Going beyond the minimum standard

In the spotlight: Sustainable corporate governance

Going beyond the minimum standard

Birgit Gallus
Senior Manager, Governance, Risk & Compliance, PwC Switzerland

Sustainable corporate governance needs to go beyond the minimum standard. The board has to participate more closely in the organisation, creating structures that transcend traditional silos, providing a consistent foundation for decisionmaking, ensuring that operational processes are completely in tune with compliance, and setting up systems of incentives geared to more than just financials. It also needs to set a clear ethical tone that everyone in the organisation hears and understands.

Companies presently find themselves operating in a complex web of interfering factors, with increasingly cut-throat competition piling on the internal cost pressure, innovation and new technology driving constant change, and corporate structures becoming more and more complex and unmanageable. With legal and regulatory standards getting tighter, there’s an increasing chance of violation, while growing transparency and closer regulatory scrutiny raise the risk of being ‘found out’ and incurring sanctions or heavy fines.

If all that wasn’t enough, in recent years there’s been a clear change in the public’s ethical yardsticks and expectations. With new technologies making it easier for the authorities and journalists to investigate, the need for full and all-encompassing transparency is omnipresent. If an infringement is detected or suspected, the news spreads through the electronic and social media like digital wildfire.

All this puts companies in a dilemma (see Figure 1). On the one hand they’re under pressure to cut costs to remain competitive. At the same time they have to increase their compliance budget to stay capable of action and safeguard their reputation. Organisations must rethink their corporate governance.

Figure 1: Increasing tension between cost pressure and responsibility.

The guiding framework for managing and overseeing the business, both in legal and practical terms, takes the form of company-specific corporate governance. Because of the predicament described above, organisations have to adopt a new and more sustainable approach to governance. It’s important for the board of directors to get actively involved in setting up the governance framework: as the company’s strategic management body, it’s the team steering the ship and setting its course. The board sets down this course in the corporate strategy as the basis for defining and developing the compliance set-up and other assurance functions. But minimum standards are no longer enough, by any means. Companies can’t let compliance requirements get stuck at head office at some strategic meta-level; they must make sure they find their way into value-adding processes at the operational level.

Tone at the top

For this to happen, the board of directors has to show its face and take the lead in terms of leadership behaviour. This is the tone at the top that shapes and guides the culture of the entire organisation. Ethical behaviour and attitudes to rules and guidelines are directly reflected in the day-to-day work of management and staff (see Sarah Kane's article on “Rules beyond regulation”). Company directors are often practically invisible, and very few staff know the members of their board in person, never mind their views and attitudes. This is because directors still rarely gear themselves to the organisation and the people who work for it – except, that is, in the corporate governance section of the annual report. Here a rethink is required: directors need to communicate actively and lead by example.

Farewell to silos

To be able to make decisions and take care of the core issues affecting the business, the board of directors needs the right information from the organisation. This means that data gathered from risk management, compliance, internal controls and other assurance functions have to be well coordinated, and ideally captured on an integral basis and/or presented in a single report. The functions responsible (the second line of defence) need to work together closely, engage in regular dialogue, or even join forces at an organisational level. In terms of acceptance and proper embedding in operational business, it’s also crucial for the second line of defence to be coordinated and speak with one voice. This is the only way of gathering reliable, comparable information as a basis for implementing and complying with the relevant rules and standards.

The benefits of such an integral approach are clear: greater acceptance and operational efficiency, lower internal costs, and a better foundation for the board of directors to make quick, targeted decisions.

Figure 2: Compliance must do more than merely meet the minimum standards.

Unfortunately there’s still a tendency at many companies for silos to emerge. Functions exist for risk management, compliance, internal controls and IT security, but they don’t talk to one another. The fact is, though, that an issue such as cybersecurity affects areas way beyond IT, posing financial and existential risks for the business as a whole. This means it has to be made part of a holistic approach to risk and be placed firmly on the strategic management agenda (see the article by Urs Küderli and Lorenz Neher, "Cybersecurity Risks – A matter for the board!").

Don’t just fulfil – exceed

The incentive system needs to be part of this endeavour to combine forces. With the right incentives it’s possible to align the way behaviour is managed, motivation and risk transfer, inspiring the company as a whole and the people within it to put in their best performance. Any company that wants to go beyond merely fulfilling rules and requirements has to make sure the incentives don’t just take monetary factors into account. The equation must include both tangible and intangible compliance KPIs that can be measured and evaluated, integrated in the context of the organisation, and which reflect ethical values. Few companies so far have managed to include such KPIs in their incentive systems.

In a nutshell

The board of directors is responsible for creating the corporate governance framework. This includes building structures that are aligned with the organisation and its ethical orientation and do more than just meet the minimum standard. It means that the board of directors has to get involved in the organisation, ask critical questions, practice a corporate culture geared to people and learning, and drive the business with the right incentives. It also means that both the compliance department and other second lines of defence should shift their role from objectors and obstructers to that of facilitators, and make sure they’re perceived as such within the organisation. Only if compliance is rooted in operational processes and works hand in hand with the management and the other people responsible for the second line of defence can a company be led compliantly, sustainably and successfully. As one CFO aptly put it in a global study conducted by PwC[1]: “A strong compliance and ethics programme can help leaders address risks with confidence and harness new market opportunities.”

[1] State of Compliance Survey of 825 people including CCOs, CFOs, audit committee members and other compliance stakeholders, 2018.

Six tips to help you achieve sustainable corporate governance

Heed your gut feeling and ask critical questions.
Lead by example.
Talk to people in the organisation.
Actively contribute your ideas and visions and initiate change.
Make sure your internal requirements are firmly anchored on the operational front.
Combine and boost the forces of your second line of defence.