Rules, principles and Sarbanes-Oxley

Relevant to ACCA Qualification Paper P1

Corporate governance codes

This article introduces some of the main themes in relation to the control of corporate governance and discusses how this control differs by country. In particular, the aim is to clarify the features and characteristics of rules-based and principles-based approaches to corporate governance, how each type of system is regulated, and to examine some of the associated benefits and drawbacks.

The regulation of corporate governance is not new. It has been an important part of company law for many decades and we should not assume that corporate governance did not exist before the various codes were drawn up. The importance of shareholders being able to hold directors to account was a key part of the design of the joint stock company, and company law has always provided for various aspects of this accountability relationship. It has traditionally been a condition of the granting of limited liability, for example, that companies should provide certain minimum information to their shareholders on an annual or half-yearly basis, in addition to general meetings and so on.

Furthermore, there have, unfortunately, always been corporate governance ‘scandals’ where company directors have acted illegally or in bad faith towards their shareholders. Bad corporate governance didn’t start with Enron. It has always been important for investors to have a high level of assurance that directors will act in the shareholder’s best interests and this need continues to this day. Part of the debate, however, is about the best mechanism to underpin the activities of directors in helping to achieve this. While in most countries, financial accounting to shareholders is underpinned by company law and International Financial Reporting Standards, some of the other activities of directors are not, and it is in this respect that countries differ in their approaches.

‘Codes’ of corporate governance are intended to specifically guide behaviour where the law is ambiguous, or where a higher level of behavioural prescription is needed than can be provided for in company legislation. The Bangladesh Code of Corporate Governance (2004) explains this well:

‘The obvious function of a Code of Corporate Governance... is to improve the general quality of corporate governance practices. The Code does this by defining best practices of corporate governance and specific steps that organisations can take to improve corporate governance. The Code, thereby, begins to raise the quality and level of corporate governance to be expected from organisations; in some areas the Code specifies more stringent practices than is required by Bangladeshi law, but it should be emphasised that these additional requirements are in keeping with international best practices.’

The development of codes has, however, been essentially reactionary. A sense that ‘something must be done’ in response to certain corporate failures or serious breaches of faith by directors towards their shareholders, has tended to stimulate the production of codes to reduce the likelihood of reoccurrence. One of the earliest attempts to ‘code’ corporate governance behaviour was the UK’s Cadbury Code, issued in 1992. In response to a small number of cases linked to the dominance of a board by a single, overbearing combined CEO and chairman, one of the major Cadbury recommendations was that the two most senior jobs in a company (CEO and chairman) should be held by separate individuals.

Other codes followed as it became clear that behaviour, other than financial, needed to be provided for. Codes appeared in countries other than the UK as investors sought additional assurance from corporate boards. The issue then arose as to whether and how these requirements should be policed and enforced.

Many countries, including the UK and many Commonwealth countries, adopted what became known as a ‘principles-based’ approach to the enforcement of the provisions of corporate governance codes. Importantly, this meant that for publicly-traded companies, the stock market had to recognise the importance of the corporate governance provisions. By including the requirement to comply with codes within the listing rules, companies were able to adopt a more flexible approach to code provisions than would have been the case had compliance been underpinned by law.

The principle of ‘comply or explain’ emerged. This meant that companies had to take seriously the general principles of the relevant corporate governance codes (the number of codes increased throughout the 1990s and beyond) but on points of detail they could be in non-compliance as long as they made clear in their annual report the ways in which they were non-compliant and, usually, the reasons why. This meant that the market was then able to ‘punish’ non-compliance if investors were dissatisfied with the explanation (ie the share price might fall). In most cases nowadays, comply or explain disclosures in the UK describe minor or temporary non-compliance. Some companies, especially larger ones, make ‘full compliance’ a prominent announcement to shareholders in the annual report, presumably in the belief that this will underpin investor confidence in management, and protect market value.

It is important to realise, however, that compliance in principles-based jurisdictions is not voluntary in any material sense. Companies are required to comply under listing rules but the fact that it is not legally required should not lead us to conclude that they have a free choice. The requirement to ‘comply or explain’ is not a passive thing – companies are not free to choose non-compliance if compliance is too much trouble. Analysts and other stock market opinion leaders take a very dim view of most material breaches, especially in larger companies. Companies are very well aware of this and ‘explain’ statements, where they do arise, typically concern relatively minor breaches. In order to reassure investors, such statements often make clear how and when the area of non-compliance will be remedied.

As an example, here is a recent compliance statement from Aviva plc, a large UK-based company. The area of non-compliance describes a slight technical breach concerning two directors’ notice periods. Section B1.6 of the Combined Code specifies that notice periods of directors ‘should be set at one year or less’, and Section B1.5 explains that ‘the aim [of this is] to avoid rewarding poor performance’: ‘The Company has complied fully throughout the accounting period with the provisions set down in... the Combined Code except that, during the period, two executive directors had contracts with notice periods which exceeded 12 months.’

In contrast, Barclays plc issued an unqualified compliance statement for the year to 2006, as follows: ‘For the year ended 31 December 2006, we have complied with the provisions set out in... the UK Combined Code on Corporate Governance.’

BAE Systems plc (formerly British Aerospace) took a very direct approach in its 2006 report, directly quoting from the Combined Code and then detailing how the company had complied in detail with each important section.

The idea of the market revaluing a company as a result of technical non-compliance tends, importantly, to vary according to the size of the business and the nature of the non-compliance. Typically, companies lower down the list in terms of market value, or very young companies, are allowed (by the market, not by the listing rules) more latitude than larger companies. This is an important difference between rules-based and principles-based approaches. Because the market is allowed to decide on the allowable degree of non-compliance, smaller companies have more leeway than would be the case in a rules-based jurisdiction, and this can be very important in the development of a small business where compliance costs can be disproportionately high.

The influence of the British system, partly through the Commonwealth network, has meant that principles-based systems have become widely operational elsewhere in the world. A quite different approach, however, has been adopted in the US.

After the high-profile collapses of Enron and Worldcom in the US, the US Congress passed the Sarbanes–Oxley Act 2002 (usually shortened to ‘Sarbox’ or ‘Sox’). Unlike in the UK and in some Commonwealth countries, Congress chose to make compliance a matter of law rather than a rule of listing. Accordingly, US-listed companies are required to comply in detail with Sarbox provisions. This has given rise to a compliance consultancy industry among accountants and management consultants, and Sarbox compliance can also prove very expensive.

One of the criticisms of Sarbox is that it assumes a ‘one size fits all’ approach to corporate governance provisions. The same detailed provisions are required of small and medium-sized companies as of larger companies, and these provisions apply to each company listed in New York even though it may be a part of a company listed elsewhere. Commentators noted that the number of initial public offerings (IPOs) fell in New York after the introduction of Sarbox, and they rose on stock exchanges allowing a more flexible (principles-based) approach.

An example of a set of provisions judged to be inordinately costly for smaller businesses are those contained in Sarbanes–Oxley Section 404. This section requires companies to report on the ‘effectiveness of the internal control structure and procedures of... financial reporting’. The point made by some Sarbox critics is that gathering information on the internal controls over financial reporting (ICFR) in a systematic and auditable form is very expensive and, arguably, less important for smaller companies than for larger ones. Accordingly, Section 404 has been criticised as being an unnecessary burden on smaller companies, and one which disproportionately penalises them because of the fixed costs associated with the setting up of ICFR systems. Advice in 2007 issued by the United States Securities and Exchange Commission (which, among other things, monitors Sarbox compliance) introduced a small amount of latitude for smaller companies, but the major criticisms of Section 404 remain.

A substantial part of the Paper P1 Study Guide concerns matters of corporate governance. The manner in which corporate governance provisions are provided and enforced is an important part of corporate activity in each country because it is these systems that underpin investor confidence. Candidates for the Paper P1 exam need to have a sound knowledge and understanding of each aspect of the Paper P1 Study Guide, and the rules versus principles debate is a key part of this. Sarbox has been, and continues to be, an important influence on corporate governance and is specifically mentioned in the Paper P1 Study Guide for that reason.

The European Corporate Governance Institute offers an excellent online resource, containing links to all of the major codes, at
The Sarbanes–Oxley Act (2002) is available online at www.sarbanes-oxley. Com

Written by a member of the Paper P1 examining team