VETTING BOARD DISCLOSURE

Dr. Muneer Muhamed and Ralph Ward delineate what’s needed for compliance

Board disclosures have long been one of the drier and more legalistic aspects of governance. Counsel kept track of what ought to be filed with whom; and once it received board approval, it moved on to whatever was next on the agenda.

Worldwide, the necessary disclosure has exploded in terms of depth, breadth and timeliness, and penalties for noncompliance are hitting companies hard.

Recent headlines included a US$ 10 million SEC fine for US company Lyft’s failure to disclose a board member’s role in a pre-IPO stock sale and a 25 million dollar Securities and Exchange Commission fine for Deutsche Bank subsidiary DWS for anti-money laundering violations, and misstatements regarding environmental, social and corporate governance (ESG) investments.

In the US, the SEC approved sweeping new cybersecurity disclosure rules and congress passed the Corporate Transparency Act with broad new disclosure demands for anti-money laundering enforcement.

Sri Lanka’s regulators are also paying close attention to digital threats with proposed cybersecurity laws that will require companies to disclose major breaches within strict timelines.

Globally, boards face growing workloads on issues such as rising interest rates and economic uncertainty. But the main challenge is the increase in corporate disclosure requiring board oversight and approval on ESG compliance, diversity, financial regulations, cybersecurity, compensation, risk, regulatory matters, legal compliance and so on.

The rules come with stiff penalties, and boards must invest serious time and effort into vetting both the accuracy of disclosures and internal processes behind them.

Corporate board proceedings comprise major spheres: mentoring (guiding management, offering strategic insight and making connections) and monitoring (compliance, review, checking numbers and filings, and ticking boxes). The latter is crowding out high quality mentoring time.

But board disclosure oversight isn’t simply a bureaucratic time drain. It distracts from the more engaging aspects of service and also calls on directors to dig deeper.

Parsing every word of a disclosure statement – and examining the company’s structures, procedures and assumptions behind it – requires plenty of time and effort.

Boards and their committees put their names to all the legal, financial and compliance disclosures, so they need to ensure that they’re accurate. But how does one shape a compliance process that’s both manageable and bulletproof?

COORDINATION The board and management need to coordinate and build disclosure systems. This can mean providing management with more instruction on the volume and level of detail being sought. It also applies to the timing.

For example, the new SEC cybersecurity disclosure rules demand notice within four days of a ‘material incident.’ This strict timeline makes it difficult to be sure exactly how material a hack actually is. Check with IT and legal counsel on whether your disclosure tools can deliver what’s expected.

INFORMATION Give board structures fresh review for disclosure readiness. Make sure your committees know who’s doing what so that there isn’t a lot of added work involved. An annual check on your committee charters is vital if you want to ensure that disclosure is properly vetted at the committee level.

Very often, all disclosure reviews are dumped on the audit committee – but that is both a burden and inefficient. For instance, the audit committee isn’t equipped to monitor company carbon emissions. So the board should seek a checklist from counsel of all the disclosure demands and rationally divide them among the various committees.

MECHANISMS Build solid bridges between the board and management disclosure committee. For public companies, a disclosure committee has become a must over the past few decades and typically includes the controller, legal counsel, risk manager, head of investor relations and so on.

There are plenty of good online best practice tools available for disclosure committees. However, a vital aspect is for committees to report to the board.

Typically, the committee offers minutes and a full report to the board, and usually goes through the audit committee. Therefore, having the chair of the audit committee seconded to the management disclosure committee aids a two-way communication process.

REQUIREMENTS The board must find out the names of business unit heads reporting to the disclosure committee and how well trained they are on disclosure obligations. It should know the committee’s standards on collecting, reporting and retaining disclosure information; how often the procedures are reviewed; and how the disclosure practices compare with industry peers and how that is reviewed.

It should also check if external audit partners and outside counsel are members of the committee; and if not, how they would interface, and whether there’s been any judgement call issues and how these were resolved.

The rules come with stiff penalties