On the 2024 board agenda

The geopolitical and global economic environment has changed considerably: the escalation of the wars in Ukraine and the Middle East; the continuing deterioration of the US–China relationship; and the potential for massive global political and social disruption caused by misinformation or disinformation. These and other risks, including supply chain disruption, cybersecurity, inflation, interest rates, market volatility and the risk of a global recession will continue to drive global volatility and uncertainty.

Companies also face potential disruption to business models and strategy, posed by accelerating advances in digital technologies such as artificial intelligence (AI), including generative AI and blockchain.

Given these uncertainties, the board should oversee management’s reassessment of the company’s processes for identifying and managing these risks and assessing their impact on strategy and operations. This includes ensuring that there is an effective process to monitor changes in the external environment to provide early warning adjustments to the strategy. Additionally, risk management, business continuity and resilience activities should be enhanced including:

• Frequently updating the company’s risk profile and increased scenario planning;
• Stress testing strategic assumptions;
• Analyzing downside scenarios;
• Considering the interrelationship of risks; and
• Obtaining independent third-party perspectives.

Companies should consider how certain external factors and events will impact the company’s business model and strategy. It is also critical to understand the underlying structural shifts taking place (geopolitical, demographic, technological, economic, climate, global energy transition, societal etc.) and the longer-term implications.

Additionally, boards should also focus on growth strategies including mergers and acquisitions, international deals, and initial public offerings (IPOs) etc. Having growth strategies on the board agenda is important to stay relevant in rapidly growing business landscapes such as the UAE.

2023 saw major advances in the development and use of generative AI. With it comes more opportunities and risks which remains a challenge given the pace of the technology’s evolution.

The potential benefits may include automating various business processes such as customer service, content creation, product design, marketing plans development, healthcare improvement and new drugs development. Risks may however include inaccuracy of results, data privacy and cybersecurity, intellectual property (including unintended disclosure of the company’s sensitive or proprietary information and unintended access to third-party IP) and non-compliance posed by the rapidly evolving legislation globally.

Given the strategic importance of generative AI, boards should be monitoring management’s efforts to design and maintain a governance structure for the development and use of generative AI. Key considerations include:

• Determining the manner of development and timing of deployment of the generative AI system of model, including the person or body authorized to make this decision;
• Understanding how the company’s peers are utilizing AI;
• Determining how management is mitigating the risks posed by generative AI and ensuring that the use of AI is aligned with the company’s values;
• Identifying which AI risk management framework is used;
• Ensuring that there is an established company policy on employee use of generative AI;
• Checking whether management is monitoring rapidly evolving generative AI legislation and ensuring compliance; and
• Determining whether the organization has the necessary generative AI-related talent and resources, including in finance and internal audit.

Boards should further assess their governance structure for board and committee oversight of generative AI including deep dives into certain aspects of generative AI.

Cybersecurity risk continues to intensify due to the acceleration of AI and the increasing sophistication of hacking and ransomware attacks.

The growing sophistication of the cyber threats point to the continued cybersecurity challenge and the need for management teams and boards to continue to focus on resilience. While data governance may overlap with cybersecurity, it is a broader concept that includes compliance with industry-specific privacy laws and regulations, as well as guidelines that govern the processing, storage, collection and use of personal data from customers, employees and vendors.

Data governance also includes policies and protocols regarding data ethics that manage the tension between how the company may use customer data in a legally permissible way and customer expectations as to how their data will be used. Managing this tension poses significant reputation and trust risks for companies and represents a critical challenge for leadership. The UAE has issued various regulations to manage data governance such as the Federal Personal Data Protection (PDP) Law, Consumer Protection Regulation and related standards issued by the Central Bank of the UAE.

To oversee cybersecurity and data governance holistically, companies should take the following steps:

• Implementing a robust data governance framework that clarifies which data is being collected, how it is stored, managed and used, and who is responsible for these decisions;
• Clarifying the business leaders responsible for data governance across the enterprise, including the Chief Information Officer, Chief Information Security Officer and Chief Compliance Officer;
• Reassessing the board’s role in assigning and coordinating oversight responsibilities for the company’s use of generative AI, cybersecurity and data governance frameworks including privacy and ethics; and
• Understanding how AI is developed and deployed, the most critical AI systems and processes the company has installed and the extent to which bias is built into the strategy, development, algorithms, deployment and outcomes of AI-enabled processes.

Ensuring the organization has the necessary generative AI-related talents and resources, including in finance and internal audit.

We can expect the intense focus on ESG to continue in 2024. Investors, research and rating firms, activists, employees, customers and regulators view a company’s approach towards addressing climate change, inclusion, diversity and equity (IDE) and other ESG issues as fundamental to the business and critical to long-term value creation.

The clamor for attention to climate change as a financial risk has become more urgent, driven by reports that the summer of 2023 was the hottest on record, with global temperatures expected to reach new highs over the next five years. Along with the frequency and severity of floods, wildfires, rising sea levels and droughts there is a growing concern about climate-related migration and displacement; and concern by many experts that the window for preventing more dire long-term consequences is rapidly closing.

Regulators and policy makers globally are placing greater demands on companies to act and climate disclosures are a priority for many regulators. In addition to hosting the 28th United Nations Conference of the Parties (COP28) Climate Change Conference last year, the UAE implemented the Net Zero by 2050 strategic initiative. The Abu Dhabi Global Market (ADGM) has also announced the implementation of its sustainable finance regulatory framework effective 2023, which contains the requirements for ESG disclosures by ADGM companies, which will support the UAE’s transition to net zero greenhouse gas emissions. Further regulations are likely not far behind, especially as a result of the recent COP28.¹

An important area of board focus and oversight will be management’s efforts to prepare for increased climate and ESG disclosure requirements for companies in the coming years. International Financial Reporting Standards (IFRS) Sustainability Disclosure Standards issued by the International Sustainability Standards Board (ISSB) are effective, with first disclosures to be published in 2025 (subject to SCA adoption timelines which have not been announced yet). Due to transitional relief measures introduced by the IFRS, reporting entities will only be expected to report climate-related risks and opportunities in the first year of disclosures, followed by the full implementation of sustainability-related risks and opportunities in the consecutive years.

In addition to the compliance challenge, companies must also ensure that disclosures are consistent and consider the potential for liability posed by detailed disclosures. This can be a major undertaking, with cross-functional management teams involved, including any management disclosure committees and management’s ESG Committee.
To ensure that ESG, IDE and climate risk issues are prioritized, it is important for board members to:

• Determine which ESG, IDE and climate risk issues are material or of strategic significance to the company and follow up on the company’s continuous commitment to these; 
• Embed these into core business activities such as strategy, operations, risk management, incentives and corporate culture to drive long-term performance; 
• Provide clear commitment, goals and metrics, along with strong leadership and enterprise-wide buy-in;
• Establish management sensitivity to the risks posed by greenwashing;
• Reassess and adjust governance and oversight structure relating to climate and ESG risks as needed; and
• Monitor regulatory developments in these areas.

Investors, regulators, ESG rating firms and other stakeholders continue to demand higher quality disclosures about risks and how boards and their committees oversee them. The increasingly complex and dynamic risk environment requires a more holistic approach to risk management and oversight, as risks are interrelated.

Many boards are reassessing the risks assigned to each standing committee. In the process, they are often assigning multiple standing committees oversight responsibility for different aspects of a particular category of risk. For example, the nomination, compensation and audit committees may each have some overlapping oversight responsibilities, for climate, Human Capital Management (HCM) and other ESG risks.

Given these overlapping committee risk oversight responsibilities, boards should encourage more effective information sharing and coordination among committees by:

• Identifying areas where committee oversight responsibilities may overlap and developing a process for frequent communication and discussion of committee activities in these areas;
• Maintaining overlapping committee memberships or informal cross-attendance at committee meetings;
• Conducting joint committee meetings when an issue of strategic importance to multiple committees is on the agenda;
• Holding periodic meetings of committee chairs to discuss oversight activities; and
• Insisting on focused, appropriately detailed and robust committee reports to the full board.

Having an up-to-date inventory of risks and maintaining critical alignments of strategy, goals, risks, internal controls, incentives and performance metrics is essential to effectively managing a company’s risks. The full board and each standing committee have a role to play in helping to ensure that management’s strategy, goals, objectives and incentives are properly aligned, performance is rigorously monitored and that the culture the company has is the one it desires.

Talent has long become the most valuable assets for companies. Employees continue to value fair pay and benefits, work-life balance (including flexibility), interesting work and opportunities to advance. Further, they want to work for a company whose values align with their own. In 2024, we expect continued scrutiny of how companies are adjusting talent strategies to meet the challenge of finding, developing and retaining talent amid a labor-constrained market. To that end, it’s important for the board to:

• Understand the company’s talent strategy and its alignment with the company’s broader strategy and forecast needs for the near and long term;
• Identify the challenges to keeping key roles filled with engaged employees;
• Determine which talent categories are in short supply and how the company successfully compete for this talent;
• Ensure that the talent strategy reflect a commitment to IDE at all levels; and
• Determine whether the company is positioned to attract, develop and retain top talent at all levels as talent pools become generationally and globally diverse.

Currently, the UAE government is continuing its focus on Emiratization. Employers with more than 50 workers are required to increase their Emiratization rate from high-skilled jobs by 2% annually gradually raising the rate to 10% by 2026.

Accordingly, boards should ensure that adequate strategies and initiatives are taken by their organizations to meet Emiratization targets.

Moreover, having the right CEO in place to drive culture and strategy, navigate risk and create long-term value for the enterprise is pivotal. The board should therefore ensure that it is prepared for a CEO change on an emergency interim basis or permanently. CEO succession planning is a dynamic, ongoing process and the board should always be focused on developing a pipeline of C-suite and potential CEO candidates, which should start the day a new CEO is appointed.

Successful CEO succession planning can be achieved by establishing processes and activities and ensuring that the plan is updated to reflect the necessary CEO skills and experience to execute against the company’s long-term strategy. The board should have plans in place for other key executives and be acquainted with high-potential leaders two or three levels below the C-suite.

Boards, investors, regulators and other stakeholders remain focused on the alignment of board composition with the company’s strategy, particularly director expertise and diversity. The increased level of investor engagement on this issue highlights the main challenge with board composition: having directors with experience in key functional areas, deep industry experience and an understanding of the company’s strategy and its associated risks.

It is important to recognize that many boards may not have experts in all the functional areas such as cybersecurity, climate, or HCM, and may need to engage external experts. Developing and maintaining a high-performing board that adds value requires a proactive approach to board building and diversity. This includes diversity of skills, experience, thinking, gender, ethnicity and social background.

While determining the company’s current and future needs is the starting point for board composition, there are several issues that require board focus and leadership including succession planning for directors as well as board leaders (the chair and committee chairs), director recruitment, director tenure, diversity, board and individual director evaluations and removal of underperforming directors.

Board composition, diversity and renewal should remain a key area of board focus in 2024. It is fundamental to communicate with the company’s institutional investors and other stakeholders, enhance disclosure in the Annual Report and Accounts and, most importantly, position the board strategically for the future.