The evolving role of the Board of Directors in corporate governance
For several years, the fundamental role of the Board of Directors (the “Board”) in the implementation and monitoring of sound corporate governance has been emphasised by European regulators.
Corporate governance has long been a priority in Luxembourg. After years of implementation of the numerous regulations in force (notably the law of 5 April 1993, the European Banking Authority (EBA) guidelines on corporate governance, the EBA/European Securities and Markets Authority (ESMA) guidelines on the assessment of the suitability of members of the management body and holders of key positions, and CSSF Circular 12/552), but also as a result of numerous on-site inspections and reminders from the Luxembourg regulator (CSSF), the majority of companies have probably assimilated the main principles of a sound internal governance system.
In December 2020, the CSSF updated Circular CSSF 12/552 according to the European and international guidelines, recommendations and principles that apply in this area.
Looking back a few months, and while companies are still under the effect of the COVID19 crisis, it is interesting to look at the main markers of the recent evolution of the Board’s role.
An overriding monitoring and supervisory role
In essence, the Board has two main duties: to prepare the company for future challenges and to oversee the management of the company’s risks.
Using the metaphor of the “umbrella”, the Internal Control Functions, consisting of the risk control function and the compliance function, which compose the second line of defence, and the internal audit function, which is the third line of defence, jointly control the umbrella that protects the company from the rain, which represents the risks to which it is exposed. The business lines provide the fundamental first line of defence and are the backbone of the work of the second and third lines.
These functions have to test the structure of the umbrella at different levels of control and express an opinion as to whether it fulfils its function well or whether it has weaknesses.
The Board ensures at its meetings, through information from the Authorised Management and reports from the independent internal control functions and the External Auditor, that the umbrella exists and is regularly “inspected”.
The Board does not have a guarantee that the company is immune to risk, but it must be assured that the Authorised Management, as joint bearer of the umbrella, is fully aware of the existing risks and their potential impacts, and is taking corrective action to minimise their impact or likelihood of occurrence.
The regulator also defines very precisely the role of two specialised committees of the Board: the Audit Committee and the Risk Committee. The time dedicated to these committees and their reports to the Board meetings are important and certainly necessary.
Although the strategic role of the Board has always been emphasised by the regulator, the time devoted to overseeing financial performance, and to the role of monitoring and control, has probably gradually taken precedence over the time devoted to strategic thinking and decision-making.
A strategic role and an extended scope of action
More recently, as a result of new regulations and the general international context, the role and responsibilities of the Board have been clarified and even extended.
The COVID19 crisis and its social consequences, the growing awareness of the need for a sustainable business strategy, and an increasingly complex technological environment have opened up a wider field of reflection and intervention for the Board, which is more focused on the future and on strategic issues.
First of all, companies must now demonstrate that their governance structures integrate diversity. Through the latest update of CSSF Circular 12/552, the Regulator has introduced the obligation to promote diversity within the Board and the Management. The Board sets the tone for these developments, creating a favourable dynamic within companies.
Furthermore, the Board must ensure that the company’s business model is ethical and sustainable. Thus, more time should be devoted to the consideration of ESG criteria (environment – social – governance) in the development of the strategy. The recent CSSF Circular 21/773 specifies how the Board must ensure that climate change and environmental risks are taken into account in the business strategy, risk appetite and risk management model.
Also at the level of strategy, the CSSF has clarified its requirements regarding the management of risks related to information and communication technologies (ICT) and security. Reinforced exchanges with the Chief Risk Officer and the CISO of the company are necessary to set up this strategy.
The topics of staff satisfaction, development and retention of talents, and working modalities are also a priority for the Board. CSSF Circular 21/769 specifies for example that post COVID19 teleworking will be organised under its ultimate responsibility. On remuneration issues, the EBA has recently updated its already very detailed 2015 remuneration policy guidelines to take into account the changes brought about by Directive 2019/878/EU.
Finally, the update of the Circular has clarified the Regulator’s expectations regarding risk analysis by internal control functions and Authorised Management of new opportunities in terms of products, services, markets, systems and processes, customers, but also material changes and exceptional transactions (“new products”). The Board must ensure the quality of the analysis before making its decision.
It is interesting to note that even within the community of independent directors, whose presence is strongly encouraged by the regulator, there is a debate as to what the Board’s dominant role is today: supervision or strategy? Ex post control or forward-looking role? Although the two roles are probably not in conflict, the debate demonstrates the importance of the evolution of the role of the Board in the company. In any case, it is important that, despite the increasing number of rules imposed on the Board by regulators, questions of strategy and business model remain high on the agenda of Board meetings.
The impact of the evolution of this role
Today, the Board must be able to set the tone on subjects as diverse and sometimes technical as the evolution of private banking models, digitalisation, teleworking issues, cyber risks, … while continuing to be fully informed on the constantly evolving Anti-Money Laundering regulations.
The skills required at Board and Senior Management levels in the post-Covid-19 world have evolved significantly, and the role of self-assessment and continuous training is increased in this context.
From the point of view of the General Secretary, these developments require a better balance on the agenda between supervision and strategical topics, and they influence the mode of communication between the Board and the Authorised Management.
Indeed, while the links and modes of communication between the Board and the internal control functions are “standardised” by the regulations (independence, periodic reporting and annual report, escalation principle), the format of communication between the Board and Management is more free and is to be defined according to the priorities of the company. Proactive, relevant and transparent management of communication between the Board and management can be facilitated by the General Secretary.
Naturally, there is a great temptation to provide the Board with a great deal of information on the above-mentioned subjects, in order to enable it to get to grips with them. However, the Management, assisted by the General Secretary must take care to select the information in order to facilitate the Board’s commitment and to provoke the “right questions”, even if this means shaking up the Management somewhat, and to regularly revalidate the hypotheses used in defining the strategy.
It is to be expected, as we at Banque Havilland anticipate, that ensuring effective communication between the Board and Management will become a competitive advantage in a world where making a quick and informed decision is of particular importance.
Today, no company is immune to crises due to internal or external factors, or to changes in strategy, and the agility of the Authorised Management and the Board in decision-making is therefore essential.
In Luxembourg, where the majority of financial institutions are subsidiaries of foreign banks, the debate on the balance between the strategic orientations taken by the head office and the regulatory obligations described above is open. It will probably be a question of finding the right balance.
For the few banks that have their head office in Luxembourg, as is the case for Banque Havilland, the question does not arise: the supervisory role is exercised at head office level and all strategic decisions are taken in Luxembourg, to be then implemented across the Group.
Sandrine Roux
Group General Secretary
Banque Havilland S.A.
(source: Agefi (French version))