Where should your board’s priorities lie in 2019?
The speed of change and an increasingly complex business landscape make corporate governance more challenging with every year that passes. There are more risks to manage, more opportunities to exploit, more rules to obey and more technologies to understand.
At EY, we understand that expectations of boards today are probably greater than they have ever been, in terms of the breadth of their oversight, the demands on their time and the public scrutiny of their actions.
The EY Center for Board Matters has identified eight important topics we believe should be priorities for boards and audit committees in 2019. Our suggested priorities are not ranked in order of importance, as this varies by organization and sector. Nevertheless, we believe that, together, they comprise a suite of the most urgent issues facing boards today.
The topics we explore are:
- Long-term value and sustainability
- Board culture and strategy
- Talent, diversity and inclusiveness
- Disruptive technologies
- Cybersecurity and data privacy
- Communication risks
- International trade and geopolitical risk
- Regulatory insights
Any of these eight topics on its own could constitute a single, overriding priority for boards in 2019. Combined, however, they represent a formidable agenda of items, each deserving of considerable attention from both non-executive directors and management teams. Boards will need to devote sufficient time to each of these strategic priorities in 2019 while balancing them against the daily demands of corporate governance.
We hope that this will help to inform your board’s priorities for 2019 and will equip you with the key questions to kick-start the discussions that will enable your organization to thrive in the years ahead. For now, we wish you an inspiring and successful 2019.
Long-term value and sustainability
How does your board monitor the organization’s value and sustainability in the long term?
Regulators, politicians and the public are all calling for organizations to focus more on long-term value and sustainability. In response, the European Commission is devising strategies that support sustainable development, including an action plan for financing sustainable growth,1 which aims to connect the finance sector with the needs of society and the planet.
Yet short-term pressures, such as activist investors, 24-hour news cycles and quarterly reporting, still dominate today’s business landscape. So boards face the challenge of rising above the short-term noise to communicate how their organizations are creating long-term social and environmental value for all their stakeholders in a way that aligns with their purpose.
Unfortunately, businesses today are widely mistrusted. According to the 2018 Edelman Trust Barometer, just 43% of the general public trusts business.2 At the same time, more is known about businesses and their employees than ever before, thanks to the rise of the internet and the proliferation of data. By having a demonstrable commitment to building and measuring long-term value, organizations can position themselves to withstand public scrutiny and retain the trust of their most important stakeholders, including customers, employees, investors, regulators and suppliers.
Delivering on this commitment is more easily said than done, however, since the metrics that organizations typically use to measure long-term value can be more complex, with the underlying data harder to source, than traditional financial metrics. Furthermore, it can be difficult for an organization to build consensus among its different stakeholders regarding which metrics should apply to how it creates and measures long-term value.
Organizational value does not solely relate to tangible balance sheet assets such as land, property, plant and equipment. Far from it, in fact. The reality is that today’s financial reporting no longer reflects how business is evolving and what really constitutes value within an organization. According to the Brand Finance Global Intangible Finance Tracker 2017, intangible value – both disclosed and undisclosed – amounted to US$47.6 trillion in 2016, representing 52% of market value globally.3 Broadly speaking, this intangible value includes:
- Rights, including leases, licenses and supply contracts
- Relationships, including access to a skilled workforce and trusted relationships with customers and suppliers
- Intellectual property, including copyrights, patents, trademarks and proprietary technology
As well as managing and deploying their intangible assets effectively, organizations that create long-term value also focus on important sustainability risks. These relate to the environmental, political and social context in which the organization operates. They may include loss of access to clean air or water, resource scarcity, reliance on suppliers that use child labor or abuse human rights in other ways, corruption of public officials, and even civil war. The EU’s nonfinancial reporting directive requires large companies to disclose certain information about how they operate and how they manage social and environmental challenges. In practice, however, measuring and disclosing the right information is not easy.
As boards set the tone at the top, it is down to them to shape a culture for organizational decision-making that prioritizes broad long-term outcomes above narrow short-term financial results. They also need to assess how the organization is creating long-term value in a holistic way by monitoring both intangible assets and sustainability risks. Fortunately, reporting frameworks can help boards to better measure and report on the value that their organizations are creating for their stakeholders.
EY developed its own long-term value framework in 2016. Then, in 2017, the Coalition for Inclusive Capitalism and EY created the Embankment Project, which,4 which aims to deliver a long-term value methodology that helps organizations to measure and report on the value they create for stakeholdersIts goal is to create comparable, verifiable outcome metrics that will increase transparency and enable a balanced evaluation of how organizations use their strategic resources and capabilities to achieve long-term success in a way that creates a positive future for all.
- Is everything that counts being counted? Building a new perspective on value creation for all
- Embankment Project Coalition for Inclusive Capitalism
- Global Intangible Finance Tracker 2017: an annual review of the world’s intangible value
- Annual reporting in 2017/18: demonstrating purpose, creating value
Questions for the board to consider
- Is your board monitoring the right metrics and key performance indicators to manage the risks that threaten the sustainability of the organization and determine whether it is generating value for the long term?
- Does your board understand the components that make up the organization’s intangible value and how the organization is capitalizing on its intangible assets to create value for the future?
- How does your board encourage organizational decision-making that prioritizes long-term outcomes above short-term results?
- Is your board using a framework that allows it to reliably assess how the organization is creating value for stakeholders?
- Does your board discuss how to disclose the long-term value created by the organization and whether the reported information is transparent?
Board culture and strategy
How does your board contribute to your organization?
Organizations today are expected to have a purpose that extends beyond generating profits for shareholders. Their stakeholders want to see them positively contribute to society and the environment while they do business. Naturally these expectations of organizations are also reshaping expectations of boards, leading to significant changes in the board’s culture, role and strategic approach.
Previously, the board was primarily focused on enhancing shareholder value and helping an organization meet its fiduciary obligations. While these responsibilities remain, they form part of its broader “corporate social responsibility” remit. This remit is primarily to contribute to organizational success by displaying the right tone at the top, defining strategy, setting goals and key performance indicators, responding to business challenges and opportunities, and fulfilling important oversight responsibilities.
Boards can add value to society and the environment, as well as to their organizations, by helping to rebuild public trust in large institutions. They can also make certain that their own organization’s decision-making processes prioritize positive long-term outcomes for a broad range of stakeholders, and society as a whole, above narrow, short-term financial results. To do this effectively, board members need to understand, and have opinions on, the organization’s current orientation and long-term strategy. They also need to evaluate the culture of the board with a view to creating a high-performing team.
A high-performing board is composed of a diverse range of members with varied, but complementary, skillsets. Its culture is open and transparent, respectful of differing views and opinions, and representative of the organization’s values. It is also forward-looking and reflective while fostering prudent risk-taking.
A good way for boards to assess their effectiveness is by undertaking a cultural board assessment, conducted by an independent third party, that encompasses both behaviors and processes. This allows board members to gain clear and structured insights into the most important aspects of their current culture, including:
- Values: which values are represented, shared or missing in the board?
- Checks and balances: are board members willing to give and receive feedback from fellow board members as well as other parties?
- Transparency: are board proposals and decisions adequately explained and do they take the full stakeholder audience into account?
Undergoing a regular cultural assessment, potentially every three years, allows a board to understand its strengths and weaknesses. Cultural assessments can either be undertaken as part of standard board effectiveness assessments or separately, as a complementary evaluation.
Knowing the value of a cultural assessment, the board may suggest that the entire company participate in an assessment. This is becoming more and more common. Changing corporate cultural needs to start with the board.
If they are to add real value, boards must fully engage with their stewardship roles and take the broadest possible perspective of the different opportunities and risks that their organizations face. This requires them to stay keenly focused on high-level strategy while simultaneously fulfilling their oversight responsibilities, holding the executive team to account, and monitoring the external environment for developments that could impact the organization’s success in future.
At a time when the business world is undergoing unprecedented disruption, and the conduct and remuneration of directors is being closely scrutinized, boards have to add value to their organizations. If not, they are likely to attract heavy criticism from stakeholders. Investors, in particular, are paying close attention to board effectiveness, and their growing influence in the boardroom means that dissatisfaction could result in demands for change.
- Accelerating board performance: the importance of assessments
- Public Value: Explained
- People, planet and profits
Questions for the board to consider
- Does your board understand how it can add value to the organization as well as to society and the environment?
- Is your board familiar with the expectations of the organization’s key stakeholders, in addition to the broader public?
- Does your board employ a third party to undertake regular assessments of its effectiveness? Is boardroom culture considered during those assessments?
- Does your board have a composition matrix that provides a comprehensive overview of the backgrounds, competencies and mindsets of board members?
- Have you reviewed your national governance code for changes relating to the board’s role in overseeing the creation of organizational value and how that interplays with investors? Do you know what is expected of board members according to the code?
Talent, diversity and inclusiveness
How does your board keep the organization’s workforce fit for the future?
Talent is critical to growth, innovation and overall organizational success. Organizations that can draw on a deep talent pool of committed and skilled individuals are likely to outperform their competitors in navigating the rapidly evolving market and technological landscapes. It cannot be taken for granted that people with the right attitudes and skillsets will find their way into your organization. A “war for talent,” especially digital talent, is already raging and it will only become fiercer over the coming years.
Forward-thinking boards take a broad view of their organization’s talent strategy. They do not limit their oversight to the creation of a diverse pipeline of people to fill key executive roles; they also look at key talent indicators for the overall workforce as part of a strategic workforce plan. Their focus is on whether the organization has the necessary talent to create new products, services and businesses, and whether it can align that talent to key strategic objectives.
To develop a workforce that is fit for the future, organizations need to constantly reconsider how they attract, retain and deploy talent. This may require them to consider some creative alternatives to more traditional development and compensation strategies. For example, they could offer employee training and retraining, adoption of new workforce models that are based on flexible labor, and novel working patterns that harness technological innovations. Organizations may also need to review their internal structures and development programs to assess whether they enable people with the right aptitude and skills to respond swiftly to technological advances. Agility will prove crucial for seizing market advantage in future.
Another consideration is whether the organization has inclusive leaders who are effective at tapping a diverse talent pool. Research shows that more diverse teams are more innovative, take a broader perspective of risk and opportunity, and therefore contribute more to stronger organizational performance.5 It is important to note that diversity extends way beyond gender, ethnicity, background and sexuality. It also encompasses generational diversity, cognitive diversity, the diversity of perspectives and skills offered by gig workers, and the diversity that results from AI augmenting human capabilities in the workplace.
Boards can use their oversight role to help their organizations develop future-proof talent strategies. Unfortunately, directors often cannot access the information they need to govern these talent strategies effectively. So they should ask their chief human resources officers for metrics that they can use to benchmark their own organization against others. The metrics that they can monitor include:
- Employee engagement scores
- Spend on employee training and retraining
- Diversity and inclusion goals
- Time it takes to fill jobs that require specific competencies
- Staff absence rate, including absences for work-related stress
- Staff turnover rate
- Ratio between revenue and compensation
By setting the tone at the top, the board strongly influences the culture of the organization. This is important because culture is the cornerstone of strategic workforce planning. Talented people are drawn to work for organizations that have a strong sense of purpose and a culture that is defined by integrity, engagement, diversity, inclusivity and genuine concern for the wellbeing of employees.
- EY Center for Board Matters: Boards turn to the talent agenda
- Why your diversity and inclusion strategy should consider more than gender and background
- ViewPoints for the Audit Committee Leadership Summit: the workforce of the future
Questions for the board to consider
- Does your board understand the broad range of skills that the organization will need to thrive in an era of intelligent machines?
- Is there someone on your board who comes from a human resources background or who has the skills to take ownership of workforce strategy?
- What metrics can the organization provide to enable your board to have more effective oversight of talent management?
- How does your board define diversity and should it review this definition in the context of technological innovation, demographic shifts and the evolving nature of the workforce?
- How is your board contributing to a positive culture that draws talent to the organization and acts as the cornerstone of a robust strategic workforce plan?
How can your board respond to new opportunities and risks presented by AI and other emerging technologies?
Today’s organizations are operating in a transformative age that is shaped by the emergence of disruptive technologies. Disruptive technologies include AI, blockchain, cloud, data analytics, the internet of things, robotic process automation and virtual reality. Both individually and in concert, these powerful technologies are already transforming sectors, overturning traditional business models and allowing ambitious start-ups to seize market share from more established players.
The board should monitor all technological developments but pay particularly close attention to AI. While AI presents the organization with great opportunities to innovate, grow and manage commercial threats such as cyber attacks and fraud, it is also a source of new ethical, legal and programming risks that need to be managed against a backdrop of declining public trust in large institutions. Some organizations are already facing lawsuits based on allegations of algorithmic bias, and governments are likely to start regulating how AI is applied in future.
Boards face two significant technology-related challenges. The first is balancing the demands of digital transformation with running day-to-day operations, while the second is making certain that the board is composed of the right people, with the right competencies, to navigate an era of technological change.
So how can boards address these challenges? They can:
- Approach digitalization as a holistic issue, recognizing that it affects every aspect of organizational life. Today, digital strategy is, in effect, organizational strategy, since it requires all of the organization’s people to change how they think and behave. The organization may even need to cannibalize parts of its own business as part of its reinvention process. Nevertheless, the use of disruptive technologies should not be an end in itself: intended outcomes should be clearly aligned with organizational goals and targets.
- Review the composition of the board to make certain that enough board members have sufficient skills to question management on disruptive technologies. It may be appropriate to appoint a non-executive director who is specifically dedicated to digitalization.
- Establish governance structures that give the board visibility of how the organization is both capturing the benefits and mitigating the risks associated with disruptive technologies. A C-level executive should have responsibility for executing the organization’s digital strategy and report back to the board on important emerging technology issues. Governance could be further boosted by the existence of a dedicated technological committee or by the appointment of a chief ethics officer.
- Pay attention to all emerging frameworks, policies and legislation that relate to the application of AI to maintain the right balance between algorithmic transparency and accountability.
- Assess the likely impact of disruptive technologies, especially AI, on the workforce. The organization’s strategic workforce plan should reflect how technology would affect existing roles and also consider solutions for attracting and retaining people with specialized technological skills in future. Since AI tends to be associated with job losses, boards should be sensitive around how they communicate new technology rollouts within the organization to avoid damaging morale and unsettling staff.
- Request an external review of the organization’s “black box” (machine learning system). A review can determine whether the outputs from the system are as expected and also assess whether proper controls exist to monitor the system as it evolves over time.
- When boards look to AI, what should they see?
- How technology is helping audit committees see the bigger picture
Questions for the board to consider
- Does your board know which disruptive technologies are emerging and how they are being applied, both within the organization and externally?
- Does your board understand why the organization has chosen to apply disruptive technologies to its own business and what risks these technologies pose?
- Does your board include members who have a high level of digital skills? If not, how does it propose to recruit them?
- Which governance structures are in place to allow your board to manage ethical issues and address the challenge of algorithmic bias?
- Has your board considered how disruptive technologies are likely to affect the organization’s people in terms of their daily jobs, skills and overall workplace experience?
Cybersecurity and data privacy
How can your board better understand and oversee cyber and data privacy strategy?
Cyber and data privacy strategy is a frequent topic at board meetings because cyber attacks pose huge financial, operational, regulatory, reputational and safety threats. The World Economic Forum rates a large-scale breach of cybersecurity as one of the five biggest risks facing the world today.6 Furthermore, Cybersecurity Ventures estimates that the global cost of cybersecurity breaches will reach US$6 trillion by 2021.7
Cyber attacks on organizations typically take the form of data breaches, distributed denial of services, and cyber extortion. Attackers seek not only money and data but also business model information.
Governments and regulators are responding to the threat by tightening breach notification requirements that often apply to all organizations operating within their jurisdiction. New rules include China’s Cyber Security Law, Australia’s Privacy Amendment (Notifiable Data Breaches) Act 2017 and the EU’s General Data Protection Regulation, which imposes a maximum penalty of €20 million or 4% of annual turnover on organizations in the event of noncompliance.8
Cyber and data privacy strategy can be challenging for boards to oversee for several reasons:
- Large organizations tend to have bespoke, complex technological infrastructure, and their systems are accessed by a proliferation of devices belonging to employees, customers and suppliers. This makes it difficult to map and monitor risk.
- Director-level cyber specialists are in short supply, with most boards having just a single individual serving as the tech or cyber specialist – or no one at all.
- Insufficient benchmarking on cybersecurity practices leaves organizations unclear as to how they compare with their peers.
- The management team may not disclose cyber risks to the board effectively, limiting the board’s ability to oversee and mitigate those risks.
EY’s 20th Global Information Security Survey 2017-189 found that just 36% of boards have sufficient knowledge of information security to fully evaluate the effectiveness of the risks their organization is facing and how it is mitigating those risks.
Boards can acquire more knowledge by requesting information from management on the company’s cyber risk management practices and holding dedicated – and wide-ranging – cyber risk discussions with the management team. These discussions should cover any company data and intellectual property likely to be targeted by attackers, the possible ramifications of supply chain disruption, and the operational and reputational implications associated with a breakdown in communications.
It is important that the board not only prompts the management team to develop a cyber response plan but also confirms that it will be tested by the organization. This can be done through scenario testing or a “table top” exercise where management and the board are put in the scenario of having to respond to an unfolding cyber attack.
The skillsets of board members should be reviewed to check that technological, and specifically cyber, expertise is sufficiently represented on the board. It may also be sensible to create a technology committee that takes responsibility for assessing the organization’s state of cyber preparedness, perhaps by identifying and monitoring a set of key performance and risk indicators put forward by management. Benchmarking will inform the board as to how prepared the organization is, compared with its peers, and highlight any cyber best practices that it should adopt.
Questions for the board to consider
- Are you getting comprehensive cyber risk reports and holding deep-dive cyber risk discussions with the management team? Are you discussing what kind of cybersecurity-related information you want to disclose?
- How prepared is your organization for a cyber attack compared with its peers and how does it benchmark its performance?
- Does your organization perform cyber scenario testing or table top exercises, and do you know the outcomes of those assessments?
- Do you need to create a dedicated technology committee to focus on cyber risk or bring in specialist external advisors?
- Does your organization have a sufficient level of cyber insurance cover or does this need to be reviewed?
Is your board compromising the organization’s digital security and privacy by allowing directors to communicate using insecure channels and devices?
Board directors can both uphold and undermine their organizations’ reputation through what they say and do. A high-profile blunder on social media or another public platform could potentially lead to serious consequences for an organization, such as litigation, regulatory action, a falling stock price and widespread public condemnation.
Additionally, board directors are prime targets for cyber attackers because they have access to sensitive information about an organization – or potentially multiple organizations if they sit on more than one board. So it is essential that they use email and other communications channels appropriately to minimize the risk of a director inadvertently initiating a controversy that threatens the organization’s goodwill and social capital.
In practice, however, it appears that many boards either don’t have access to secure channels such as board portals or are not using them properly. Many directors still use unencrypted personal email accounts to communicate with fellow directors and management, even though these email accounts are vulnerable to hackers looking to access confidential information stored on computers, tablets and other devices.
Not only is personal email insecure, it exists outside the organization’s firewall, which means that it cannot be managed according to the organization’s data protection policy. Also, it does not operate on a “closed loop” system, which increases the risk that a director might accidentally forward confidential documents to unintended recipients. Yet personal emails can be “discoverable” during litigation. So if directors are found to have put confidential information at risk by using unsecure communication channels, they may be held liable for neglecting their fiduciary duty of care.
Since board members tend to travel frequently, they often access materials for board meetings using their mobile devices. They might also download documents to personal drives. Should a third party access these documents, the organization could be in breach of legislation, such as the General Data Protection Regulation, potentially exposing it to a large fine.
Here are some practical actions that boards can take to improve the appropriateness and security of their communications and to safeguard the organization’s reputation:
- Audit all the communications channels used by directors at present, identifying any risk areas that could pose financial or reputational damage to the organization
- Adopt a clear communications policy that outlines how board directors should communicate with each other
- Use a board portal that allows directors to access confidential documents securely (it should make these documents available offline via an app that enables data to be wiped remotely)
- Introduce a closed-loop, secured and controlled messaging system for directors – a system that integrates with the secure board portal
- Help the organization provide directors with devices, such as laptops, smartphones and tablets, specifically to communicate on board matters
- Arrange training for directors on the appropriate use of social media platforms and strategies for communicating with external stakeholders
- Ask the IT team to brief the board directors on their personal responsibilities regarding cybersecurity
- Write a plan for responding to board-related data security events
- Request that candidates who apply for board positions disclose any information relating to past conduct that could pose a reputational risk to the organization
Questions for the board to consider
- Does your board have a secure communications channel, such as a board portal, and are board members using it?
- Have your board members undertaken executive-level cybersecurity and social media training?
- Does your board have a communications policy?
- Does your board have a plan for minimizing reputational damage to the organization in the event of a social media blunder or cybersecurity breach involving a director?
- Do the individuals on your board understand that they may be held personally liable for neglecting their fiduciary duty of care if they put confidential information at risk?
International trade and geopolitical risk
What can your board do to manage geopolitical risk and uncertainty so that your organization can continue to trade profitably?
Today, the global trade environment is in a state of flux, posing both risks and opportunities to businesses. The rise in protectionist policies, the outbreak of trade wars and Brexit are all indicators of a new trade landscape. This landscape is less defined by the prevailing free trade philosophy of the past few decades and more influenced by recent geopolitical events, particularly the rise of populism and the associated backlash against globalization in many developed markets. The EU’s financial values and regulations are being challenged, for example, as a result of the dynamic political environment within Member States.
As the process of doing business across borders becomes more complex and uncertain, organizations face magnified risks. The upheaval in the trade landscape could potentially expose an organization to new risks arising from its customer base, operational structure, regulatory responsibilities, supply chain and tax planning arrangements. It may also affect the organization’s ability to attract, develop and retain talent. At the same time, the power of social media is such that politicians can effectively transform the prospects of an entire sector overnight, for good or for bad.
Along with the rest of the organization, the board is feeling its way in the dark in this environment. Change is happening at a rapid pace, outcomes are hard to predict and reaction time is limited. So how can boards attempt to manage geopolitical risk and uncertainty in a way that enables their organizations to continue to trade profitably across borders?
- Boards should make certain that they understand the global footprint of their organization and how its economic activities might be impacted by geopolitics. They could then ask management to conduct geopolitical stress testing or implement a geopolitical forecasting and monitoring solution so that the organization can more effectively manage its international trade-related risks in real time. In the case of Brexit, in particular, it is important that boards are aware of when important political decisions are expected, or when negotiation results are due.
- Financial resilience is crucial to withstanding geopolitical uncertainty. So the board should confirm that the potential for geopolitical derailment is factored into long-term financial modeling and business planning assumptions. It also needs to consider whether the organization’s ability to borrow is likely to be affected by geopolitical events and whether it needs to stockpile inventory to mitigate the risk of supply chain disruption. Furthermore, a focus on effective working capital management is key, since it can enable an organization to survive a period of extended disruption.
- Boards should factor geopolitical uncertainty into the organization’s strategy by developing a holistic geostrategy, including bold scenario planning. What would a “hard” or “soft” Brexit’ scenario imply for the organization, for example? A well thought-out geostrategy will not only mitigate risk and mean that the organization is better prepared to weather crises but also allow the organization to take full advantage of any opportunities presented by a changing trade landscape – for example, the opportunity to tap a new market or customer base. Since rapid developments and disruptive challenges can have a major impact on businesses, boards may need to rethink how frequently they discuss organizational strategy.
Geopolitical uncertainty is unlikely to diminish in the near future and may increase further. Boards should respond by challenging their organizations to build resilience, monitor risks proactively and develop flexible corporate cultures.
- Borders vs. Barriers: navigating uncertainty in the US business environment
- International Trade, and Economics & Policy Unit
Questions for the board to consider
- Do you know who is responsible for identifying, monitoring and interpreting geopolitical events, and their impact on trade, within your organization?
- Are you using scenario planning to identify and mitigate potential threats to your organization’s ability to trade internationally?
- Is your organization sufficiently (financially) resilient to withstand a significant supply chain disruption or another crisis linked to geopolitical events?
- Which processes do you have in place to monitor developments and identify any opportunities that may emerge from a changing trade landscape?
- Does your board have the right directors, committee structure and access to information to oversee key geopolitical risks and to challenge management on these risks frequently?
Is your board familiar with new company law and corporate governance regulation, such as the provisions of the EU’s revised Shareholder Rights Directive?
Boards must make certain that their organizations comply with their legal obligations. As a result, they should follow the development of all relevant, upcoming legislation. They need to be aware of how the new rules are likely to impact on the duties and rights of the board, as well as on the organization more broadly.
EU legislation should be an area of particular focus for boards. This is because the EU is an influential regulator, which often passes legislation that is imitated in other parts of the world, especially in the area of corporate governance. Examples of some important EU legislation and regulation initiatives include the EU Audit Reform (2014),10 the EU Company Law package (2018),11 the European Commission’s action plan on financing sustainable growth (2018) and the revised Shareholder Rights Directive (2017).
Revised Shareholder Rights Directive
A significant development that requires the close attention of boards is the revised Shareholder Rights Directive (SRD II).12 SRD II, which will be effective from 1 July 2019 in all EU Member States, aims to encourage shareholders to engage more fully with listed companies over the long term. It also enables them to play a more active role in holding management to account. The key provisions of the directive include:
- “Say on pay” on remuneration. Shareholders will have the right to either a binding or an advisory vote on the directors’ remuneration policy at least every four years. The remuneration policy should contribute to the business strategy, long-term interests and sustainability of the company, and should not be linked entirely or mainly to short-term objectives. Directors’ performance should be assessed using both financial and nonfinancial performance criteria, including, where appropriate, environmental, social and governance factors. The policy should be publicly disclosed, without delay, after it has been voted on at the annual general meeting. In addition, shareholders will have a right to an advisory vote on companies’ remuneration reports at the annual general meeting.
- Companies’ visibility of their shareholders and facilitation of shareholder rights. SRD II will enable companies to identify their shareholders, by giving them the right to obtain information on their shareholders from intermediaries, if necessary. Intermediaries will also be obliged to provide shareholders with the necessary information to allow them to properly exercise their rights, including the right to participate and vote in annual general meetings. SRD II is expected to result in board chairs and board committee chairs having more communication with investors, especially institutional investors, going forward.
- The board’s involvement in related party transactions. The issue of related party transactions is a growing concern for boards in the digital age. This is because more companies are entering into alliances and joint ventures in the hope of achieving innovation and revenue growth. The new rules are intended to protect companies and their shareholders, especially minority shareholders, from the risk of a related party using a transaction to access the company’s assets. They state that material related party transactions must be publicly announced and submitted to shareholders or the board for approval.
It is important for boards to note that SRD II allows for differentiation in the way that Member States apply the new rules. For example, Member States have the discretion to decide what constitutes a “material transaction,” so boards of companies that operate in multiple jurisdictions will need to be sensitive to how the term is defined in all those jurisdictions. Also, where a related party transaction involves a director or shareholder, that director or shareholder will not normally take part in the vote on the transaction. The exception is where national law stipulates appropriate safeguards to protect the interests of the company and of the shareholders who are not related parties.
- EU Audit Reform
- Directive (EU) 2017/828 of the European Parliament and of the Council
- European Commission: Company Law Package
- European Commission action plan on financing sustainable growth
- Can you transform your third parties’ risk into a competitive advantage?
- Board agenda 2018: top priorities for European boards.
Questions for the board to consider
- Is your board familiar with new (EU) regulatory and legislative developments and initiatives, as well as their implications for the organization?
- Is your board prepared for the implementation of the SRD in July 2019?
- How does your board plan to engage with shareholders around the directors’ remuneration policy going forward?
- Does your board know how the organization intends to encourage shareholders to exercise their rights in light of the transparency provided by the SRD?
- Does your board understand how the rules regarding related party transactions will be implemented in the different Member States in which the organization operates?
1 “Commission action plan on financing sustainable growth,” European Commission, 8 March 2018, (accessed via ec.europa.eu, 3 December 2018)
2 2018 Edelman Trust Barometer, Edelman, 21 January 2018 (accessed via edelman.com, 3 December 2018)
3 Global Intangible Finance Tracker 2018, Brand Finance, 16 October 2018 (accessed via brandfinance.com, 3 December 2018)
4 “Global business leaders and investors unite to develop framework that measures long-term value creation for all stakeholders,” EY, 28 June 2017 (accessed via ey.com, 3 December 2018)
5 “Knowledge Center: Why Diversity and Inclusion Matter,” Catalyst, 1 August 2018 (accessed via catalyst.org, 3 December 2018)
6 The Global Risks Report 2018, World Economic Forum, 2018 (accessed via reports.weforum.org, 3 December 2018)
7 “Cybercrime Damages $6 Trillion By 2021,” Cybersecurity Ventures, 16 October 2017 (accessed via cybersecurityventures.com, 3 December 2018)
8 “Understanding GDPR Fines,” GDPR Associates, 2018, (accessed via gdpr.associates, 3 December 2018)
9 Cybersecurity regained: preparing to face cyber attacks: 20th Global Information Security Survey 2017-18, EY, 2017 (accessed via ey.com, 3 December 2018)
10 “Auditing of companies financial statements,” European Commission, 2018 (accessed via ec.europa.eu, 3 December 2018)
11 “Company Law package,” European Commission, 25 April 2018 (accessed via ec.europa.eu, 3 December 2018)
12 Directive (EU) 2017/828 of the European Parliament and of the Council, European Union, 17 May 2017 (accessed via eur-lex.europa.eu, 3 December 2018)