The spate of financial scandals across the globe the past few years has caused a tectonic shift in corporate boards to have better oversight and risk governance processes for identifying and managing risks. Failure to do so is potentially catastrophic to the company’s survival, as risk and the company’s success/failure are inextricably bound together.
Whether the risks are from internal or external sources, slow or quick moving like a tsunami, simple or complex, single or multiple, anticipating such risks — and imagining how they may combine to make a “perfect storm” — is ultimately the responsibility of the board and its directors. The credit crisis and subsequent global recession have served as a wakeup call for most regulators in Asia to increase the board’s risk oversight to fiercely guard public companies against threats of rapid decline and sudden demise. How are they responding?
In May, the Monetary Authority of Singapore (MAS) issued the revised Code of Corporate Governance (CG Code), making key changes relating to director independence, board composition, director training, multiple directorships, alternate directors, remuneration practices and disclosures, and risk management as well as shareholder rights and roles. Principle 11 of the revised CG Code and its accompanying guidelines stipulate that the board is responsible for the governance of risk, determining the nature and extent of significant risks the board is willing to take to achieve its strategic objectives, determining the company’s level of risk tolerance and risk policies, and annually reviewing and commenting on the adequacy and effectiveness of the company’s risk management and internal control systems to help stakeholders make an informed assessment of the company’s risk management framework and policies. Such a review can be carried out internally or with the assistance of any competent third parties. Most provisions of the revised code will come into effect on 1 November 2012.
To complement the revised code, the Corporate Governance Council in Singapore subsequently released a Risk Governance Guidance for Listed Boards to assist boards in understanding the architecture of risk governance. It articulates the role of the board to determine the approach to risk governance by setting and instilling the right culture throughout the company, including the need to identify and monitor the company’s risk exposure as well as management’s plan to mitigate the risks within the Enterprise Risk Management framework.
MAS is hoping that the revised code helps boards to move beyond “box-ticking” exercises to a new era for risk governance in which listed companies in Singapore achieve the right balance between risk and opportunity.
The 2009 report of the Organisation for Economic Co-operation and Development (OECD) steering group on corporate governance attributed the global crisis, to a large extent, to failures and weaknesses in governance which led to excessive risk taking by financial institutions.
To take the corporate governance reform efforts a step further, the second Capital Market Masterplan of Malaysia published the Corporate Governance Blueprint 2011 to set out the strategic direction and specific action plans to be implemented by all listed companies of Malaysia over a five-year period. This Blueprint is premised on the paradigm that boards of companies occupy a fulcrum position of any organization as agents of shareholders within the corporate governance ecosystem. The ideal board builds on a legal framework to raise standards beyond compliance to a level where the spirit of best practices and their intent are fully embraced. One of the objectives of the Blueprint is for boards to move away from their role as mere advisers to become active and responsible fiduciaries.
Driven partly by financial crises and corporate scandals, as well as growing shareholder activism and societal expectations, boards are forced to take greater accountability on a wider range of issues. The Blueprint’s major thrusts on the roles and responsibilities of the board are establishing ethical values that support a culture of integrity, fairness, trust, and high performance while sustaining growth and value creation over the long term. The Blueprint highlights best practices regarding fiduciary duties and strategic responsibilities, including the need for “identifying the principal risks and ensuring the implementation of appropriate systems to manage these risks”.
The Hong Kong Stock Exchange (HKEx) is also committed to lifting the standards of HKEx-listed companies, and recently published a consultation to review its corporate governance code and associated listing rules for Hong Kong-listed companies. In response, CFA Institute submitted a comment letter applauding the efforts and suggesting that Hong Kong adopt global best practices. Most of the changes to Appendix 14 of the code were implemented by January 2012. There is huge emphasis on how directors should take an active interest in the issuer’s affairs, obtain a general understanding of the business, and follow up on anything untoward. Attendance at formal meetings alone does not satisfy a director’s duties, which should come as no surprise given the current expectations of courts, regulators, and investors as part of the trend towards greater accountability. HKEx also introduces new measures to ensure board committees are more effective.
Do These Changes Suffice? What is the Way Forward?
Most amendments to the corporate governance code provisions in Hong Kong, Singapore, and Malaysia require explanation if there is any deviation from the best principles recommended. The approach is “comply or explain,” and is not mandatory. Hence some companies choose the path of least resistance. Indeed, some companies probably consider the corporate governance code the “threshold” to reach, rather than a “target” to surpass, in satisfying the board, investors, regulators, gatekeepers, and influences who define the corporate governance ecosystem. The most-often-cited concern is that companies merely aim to reach the “letter” rather than the “spirit” of the code.
One way to create an immediate change in the corporate culture perpetuated by some boards is to build a “Visionary Board” and leaders according to the newly-released report from CFA Institute, Visionary Board Leadership: Stewardship for the Long Term.
Among other steps, a Visionary Board embraces risk as a board-level responsibility just as it has been recommended in the Singapore and Malaysian corporate governance codes. Risks are not static and, hence, “risk thinking” must be embedded in the way the business is run and overseen. A Visionary Board oversees robust processes for identifying, understanding, and when necessary, mitigating risks to the operations, strategy, assets, and reputation of the company. At the same time, a Visionary Board understands that companies generate profits by taking risks and encourages intelligent risk taking that aligns with the company’s strategy. A “trust-but-verify” approach can ensure that the board understands the risks and knows that the management is actively managing those risks.
We are interested in your views — could we have avoided some of the losses from poor risk management if boards had been more diligent about risk governance processes, or knowing the unknown? Are you aware of boards that are taking long-term steps to manage risk and restore investor confidence? Let us know your thoughts.