What delegations of authority are in place? How are decisions communicated and implemented across the company? How transparent is the company, externally and internally? What is the approach for incentivising staff, from the CEO to lowest paid employee? What are typical KPIs?
Risk What risk management framework is in place and how often is it reviewed? Has the board clearly articulated the risk appetite it has set for the company’s activities? How does the company assess risk and what are its risk management methodologies? Which risks have been identified as the most significant for the company? How does the risk reporting to the board take place and can management be relied upon to implement the board’s risk strategy effectively and to report back in full? Is there a clear protocol as to how the board would respond to a crisis?
Ethics What are the company’s trust levels with its customers, suppliers, employees, communities and other stakeholders? How connected is the board to the business? What are the values of this organisation? Do they need to be defined? Does the CEO represent such values? How are these values communicated internally and externally? Does management have a set of metrics against which they regularly measure corporate culture and report back to the board? How do reward systems work and which behaviours are rewarded? How are employees informed of the tools available to help them operate in line with the company’s core values and ethical principles?
Clients, customers, employees and stakeholders around the world now demand greater transparency and ethical behaviour from the businesses they engage with. Growth is no longer sufficient, what is wanted is ‘good growth’. Boards are increasingly finding that trust is on their agenda as a key business enabler – and that not only means trust in the business itself, but also in its leadership, its stakeholders and its network of suppliers.
Corporate structures and processes are essential, but they must be overlaid with an ethos and values that have at their heart integrity, transparency and a respect for the rule of law. Sound corporate governance is key.
About the Author:
Beatriz Araujo is a Partner at Baker & McKenzie, a leading global law firm and is based in the London office. She has also served on the Firm’s global Board and the Executive Committee prior to which she was a member of the London office’s Board/Management Committee. As a senior lawyer, Beatriz has advised global companies who operate various industries on Mergers & Acquisitions and cross border issues, recently shifting her focus to corporate governance. She was the architect of a successful forum for board level executives, Beatriz has recently been awarded business school INSEAD’s Certificate in Corporate Governance.