ACCA is pleased to have this opportunity to participate in the FRC's consultation on its review of the effectiveness of the Combined Code ('the Code'). We note that the FRC is inviting views on both the content of the Code and the way that it has been applied by companies and enforced by investors using the 'comply or explain' mechanism. Our comments in this submission address a number of points about corporate governance practice and incorporate recommendations for change which we invite the Council to consider.
Before addressing the specific issues raised in the consultation paper we would like to make a few points of our own.
The role of corporate governance in the economic crisis
While various failures have been blamed for the current economic crisis, ACCA considers that corporate governance failures are chief among them. Regrettably, there are sufficient examples across the sectors for us to conclude that corporate governance in general, not just within financial institutions, has let us down. Fine tuning of the current system will not resolve this problem, since it has not done so in the past. For instance, concerns about executive remuneration have grown since the Greenbury Report (July 1995) gave us our first Code of Best Practice for Executive Remuneration, which was combined into the Hampel Code of 1998.
Failure of non-executive directors
It was untimely that the two 2007/8 changes to the Code relaxed the Code's provisions on chairing boards (provision A.4.3) and on audit committee membership (C.3.1). Nevertheless we acknowledge that the development of the Code over the years has progressively and considerably enhanced the requirements for and responsibilities of independent directors on UK listed company boards. To draw attention to the failure of independent directors is not to say that less reliance should be placed upon them in the future. But consideration needs to be given to addressing the causes of their ineffectiveness.
While two-tier board structures have not always been notably successful, they can contribute to ensuring that the supervisory board directs and oversees, while the management board manages. In practice, much depends on the composition and powers of the two boards in a two-tier structure.
A common feature of corporate governance debacles has been that boards, especially their non-executive directors, have been taken by surprise by events. ACCA believes this is not unconnected to the ability of, and tendency for, top executives to control the flow of information to the board; and that boards operate in a partial assurance vacuum.
It should be mandatory for boards of public interest entities to receive assurance, independent of management, that (a) the policies of the board are being implemented by management and (b) the significant internal and external risks to the company have been identified and are being mitigated. We consider that acceptance of our Recommendations 10 and 15 below could meet the aims of this Recommendation.
The Code should be strengthened in its definition of the requisite training, qualifications, time commitment and conduct of non-executive directors.
Compliance with the Code should require cross-directorships to be avoided by all non-executive directors, not just those deemed to be independent.
As a first step, the FRC should consider the implications of introducing as an option a two-tier board structure and should consider the changes to the Code that would need to be articulated.
UK pillars of corporate governance insufficiently joined up or robust
While we welcome the regular reviews by the FRC of the wording of the Code, the challenge for UK corporate governance is much more fundamental than the wording of the Code: there is a need for the main 'pillars' of UK corporate governance to collectively determine a better route forward. ACCA believes that regulation of corporate governance in the UK is currently so light touch as to have very little impact at all. While we do not suggest that we move to the other extreme, we consider that there is now a clearly demonstrated need for more robust regulation in this area. UK lapses in corporate governance standards incur very modest sanctions compared, for instance, with the US.
The main pillars of UK corporate governance appear to us to be as follows:
- The FRC
While the FRC is responsible for the content of the Code, unlike the position with regard to financial reporting, external auditing and actuarial affairs, it has little or no corporate governance enforcement or disciplinary roles.
(ii) The FSA
The FSA refers to the Code in its Listing Rules but regards rule 9.8.6 as merely a disclosure obligation for a listed company, not a listing requirement to apply the Code's principles nor to 'comply or explain' with respect to the Code's 'provisions'.
- Shareholder bodies
The owners of listed companies, armed with clear disclosures, who have ultimate authority at present to discharge the enforcement role.
- Professional adviser
The professions, especially external auditors, who review clients' assertions of compliance with specified elements of the Code's provisions.
- Company law and regulation
The roles of BERR and EC are integral to this.
Reliance on shareholders of listed companies is insufficient
ACCA believes it will never be sufficiently effective to rely on shareholders and bodies that represent them to enforce high standards of corporate governance by companies, since they are not sufficiently organized or incentivised to challenge boards and hold them to account. Furthermore, shareholders themselves often encourage companies to take excessive risks. It should also be taken into account that there are other parties, apart from owners, who have a legitimate interest in how companies are governed. We further consider that so much of the economy is controlled by entities other than listed companies that it is insufficient either to focus on the corporate governance of quoted companies, or for the UK to continue to define 'public interest entities' in the minimum way that the Statutory Audit Directive permits (that is, listed companies only).
A project should be instigated, either by the FRC or BERR, to identify which of the discretionary provisions of the Code, some possibly after amendment, should be made mandatory through the listing rules, or by regulation, or by law – with a broader remit than just for listed companies.
There should be a general requirement for companies to obtain shareholder approval for any board decision not to apply a Code principle or not to comply with a Code provision, similar to that which pertains to provisions A.2.2 and B.1.3.
The involvement in corporate governance of external auditors
The third recommendation of the Cadbury Report (1992, p54) was that …
'Companies' statements of compliance [with the Cadbury Code] should be reviewed by the auditors before publication. The review should cover only those parts of the compliance statement which relate to provisions of the Code where compliance can be objectively verified. …'
Since 2003, auditors have been expected to review only nine of the now forty-eight provisions of the Code, and none of the forty-three principles. Five of the original Cadbury provisions, which continued to be reviewed after the publication of the 1998 Combined Code, are no longer reviewed. The additional provisions that are now reviewed do not represent 'creep' into other areas – rather, they are a consequence of audit committees being addressed by a larger number of provisions commencing with the 2003 Code; and so the overall result has been a considerable narrowing of auditor attention. Gone is auditor review of provisions on a formal schedule of matters reserved to the board (2003: A.1.1), directors taking independent advice (2003: A.5.2), the selection of non-executive directors (2003: A.7.1) and their terms of appointment (2003: A.7.2), service contracts (Cadbury: 3.1) and non-executive determination of executive remuneration (Cadbury 3.3).
In the light of (a) the development of auditing standards on assurance engagements, (b) the possibility of limiting auditor liability and (c) the Sarbanes-Oxley s404 experience of auditors of US quoted companies, it should be possible for external auditors to assume an expanded role in providing assurance on directors' corporate governance assertions. Many of both the principles and provisions of the Code are wholly or partially verifiable independently. We understand that there is little or no appetite for this on the part of companies, investors or auditors but consider that it could make an effective contribution to enhancing corporate governance.
The FRC should launch an enquiry into the feasibility and desirability of extending the external auditors' role with respect to directors' corporate governance assertions, possibly at the discretion of the reporting companies or their shareholders.
The code's coverage of strategy
Many commentators have observed that, while A.1 of the Code (on the responsibilities of the board) gets the balance right between the board's entrepreneurial/strategic and oversight/control roles, most of the rest of the Code focuses on the board's general oversight/control role but with very little focus on strategy or the board's responsibility to oversee strategy.
There has been quite wide concern that the Code's focus on the control side of corporate governance has led to boards becoming excessively preoccupied with this to the detriment of focusing on strategy. It may seem discordant with the mood of the times for ACCA to make this point as there is plenty of evidence that boards have been failing in their oversight/control role. But much of the current malaise is a consequence of companies adopting ill-conceived strategies which have proved to be too risky.
The Code should contain more guidance on the board's responsibility for strategy and the means by which strategy should be developed, implemented and overseen.
Specific issues for comment raised by the FRC
We address in this section the specific consultation issues set out in the FRC paper.
1) While boards are expected to apply the principles, 'comply or explain' allows them a degree of flexibility in choosing whether to follow the Code's individual provisions.
We do not consider that there is any significant force behind the statement in the Code that 'boards are expected to apply the principles', while having flexibility at the level of the provisions. Whatever the expectation and whoever expects it, despite the different wording in Listing Rule 9.8.6 used with respect to 'principles' on the one hand compared to 'provisions' on the other, the FSA has never, to our knowledge, used this rule to discipline a company for failing to apply a Code principle. We understand the FSA regards all of this as merely a disclosure obligation. Furthermore, since the rule does not give 'comply or explain' status to the Code's principles, it is harder to work out from many annual reports whether or not a company is applying many of the Code principles than whether they are complying with the provisions, even though the principles are more fundamental than the provisions.
2) Which parts of the Code have worked well, and which of them need further reinforcement?
The effects of excessive flexibility
The wording of some of the provisions enables a company to claim to be in compliance with them even when it is not following the best practice that the sentiment within each of these provisions is enunciating. It is true that in each of the examples we show immediately below, the provision 'requires' the company to explain their deviation to shareholders but that is a 'requirement' anyway with respect to non-compliance with any provision. Provisions A.2.2 and B.1 additionally 'require' obtaining shareholder support in advance of deviating from best practice, but even when such approval is obtained we consider the provision should be phrased so that this amounts to non-compliance with the provision.
(We have put 'requires' in quotes as no provision in the Code is a requirement, each being discretionary.)
Examples of excessive flexibility within the Code, allowing a company to claim compliance when it deviates from best practice, include the following:
- A company may be fully compliant with provision A.2.2 even if the chairman was not independent when appointed to the chairmanship;
- A company may be fully compliant with provision A.3.1 when it judges a director to be independent notwithstanding that the director 'fails' to meet some of the stated independence 'criteria';
- A company may be fully compliant with provision B.1.3 even when the remuneration of its non-executive directors includes share options;
- A company may be fully compliant with provision C.3.5 even if it has no internal audit function.
- A company may be fully compliant with provision C.3.6 when the board does not accept the advice of its audit committee on the appointment, reappointment or removal of the external auditors.
While retaining the requirements to consult with shareholders in advance, the wording of all the provisions should be such that a company cannot claim compliance with them when they deviate from the best practice stated within the provisions.
Compliance with provision C.3.5 should require that a company has an internal audit function. In line with UK public sector practice, the internal audit function should be required to express to the board an overall opinion on the effectiveness of internal governance processes, risk management and internal control. The relevant Code provision should state that the internal audit function is to be regarded as a cost of running the board, and that the head of the internal audit should report administratively (for 'pay and rations') and functionally to the chairman of the board (or, where the chairman was not independent when appointed, to the board, to its audit committee, or to its senior independent director). The board might decide that an internal audit function organised on this basis contributes to the satisfaction of their need for independent assurance (see Recommendation 1 above).
The Code does not stipulate that audit committees should be empowered to take outside advice although, at A.4.6 and B.2.1 respectively, the Code covers the likely need for the board's nomination and remuneration committees to do so; and A.5.2 applies this to directors individually as well as stating that board committees should be provided with sufficient resources, although not specifically mentioning outside advice.
The Code should unambiguously state that the terms of reference of all board committees referred to within the Code should empower them to take outside advice at the company's expense.
Materiality of controls and systems
Commencing with the 2003 Code, provision C.2.1 was amended to add 'material' in front of controls, and 'systems' after management. It currently reads as follows (our italics):
'The board should, at least annually, conduct a review of the effectiveness of the group's system of internal controls and should report to shareholders that they have done so. The review should cover all material controls, including financial, operational and compliance controls and risk management systems.'
It is not clear why those 2003 changes were made. Adding the word 'systems' has been counterproductive as it permits a company to claim compliance with this provision when the board (or its audit committee) reviews the risk management process but does not review the specific risks that the entity faces and which the process may or may not have identified and mitigated.
Reporting the board's opinion on internal controls
It has never been a 'requirement' of this or any other Code provision that the board should report publicly their opinion of the effectiveness of internal control and risk management. Indeed, the way this provision is phrased means there is no literal obligation for the board or its audit committee to come to any conclusion (even just for use internally) as to whether the company's internal control and risk management procedures are effective – the requirement is merely to 'review the effectiveness'. Similarly, provision C.3.2 does not require the audit committee to express to the board an overall opinion on risk management and internal control – just to review. We note that s404 of the Sarbanes-Oxley Act requires the company to certify publicly the effectiveness of internal control over financial reporting. We note that some UK listed companies voluntarily publish their opinion on internal financial control effectiveness (e.g. Shell).
Provision C.3.2 refers to the possibility that the board may have a board risk committee separate from its audit committee, but the Code does not set out any provisions that should apply to such a committee except that it should be composed of independent directors (C.3.2) if it is to substitute for the audit committee. We consider that the current economic crisis suggests that it would be preferable for boards to have such risk committees, not least in view of the other burdens placed upon audit committees.
The word 'systems' should be removed from the end of provision C.2.1; a specific requirement should be built into C.2.1 for the board itself to consider and approve a high level risk assessment of the company.
Provision C.3.2 should be amended to require the audit committee to express to the board its overall opinion on the effectiveness of internal control and risk management.
FRC should consider requiring published directors' reports to include an overall opinion of the board on the effectiveness of internal control and risk management.
The Code should include provision(s) relating to risk committees of the board, which should comprise exclusively independent directors. The cost of the company's head of risk management should be regarded as a cost of running the board and should report directly to the board as suggested elsewhere in this submission in the case of internal audit (see Recommendation 10). The board might judge that the risk management function, as with internal audit, meets part of their requirement to receive independent assurance (see Recommendation 1).
Perverse incentives, that result in excessive risk taking and undeserved rewards, need to be avoided. Profits that involve high risk to an organization should trigger a smaller bonus than a similar profit which involves less risk. Payments should be avoided or delayed (e.g. held in an escrow account) until profits have been realised, cash received and 'profits' cannot reverse.
The Code should be amended to address the unacceptable aspects of executive remuneration that have been an accompaniment of the current economic crisis.
3) Have any parts of the Code inadvertently reduced the effectiveness of the board?
We do not consider that this has been the case other than to the following extent:
- We have expressed (above) concern that the Code's stress on the oversight of control has downplayed the importance of the board's oversight of strategy.
- We have some concerns that the well-intentioned strengthening of audit committees has tended to insulate boards themselves from first-hand engagement with the issues being addressed by audit committees.
4) Are there any aspects of good governance practice not currently addressed by the Code or its related guidance that should be?
The following need to be addressed in the Code:
- Corporate social responsibility
- Gender balance
5) Is the 'comply or explain' mechanism operating effectively and, if not, how might its operation be improved?
We have expressed our view above that investor engagement cannot be adequate to ensure high standards of corporate governance, and so the 'comply or explain' approach cannot be relied upon to be effective and has been shown to have failed. Much that is currently discretionary needs to be made mandatory.
6) The FRC additionally invites views on the composition and effectiveness of the board as a whole; the respective roles of the chairman, the executive leadership of the company and the non-executive directors;
Clearly, many boards have proved to be ineffective. We have suggested (above) measures to improve the effectiveness of non-executive directors and the degree of independent assurance that boards receive. We consider the Code's concept of a balanced board to be sound, but note that companies often compromise on the avoidance of excessive power at the top of the business and on the independence of the chairman. We have suggested the Code should unambiguously support the need for all board committees to be empowered to take outside advice. We have suggested that provision should be made, as an option, for two-tier boards for UK listed companies.
7) The board's role in relation to risk management
We have suggested rewording provision C.2.1, building risk committees of independent directors into the Code provisions relating to boards, and requiring the formulation of overall opinions on the effectiveness of risk management and internal control.
8) The role of the remuneration committee;
We have addressed this in the context of rewording the provisions on the remuneration committee so as to address the issue of perverse incentives.
9) The quality of support and information available to the board and its committees;
We have indicated our concern about the control by the executive of the information flow to the board, and have recommended that boards should be required to obtain assurance independent of the executive.
10) The content and effectiveness of Section 2 of the Code, which is addressed to institutional shareholders and encourages them to enter into a dialogue with companies based on a mutual understanding of objectives and make considered use of their votes.
While, as we have said above, we should not expect to rely upon shareholders alone to achieve high standards of corporate governance in the companies they own, the active monitoring of board behaviour, and the responsible exercise of shareholder rights, are integral elements of the governance process. As has been evidenced by the banking crisis, there is much potential for improvements to be made in this area. We believe that boards should be encouraged to act pro-actively in their engagement with shareholders, in particular with institutional investors, with a view to understanding and, where appropriate, accommodating their legitimate concerns about the company's direction. As well as helping to maintain constructive effective working relationships with investors, this process should be seen by boards as assisting them to comply with their legal responsibilities under section 172 of the Companies Act 2006.
11) Concerns over the continuing effectiveness of the 'comply or explain' approach
In our opinion, the concerns have increased as there have been more examples of how this approach has proved to be inadequate. As explained above, we do not consider that tinkering with the 'comply or explain' approach will address the problems with it.
This would not be possible for a company quoted in the US: s301 of the Sarbanes-Oxley Act (2002)