Welcome back to Governance Directions for another year of useful information and insights on governance and risk management.
Like many of you, over the Christmas period I took the opportunity to catch up on some reading. One thing that caught my attention was an interesting article in the latest edition of the Harvard Business Review on the role of boards in promoting ethical behaviour and managing the risks of misbehaviour within their companies.
In the article, ‘How Boards Can Reduce Corporate Misbehaviour’ by Constance E Bagley, Bruno Cova and Lee D Augsburger, the authors propose a ten-step program to help boards reduce the risks of illegal behaviour, reinforce ethical conduct as a core value and enhance the company’s reputation in the eyes of regulators and stakeholders.
They argue that, as the ultimate guardians of the firm’s financial, human, and reputational capital, corporate boards need to set their bar higher and replace reactive approaches to misbehaviour within companies with a more proactive approach.
While written against the background of governance in the US, it floats some ideas which deserve further thought in the Australian context. Two recommendations in particular stood out.
The first is to create an ethics committee of the board, with responsibility for the firm’s culture of integrity and for creating a robust program of controls and processes to promote ethical conduct and compliance and to prevent, detect and remedy illegal or unethical conduct.
In practice, this could be the existing audit committee, a separate ethics and compliance committee or an ad-hoc committee to address evolving risks and challenges.
The committee should work with the top management team and the other board members to ensure that the company’s approach to product quality, worker safety, environmental stewardship, sustainability, compliance and corporate social responsibility is an integral part of its overall strategy. Committee members should be specially trained in measuring an ethical culture and have the demonstrated ability and moral courage to take responsibility for mistakes and to call out suspicious behaviour.
The committee should approve the company’s code of conduct, as well as regularly revise it to meet changing conditions in the marketplace.
The second suggestion in the article is to appoint a high-ranking chief ethics and compliance officer (CECO) to take day-to-day operational responsibility for the company’s ethics and compliance program.
The CECO should have knowledge of applicable law, ethical theory and the science of unethical behaviour, as well as demonstrating good judgment, the authors say. They should report directly to the board’s ethics and compliance committee and should feel secure reporting on the integrity program’s effectiveness without fear of retaliation.
The board committee should meet with the CECO at least quarterly, oversee the evaluation of his or her performance, and set remuneration and other terms of employment, including possible termination, with input from the day-to-day supervisors such as the CEO or general counsel. (An important aspect the committee’s charter should also include appointment, with feedback from the other directors, of the CECO.)
The CECO should also meet with the full board at least once a year.
The CECO’s role would include chairing a cross-functional, multi-disciplinary team of managers that reviews the company’s policies and procedures on a regular basis. The CECO should have authority over all the local compliance officers, just as all in-house lawyers report to the general counsel, and have direct access to companywide information on disciplinary actions, so they can see where there are outliers or clusters of untoward behaviour.
Whether all companies should have a board level committee to deal with corporate responsibility and ethics, or create a senior ethics and compliance management role separate to the company secretary or chief risk officer, is of course open to debate.
It could be argued that setting up a separate committee could dilute board responsibilities or overlap with the other committees’ responsibilities, and that there is a risk that the committee will ‘micro-manage’ executives.
However, an advantage of a specifically mandated committee is that it allows directors to drill down more systematically into the organisational culture, identifying risky behaviour patterns and providing the board more assurance that the right systems are in place to manage the growing range of non-financial risks.
Likewise, creation of a CECO would allow greater management focus on these issues with the specific responsibility to devise and operate the controls to manage these risks.
More broadly, both a separate committee and a CECO role would be more specifically focused on what drives behaviour in the organisation, including on how well codes of ethics and conduct are embedded and communicated, and the ethical and value systems that sit behind these behaviours.
All boards need to be on top of this, whether they choose to have a dedicated committee or not.