Just as management teams have to rethink how the company conducts its business in the evolving COVID-19 environment, boards also need to recalibrate their own operations and oversight, perhaps more dramatically than ever before.
Here are five areas to consider:
1. Virtual board and committee meetings.
Boards generally already are accustomed to meeting remotely when the need arises, but the COVID-19 pandemic has left no choice but for board and committee meetings to go virtual, through video conferencing or by other means. They continue to do so for the foreseeable future and, in part, become the next normal of how boards operate. The new 2020 Belgian Corporate Governance Code (the ‘2020 Code’) permits virtual board and committee meetings, as necessary and required in Principle 3.19, but boards should ensure corporate governance charters and bylaws also allow for it, or they will need updating and the applicable re-approvals. Boards will also want to avoid potential problems associated with achieving a quorum due to director illness or other factors, and comply with notice requirements for board meetings that must be held swiftly. Confirm whether the company has emergency bylaws or otherwise has emergency power to address these issues. Because the COVID-19 situation is constantly evolving, the full board and individual committees should have processes in place that enable them to meet more frequently – and on short notice – as the situation dictates.
2. Reinforce the board’s cybersecurity protocols.
Increased use of board portals and technology platforms for virtual meetings – and the associated potential for malicious cyber activity – should prompt even greater vigilance regarding the security of board meetings and communications. Additionally, using personal email, personal devices, or unauthorized software to conduct board business can present serious cyber risks. In many cases, simply picking up the phone may be the best answer. Have the general counsel or chief information security officer brief the board on company cybersecurity protocols that apply to them as well as employees in the context of the new operating environment.
Document retention policies should also be reviewed to ensure directors understand the policies, as well as the related risks of taking and retaining meeting notes and retaining board meeting materials. Boards should also seek to ensure that compliance with Global Data Protection Regulation (GDPR) is reassessed now that the organization operates through a more remote working environment – using new communication and collaboration applications with extended features for sharing and cloud-based storage – than those considered in the context of GDPR in the past.
3. Calibrate how the board – through its committee structure – oversees management’s response to COVID-19.
Ultimate responsibility for oversight resides with the full board. However, the board may wish to establish a special committee – composed of directors with the time and experience – to oversee the company’s response, communicate regularly with management, and report back to the full board. The board may also delegate oversight duties for various aspects of the company’s response among its standing committees based on their responsibilities. Coordination and communication among committees is vital.
4. Reassess the frequency and nature of management’s updates to the board throughout the COVID-19 situation.
The board should consider how often it expects updates from management and in what form – bearing in mind that management needs to focus its primary efforts on managing the situation, rather than reporting to the board. The frequency of updates may change in light of evolving circumstances. A periodic email update from the CEO to the full board may be adequate. Key areas of focus would likely include updates as to how the situation is evolving and its impact on the company; scenario planning and the potential impact on the company’s financial and operational risks and strategy; the company’s changing risk profile, including financial and liquidity risks, operational risks related to the workforce, supply chain, and cybersecurity and IT risks; and updates on government mandates and guidelines.
To minimize the reporting burden on management, consider simply receiving management’s COVID-19-related reports versus separate reports prepared specifically for the board. The chairperson of the board is responsible to serve as the conduit for communications with the CEO, which can help make board/CEO interactions more efficient (as also set out in Principles 3.13 – 3.16 of the 2020 Code).
5. Plan for emergency succession of board leaders and C-suite members.
The board should prepare for the possibility that COVID-19 may directly or indirectly impact the ability of directors and officers to fulfill their roles. Have a plan for interim and/or permanent successors for board leadership roles (e.g., the board chair/lead director and committee chairs) as well as for the CEO and other members of the C-Suite. These succession plans should take into account the possibility that more than one member of the management team or board may fall ill at the same time (3.18, 4.23 and 5.12 of the 2020 Code).
About KPMG’s Board Leadership Center
KPMG’s Board Leadership Center offers non-executive and executive board members and those working closely with them (including CROs and Heads of Internal Audit) a place within a community of board-level peers and access to topical seminars and ‘lunch and learn’ Board Academy sessions, invaluable resources and thought leadership, and lively and engaging networking opportunities.