Drawing on insights from our conversations with board directors around the world, we highlight 12 priority issues for boards to consider as they approach and execute their 2020 agendas.
The first time adoption of the 2020 Code on Corporate Governance (the ‘Code’) as of 1 January 2020, requires board attention across governance areas. To guide you in this respect, references to relevant key (new) elements of the new Code are included where applicable.
2020 is a tipping point. We’ve lived with growing levels of geopolitical risk for nearly a decade, but without a true international crisis. Outside of geopolitics, global trends have been strongly favorable. That’s now changing.
Employee and consumer activism regarding Environment, Social (see supra) and Governance (ESG) issues are growing exponentially, but none more so than over the question of the environment.
Institutional investors have long emphasized their expectations for companies to explain how they are addressing environmental issues in the context of long-term value creation, and while the volume of disclosure has certainly increased, action has been limited.
Now, as increasingly visible activist groups expand throughout the millennial population and beyond, their voice has become impossible to ignore by policy makers and companies.
There are many frameworks for reporting on the issue as well as new specific reporting requirements in Provision 2.16 of the 2020 Code. So while the volume of information being presented is significant, and growing, ensuring it is focused, relevant, material and comparable is a challenge.
Alongside the need for long-term planning and retrospective reporting, the importance of short-term action must not be underestimated. There is clearly a growing acceptance of what were previously seen as extreme opinions held only by marginal groups. When the UN drafted the International Crimes against Peace during the second half of the twentieth century, ecocide was one of the then five crimes, and was only finally removed from the draft in 1996.
So while we may still be some time off any enactment in law, if and when it does come, companies must expect pressure for retrospective analysis of whether they did enough to consider the impact of their operations.
Corporate growth and shareholder return still require the essentials – managing key risks, innovating, capitalizing on new opportunities, and executing on strategy – but the context for corporate performance is changing quickly and, perhaps, profoundly.
Mounting societal issues – such as territorialism, income and taxation inequality, the climate emergency, diversity and inclusion – coupled with poor government solutions, continue to heighten expectations for companies themselves to address the gaps and rethink their responsibility to society – changing the conversation from ‘Is it legal?’ to ‘Is it right?’
The 2020 Code rightfully introduced ‘sustainable value creation’ as a new fundamental basis, as many would now accept that a successful company must not only generate value for shareholders, but also develop an ‘inclusive’ approach to ‘balance’ the interests of the wider society (Provisions 2.1 and 2.2). Companies who fail to deliver on a societal sense of purpose will ultimately lose the licence to operate from key stakeholders – as with diversity and inclusion, this is not a political correctness issue, but rather an essential component for sustainable long-term growth.
The Code now also includes the requirement for boards to understand the ‘legitimate interest and expectations of stakeholders’ and present in the annual report ‘sufficient information on issues of societal concern and relevant environmental and social indicators’ (Provisions 2.2 an 2.16). It is not yet clear how boards will report in practice – certainly as it relates to previously undisclosed and sometimes sensitive matters. The starting point is likely the identification of both the ‘key stakeholders’ and how they have been engaged, as well as how the company defined and had regard to the ‘issues of societal concern’ – considering the impact of that regard in strategic decision making and the governance of the company – and determination of ‘relevant indicators’ that will require disclosure.
As digital technologies such as AI, data-analytics and Blockchain, inter alia, continue to advance – both in capability and in application – their impact on risk assessment – both in terms of disruption as well as protection solutions – becomes as increasingly important as it is a complex multi-faceted challenge.
A staggering 80 percent of board members surveyed in our 2019 Global Audit Committee Pulse Survey indicated that their companies’ risk management processes are not fully robust – being unable to identify emerging and disruptive risks.
Now more than ever is the time to firmly pose questions around this, and just as importantly to follow up robustly on the proposed actions. Are the company’s risk management processes adequate to address the speed and disruptive impact of these advances, and to assess the continuing validity of the key assumptions that are the basis for the company’s strategy and business model? Tomorrow’s competitors are likely to be different than yesterday’s.
Where disruptive technology is identified as a risk management opportunity does the business have the right skills to deliver on it? Understanding the risks and opportunities posed by technologies is a long way from being able to actively manage or leverage them which requires skills rarely found in current management but typically prolific within the millennial population.
On top of the challenging Belgian political situation, growing nationalism, cyber attacks, and the threat of various looming (trade) wars and other geopolitical conflicts, combined with an absence of global leadership and the deterioration of international governance (the so-called ‘GZERO world’), will continue to drive global VUCA (Volatility, Uncertainty, Complexity, Ambiguity). As Eurasia Group’s founder and president Ian Bremmer has noted, this environment ‘will require more investment in scenario planning and stress testing. It also means drawing up contingency plans to shorten supply chains, cutting long-term fixed costs, and limiting business exposure to political relationships that have considerable potential to go south.’ Check out Eurasia’s 2020 top risks to stay ahead of the curve.
Help management reassess the company’s processes for identifying the risks and opportunities posed by continuing political struggles, geopolitical disruption and their impact on the company’s long-term strategy. Is there an effective process to monitor changes in the external environment and provide early warning that adjustments to strategy might be necessary? Help the company test its strategic assumptions and keep sight of how the big picture is changing: connecting dots, thinking differently, and staying agile and alert to what’s happening in the world. In short, disruption, strategy, and risk should be hardwired together in ongoing boardroom discussions.
In our conversations with directors, it is clear that some companies may need a more rigorous, holistic approach to data governance – the processes and protocols in place around the integrity, protection, availability and use of data.
Boards have made strides in monitoring management’s cyber security effectiveness with for example greater IT expertise on the board and relevant committees, company-specific dashboard reporting to show critical risks and more robust conversations with management focusing on critical cyber security risks, operational resilience, and the strategies and capabilities that management has deployed to minimize the duration and impact of a serious cyber breach. Despite these efforts, given the growing sophistication of cyber attackers, cyber security will continue to be a key challenge.
Data governance overlaps with cyber security, but it is broader. For example, data governance includes compliance with industry-specific privacy laws and GDPR, which govern how personal data – from customers, employees or vendors – is processed, stored, collected and used.
Data governance also includes the company’s policies and protocols regarding data ethics – in particular, managing the tension between how the company may use customer data in a legally permissible way with customer expectations as to how their data will be used. Managing this tension poses significant reputation and trust risks for companies and represents a critical challenge for leadership.
To help develop a more rigorous approach around oversight of data governance:
Does the company make it safe for people to do the right thing? Headlines of sexual harassment, aggressive sales practices, insider trading and other wrongdoing continue to put corporate culture front and center for companies, shareholders, regulators, employees, and customers.
Boards themselves are also making headlines – particularly in cases of self-inflicted corporate crises – with investors, regulators, and others asking, ‘Where was the board?’
Given the critical role that corporate culture plays in driving a company’s performance and reputation – for better or, as evidenced by #MeToo, for worse – year-over year, we have seen boards taking a more proactive approach to understanding, shaping, and assessing corporate culture.
Additionally, the Code explicitly makes the board responsible for oversight of corporate culture. Our set of leading practices for boards to discharge their responsibility related to corporate culture (see infra) should go well beyond what is required by the Code’s Provision 2.7: tasking the board to ensure that the ‘culture is supportive of the realization of its strategy and that it promotes responsible and ethical behavior’.
Getting culture right requires a laser focus on the tone at the top and zero tolerance for conduct that is inconsistent with the company’s values and ethical standards, including any ‘code of silence’ around such conduct.
Be sensitive to early warning signs and verify that the company has robust whistle-blower and other reporting mechanisms in place and that employees are not afraid to use them (embedded in Provision 4.13 of the 2020 Code).
Understand the company’s actual culture (the unwritten rules versus those posted on the notice board); use all the tools available – surveys, internal audit, hotlines, social media, walking the halls and visiting facilities – to monitor the culture and see it in action. Recognize that the tone at the top is easier to gauge than the mood in the middle and the buzz at the bottom. How does the board gain visibility into the middle and bottom levels of the organization? Make sure that incentive structures align with strategy and encourage the right behaviors, and take a hard look at the board’s own culture for signs of groupthink, complacency and/or discussions that lack independent or contrarian voices. Focus not only on results, but the behaviors driving results.
Given the demands of today’s business and risk environment, boards must increasingly focus on aligning their own composition with the company’s strategy, both today and with a longer-term view.
The world has arguably changed markedly faster than boards, and the need for relevant experience, diversity and inclusion in the boardroom continues to be front and center for investors, regulators, and other stakeholders. How does your boardroom set of skills, experience and diversity record fare against the company’s own goals, its strategy and its risk profile?
The journey to meet legally required quota related to gender diversity has moved in the right direction over the last few years. But can the same be said about diversity at large? Do today’s boards reflect the society we live in? Do they reflect the international markets in which they operate? And the changed workforce and their interests?
The increased level of investor and regulator engagement on this topic highlights concern over the slow pace of change in boardrooms and points to the central challenge with board composition: a changing business and risk landscape.
Addressing competitive threats and business model disruption, technology innovations and digital changes, cyber risk, and global volatility requires a proactive approach to board-building and board diversity – above and beyond the new generic requirement in the 2020 Code to ‘gather sufficient expertise in the company’s areas of activity as well as sufficient diversity of skills, background, age and gender’ in Belgian boards (Provision 3.3). International diversity is especially important for businesses operating across many different markets. To be part of the solution everyone needs to be informed.
It is clear that board composition and diversity should continue to be a key area of board focus in 2020, as a topic for communications with the company’s institutional investors, enhanced disclosure in the annual report (as required by the 2020 Code), and positioning the board strategically for the future.
Few board responsibilities are more important than hiring and firing the C-suite – a reality that continues to hit the headlines, particularly if the board is caught flat-footed. Given the VUCA and disruptive business and risk environment, it is essential that the company has the right CEO in place to drive strategy, navigate risk, and create long-term value for the enterprise. The board, in consultation with the CEO, should also appoint and dismiss the other C-levels taking into account the need for a ‘balanced’ executive team (Provision 2.9 of the Code).
The board should ensure that the company is prepared for any C-level change – planned and unplanned. Robust and formal (contingency) plans are critical in this respect. The 2020 Code, requires ‘a plan that is periodically reviewed’ (Provision 2.10). Provision 4.23 of the Code further tasks the nomination committee to ensure that ‘sufficient and regular attention’ is paid to C-level succession and that ‘talent development and leadership diversity programs’ are in place.
Formal succession planning for the board is at least as fundamental as for C-levels. The Provisions 2.13, 4.22 and 5.12 set out the requirements for boardroom succession, which are generally in line with the requirements for C-levels (see supra).
Succession planning is a dynamic and ongoing process, and boards must always be thinking about developing profiles for potential candidates. Planning for succession should start the day a new C-level or board member is named.
Clearly linked to the importance of having the right C-suite is having and retaining the talent required – from the top down through the ranks – taking into account more and more digitalized and technology driven ways of working.
The challenge is significant: leaders will need to identify the new skills and capabilities that will realistically be required in the future, those current employees willing and able to be upskilled and retrained will need to be identified. New talent will need to be attracted, retained and integrated into the business and new ways of working will need to be developed and formalized.
Also, investors are becoming more vocal about the importance of a talent development program. Companies will face an increasingly difficult challenge in respect of talent at all levels. Any talent plan should align with strategy and future needs. Which talent categories are in short supply and how can they be recruited and maintained? More broadly, as millennials and younger employees join the workforce in large numbers and talent pools become globally diverse, is the company positioned to attract, develop, and retain top talent at all levels?
The Code made nomination committees responsible to ensure that appropriate talent development programs are in place, through its Provision 4.23.
Successive governance advances have gone some way to strengthening and increasing transparency in respect of the board and executive pay framework – in particular the requirement for shareholder approval of the remuneration policies. Nevertheless, boards are increasingly in the firing line with investors, the media, regulators and others looking to hold the board to account when remuneration appears to be disconnected from long-term corporate performance.
The 2020 Code devotes its entire Principle 7 to regulate board and C-suite remuneration. The new Code also introduces a significant new requirement in respect to non-executive board member remuneration. Provision 7.6 requires non-executive board members to receive part of their pay in the form of shares of the company. Stock options and performance-related remuneration directly related to the company’s results on their part are not allowed to be granted to non-executive directors.
Variable remuneration packages for the C-suite will need to be revisited as well to ‘align the interests of the executives with the sustainable value-creation objectives of the company’ in accordance with Provision 7.8 of the new Code.
Shareholder engagement continues to be a priority for companies as institutional investors increasingly hold boards accountable for company performance and demand greater transparency, including direct engagement with independent directors. They continue to challenge the board with tough questions around the broad topics in this agenda as well as specifics around their role in company strategy and risk evaluation, and the findings from their own board assessment.
In order to ensure they have the full picture, boards should request periodic updates from management about the executive level engagement practices: Do we regularly engage with our largest shareholders and understand their priorities? Do they have access to the right people? What is the board’s position on meeting with investors? And perhaps most importantly, is the company providing investors with a clear, current picture of its performance, challenges and long-term vision?
Be mindful of the company’s vulnerabilities to activist investors. Activism need not be short-term nor undermine the board’s strategic thinking – done properly it can help focus the strategy and drive enhanced corporate governance. Play the role of activists by looking at the company from the outside-in and prompting change from within to benefit shareholders.
Expect that strategy, executive compensation, management performance, ESG and board composition will remain squarely on investors’ radar. Also expect investors to focus on how companies are adapting their strategies to address the economic and geopolitical uncertainties and dynamics shaping the business and risk environment in 2020. The Code now also contains a dedicated separate Principle 8 on engaging with shareholders – with provisions per type of shareholder.
Even the best-prepared companies will experience a crisis, and companies that respond quickly and effectively tend to weather crises better. Crisis readiness goes hand-in-hand with good risk management – identifying and anticipating risks and putting in place a system of controls to help prevent crises or mitigate their impact.
In addition to cultural risks (see infra), we are clearly seeing an increased board focus on key operational risks across the extended global organization – e.g., supply chain and outsourcing risks, information technology and data security risks. Does the board understand the company’s critical operational risks? What’s changed in the operating environment? Has the company experienced any control failures? Is management sensitive to early warning signs regarding safety, product quality, and compliance?
Help ensure that management is weighing a broad spectrum of what-if scenarios – from supply chains and the financial health of vendors to geopolitical risks, natural disasters, terrorist acts, and cyber threats. Is the company’s crisis response plan robust and ready to go? Does it cover different scenarios? Is the plan actively tested or war-gamed and updated as needed? Does it take into account the loss of critical infrastructure – e.g., telecommunications networks, financial systems, transportation, and energy supplies? Does it include communications protocols to keep the board apprized of events and the company’s response – and to address the company’s stakeholders?
The global economy is faced with a 'synchronized slowdown', the past five years have been the warmest on record, and cyberattacks are expected to increase this year – all while citizens protest the political and economic conditions in their countries and voice concerns about systems that exacerbate inequality.