Skip to main content

Tag: Governance

Efficient Internal Policies

We are all, from international groups to boutique advisors, required to have internal rules that govern our activities. These internal rules must be formalized, distributed (easily available to employees), and enforced. In terms of content they are expected to be efficient, in adequation with the company’s activities and risks, and to incorporate the relevant minimal legal requirements.

Their purpose is to prevent and detect criminal conduct, and to organize the corporate activities within the legal framework.

When creating or reviewing internal procedures, we must first assess which regulations apply based on all the activities conducted by the firm, including geographically. Then, we should understand how these activities are conducted in each area by consulting with the business. Finally, we shall implement proper monitoring and enforcement, as well as an annual assessment of their efficiency.

Formalization

Whether we call them policies, directives, guidelines, procedures, codes, or manuals matters little. There must be a defined set of formal written documents, approved by the management or the board of directors, that regulate the company’s activities by establishing an adequate organization, determining the duties and responsibilities, laying out the risks and their management, setting the applicable principles and rules (including operational), and listing the consequences of non-compliance.

There are two main structural approaches. The first is to have a multitude of stand-alone policies, each covering an area of activity: anti-money laundering, trading, portfolio management, operations, human resources, etc. They establish the applicable general principles, maybe listing relevant regulation, and the work directives (dos and don’ts) to the adequate level of operational detail. This would be a horizontal approach. A vertical approach is when there are “master” directives holding the applicable principles, concepts, high-level rules, and separate sub-directives, or procedures, describing further the operational, detailed processes.

The advantage of a horizontal approach is that everything is in the same place, so if you are a trader joining the trading desk, you can read the trading directive and have (mostly) everything you need to start working and be compliant. The downside is that the complete set of such directives can be massive, and employees may be tempted to only read what directly concerns their activity (and miss some important guidelines incorporated in other directives). Also, this requires excellent organization: some principles or information have to be repeated in each stand-alone directive, so any change must lead to the review of all directives to avoid contradictions. I have seen many times such contradictions among rules within large entities having many standalone directives.

The advantage of a vertical approach is that the “master” set of directives is shorter as it holds only the high-level principles and rules, leaving aside the detailed operational instructions. Therefore, it is easier for each employee to read the whole set before focusing on the “sub” procedures applicable to their own activities. Reviews and updates are also easier and more efficient with this framework.

The choice between the two frameworks depends on each organization’s preference, size, and the complexity of its operations. Generally, smaller firms will favor a horizontal approach where everything is at the same place and staff are sometimes multi-hatted, while bigger and more complex firms will favor a vertical approach as it is more structured. But what matters most in the end is that the set of rules is clear, adapted to the firm’s risks and organization, and easy to use.

Content

Considering you know which regulations apply and you are familiar with them, you need to understand thoroughly the business and operations. Take the time to sit with the various teams and examine what they do and how they do it. It is absolutely essential for a compliance officer to be familiar with the firm’s daily activities, and that includes the technical part (systems used and their capacities, types of services, investments, geographic impact, strategy, etc.). It also includes understanding the surrounding universe such as financial markets, trading venues, financial products, counterparts, and clients.

At times, the activities of a firm can get very complex and internal compliance officers cannot be expected to know all the details of every area (and every applicable regulation). In such cases, you should get external specialized compliance help.

Business and operations must be fully integrated. While the rules cannot be modified or compressed, they can be used at an advantage by providing an adequate and user-friendly work process. Try to find the right balance between flexibility and precision, in times of turmoil it will make a difference.

It may be comforting and therefore tempting to paraphrase (or even simply copy and paste) the law. But depending on the applicable jurisdiction, legal texts are difficult to grasp, to say the least, for people from a different background, and so it can defeat the purpose. If you want employees to adhere to the rules, you must adapt the rules to them. Speak their language, put yourself in their shoes and try to make their life easier by establishing policies that are easy to understand and focused on their tasks.

Distribution and training

An essential part of any rules set is how they are known and understood by the people who must comply with them. This is where clear information and adequate training are key. Make sure employees (including management) know what the rules are and where to find them, and that they have read and understood them. Training can be done live or online. It is important to follow up on each employee ensuring they all attend training, ideally with some form of testing (it always grabs people’s attention). Staff should be made aware that they will be liable for non-compliance whether they knew the rule or not.

Monitoring and enforcement

So now the rules exist and people know them. The next step is to monitor their application. Monitoring does not necessarily fall entirely under the compliance department’s responsibility. As long as no one monitors their own activity, some monitoring tasks can be delegated to the business or operations.

This second line of defense is essential. Two principles should apply. First, if the monitoring you have set in place does not or rarely highlight any breaches, you might want to question its efficiency and think about what could be falling through the cracks. Second, when there is a (material) breach of compliance, you should review whether it could have been prevented either by better rules or controls, or through systems improvements.

Monitoring should be organized to permit the detection of non-compliance and the improvement of the internal control system. Use a risk-based approach to create a monitoring program that focuses on the sensitive areas.

Non-compliance should have consequences. It is sometimes difficult where feelings or rank are involved, but it is necessary to establish the consequences of non-compliance in the rules and then apply them strictly. Any decision should be documented as to why the sentence was applied (or not).

Review

At least once a year, take the time to review your policies with a critical eye. Reassess your risks and take into account new activities or developments of the business. Draw conclusions from incidents and client complaints. You can request the feedback from the business on how to improve ease of use and training. Consult with management, they are ultimately responsible for the policies so they need to be involved in their making and improvement. Get their formal approval after review.

Conclusion

I too often see policies that are created with an approach to “please” the regulator or the auditor, to the detriment of properly regulating the day-to-day life of the company. They read like legal texts and have little concrete use. A compliance resource, whether internal or external, is best positioned to implement simple, efficient rules adapted to your activities. The policies should be implemented keeping in mind who the audience is, resisting the temptation to cover all grounds but rather focusing on the firm’s activities. Extensive documents full of unnecessary legal gibberish must be avoided as they discourage people to read and use them. Management and staff must be involved when creating or reviewing the rules. They are the end users, and the policies should be elaborated as a guide for them to navigate the rules.

 

April 2020

Board Of Directors – A New Era

What is the purpose of the board of directors?

Aside from the legal aspects of directors’ prerogatives and responsibilities, boards are ultimately there to steer the company in the direction of success on the long term by setting the right business strategy and ensuring compliance with the rules. The directors are responsible for establishing the adequate risk/reward ratio, for making the right strategic decisions and for respecting the law. They are also in charge of making sure that the executive people will implement their view and manage the company in an efficient and diligent manner. And they are the ones who need to step in when there is a crisis.

Boards of directors have seen major changes in the past few years. Regulators and stakeholders alike have been pressuring them for better governance through more diversity, better risk management and enhanced responsibility.

So what does a board of directors need?

It largely depends on the type of company of course, but there are a few basics.

Gender diversity, but not only

Beyond the morals of allowing for equal opportunity for men and women, there are multiple arguments in favor of female directors. Not just because today women have as much knowledge and experience as men, but because with equal qualification women can bring a different point of view and soft skills that integrate well with those of men.

One way to attain a better male/female ratio is the implementation of quotas. California has just passed a law requiring listed companies headquartered in that state to have a minimum of one female director (two if the board consists of five members, three if the board consists of 6 members). In Europe, Norway is the champion imposing a quota of 40% of women on the board of public companies since 2008, and many others have implemented similar laws (France, Spain, Belgium, Iceland, Finland…). The EU is contemplating regulation in that direction, and only Asia is far behind. The concept of quotas has its pros and cons, but in the end it forces people to accept the change and get used to the fact that the exception becomes the norm. Even if at first, women’s presence at the board may be considered a legal obligation and not a merited position, making the seat at the table a little uncomfortable. The interesting fact about the Californian rule is in the enactment rationale itself. This is the first sentence (section 1(a)):

More women directors serving on boards of directors of publicly held corporations will boost the California economy, improve opportunities for women in the workplace, and protect California taxpayers, shareholders, and retirees, including retired California state employees and teachers whose pensions are managed by CalPERS and CalSTRS. Yet studies predict that it will take 40 or 50 years to achieve gender parity, if something is not done proactively.

This new requirement is essentially not based on gender equality, or human rights, or philosophical contemplation, but on the economy (and investor protection). The bill text then goes on enumerating the various studies proving that companies with women on their board perform better. The legislator clearly establishes that this law is not doing a favor to women, but to companies and their stakeholders. Hopefully this will improve California’s female board presence average, currently lower than the other states’ average (1,65 vs 1.76 according to Equilar).

The other big source of pressure for diversity is proxy voting. This year, BlackRock amended its proxy voting guidelines to include an expectation of at least two women directors on each board and noted that it will continue engagement efforts, coupled with the threat of withholding votes for companies that ignore its comments. And they are not the only ones.

Last year already, Vanguard stated in its investment stewardship annual report (reiterated in the 2018 report) that well-governed companies perform better over the long term, and that “great governance starts with a great board”. To this end, they consider four pillars when evaluating corporate governance practices, and a “high-functioning, well-composed, independent, diverse, and experienced board with effective ongoing evaluation practices” is the first pillar. It is also mentioned in their open letter to directors of companies worldwide: “We view the board as one of a company’s most critical strategic assets. When the board contributes the right mix of skill, expertise, thought, tenure, and personal characteristics, sustainable economic value becomes much easier to achieve. A thoughtfully composed, diverse board more objectively oversees how management navigates challenges and opportunities critical to shareholders’ interests. And a company’s strategic needs for the future inform effectively planned evolution of the board”.

Geographical diversity

A diverse board also means members of different origins. But on that matter there certainly are arguments in favor of having “local” people especially for smaller, local firms. A company’s DNA is often imprinted in its initial location. Swiss banking for example has become worldly recognized thanks to the Swiss’s search for security and stability, their discretion and long-term thinking, in addition to core values such as professionalism, bid for innovation and excellence. Boards should therefore essentially consist of locals, in adequacy with the workforce and company values. But the Swiss financial sector is also very internationally oriented, and more generally any firm with growth and expansion ambitions should integrate people with other backgrounds to bring new perspectives and ideas, different know-how, and additional experiences. It would be tempting to stay among our own, but getting out of the comfort, pat-in-the-back zone can bring undeniable advantages. Make sure it is the right people though, with the same core values otherwise it can quickly lead to uncomfortable board sessions and difficult decision-making.

Diversity of skills

A well-balanced board would have directors with front or client facing experience, with management abilities, and with operational background, but in today’s environment it would also need members with risk management skills, and compliance or legal knowledge. In fact, additional experience in any area of the firm would be a plus: human resources, technical, IT, security, etc. Today compliance and risk need to be an integral part of the strategy and as such, need to be represented at the board. But preferably to a “regular” external lawyer as has been widely done so far, it should be someone that has corporate experience, someone that has held in-house legal, risk or compliance positions and understands the technicals and various business constraints. Risk oversight by the board is a key responsibility, and regulatory or legal risk is a major part of it, especially for a financial company.

Diversity of age

While it may rock the (old) boat to have a young(er) board member, if you want your company to keep up with what is going on and be innovative, you most likely need youth, even in the boardroom. And you need to listen to them. This will not just bring energy and new ideas, but also sometimes a much needed fresh look at things and some candid questioning.

Okay, but where to start?

A good start would be to assess the specific needs of the company and establish the skillset required for the directors. This can be done through a matrix. The New York City Comptroller for example launched a “Boardroom accountability Project” last year which provides a template matrix (https://comptroller.nyc.gov/wp-content/uploads/2017/09/Example-Board-Matrix.pdf) for assessing a board’s diversity level. Many companies have returned their matrix, which are available online.

More and more companies formally evaluate their board members. Directors’ skills are reviewed through a formalized process, whether internal or external, similar to the year-end evaluations so far reserved to employees. Many corporate governance standards now recommend it annually with, for example, an independent assessment by a third party every three years. Such third party, typically an external counsel on corporate governance matters, will enhance objectivity and rigor to the process. The results of a self-evaluation by the board can be presented in the annual report, or to the auditors. Note that this year 93% of proxy filers in the Fortune 100 provided at least some disclosures about their board evaluation process.

Directors’ biographies sometimes need to be disclosed to authorities, markets, shareholders, and can also be used for marketing support. Make sure they are individually adequate and collectively sensible for an efficient board, at present and over time.

Make that process transparent. Transparency is reassuring, and a formalized, reasoned selection and evaluation process for board members will be appreciated by both regulators and stakeholders.

Board refreshment is also key. While long term members bring stability and continuity, there has to be some new blood periodically. How often is really case-by-case, but the question needs to be asked at least on a regular basis.

All of these points (and more) are covered in the Commonsense Principles of Corporate Governance 2.0, just issued by a group of representatives of America’s largest corporations and institutional investors (e.g. Warren Buffett) two years after the first version. This document is a detailed road map for boards covering items such as board composition, refreshment, duties and responsibilities. See https://millstein.law.columbia.edu/content/commonsense-principles-20.

In conclusion, board composition and efficiency are now too closely looked at to be disregarded or to lack a legitimate process. Board members need to be the right people for the job and they need to be involved. Make the most out of your board, the era of useless directors brought on for appearances is over.

 

October 2018

Swiss Compliance Services

+41(0)22 575 45 42
info@swisscomplianceservices.com

© 2018-2023 Swiss Compliance Services. All rights reserved | Privacy information

Privacy Information

We are committed to protecting your privacy and the confidentiality of your information including your personal data (such as your name, e-mail, phone number, address, job title) and the personal data of your related persons. Such data and all information you share with us or that we gather in the context of our business interactions will be stored on secured servers in Switzerland. We will only use this data to perform our duties as agreed with you, or to offer you additional services. Unless authorized by yourself or required by law, we will keep all information confidential. We do not sell or otherwise transfer your data to third parties. We will store your information for as long as we believe it is necessary to perform our services for you or for our own business purpose. If you do not wish to be offered any services in the future, or would like to access or delete your data, please inform us at info@swisscomplianceservices.com and we will comply. Further details about the management of your data will be described and agreed upon in the written agreements signed by you for our services.