FORUM: Governance and ethics best practice


Financier Worldwide Magazine

May 2016 Issue

May 2016 Issue

FW moderates a discussion on governance and ethics best practice between Miriam Garnier at Finance & Gouvernance, Tim Goodman at Hermes EOS, Chiara Diaz at Kraft Heinz Company, and Dr Solomon Osagie at TSYS International.

FW: In your opinion, how important is it for today’s boards to demonstrate their commitment to corporate governance and ethics? Are attitudes and behaviour under the microscope more than ever before?

Diaz: Today, corporate governance and ethics have become an integral component for doing business and competing in the global market. A number of elements cannot be ignored by any board or individual entrepreneur who wants to do business in the global market. These include the increasing regulation in many countries establishing company and management liability for ethical business conduct in various aspects of doing business, such as product quality, relationships with customers, suppliers and institutions, health & safety, environment, financial and tax information and so on. Other elements include the recent introduction of anti-money laundering rules and the widespread use of technology and social media. The scandals that have involved companies in the past and more recently – from Enron to Volkswagen – regardless of country and industry, with a negative impact on company reputation, business results and investors’ trust, demonstrate that corporate governance, ethics and enterprise risk management should be a top priority for boards. Particularly in times of economic uncertainty and downturn, these scandals have caused a socioeconomic impact on entire industries, leading to scrutiny of the individual behaviour of top managers and board members, as misconduct and unethical behaviour is less socially acceptable.

Osagie: From a legal perspective, the penalties can be severe for failing to ensure compliance with mandatory governance obligations. The penalties could include imprisonment for breaches, a variety of fines for failures to keep orderly books, and potential actions from shareholders or other parties for failure to abide by common law and statutory directors’ duties. The board must be able to justify contentious decisions. A number of businesses now request evidence of good ethics prior to contracting – much of this is subjective, but it requires businesses to adhere to certain commonly held values. In light of the recent history of financial troubles there is an appetite among the authorities to try to find fault for systemic failures, and a failure to ensure strong governance and ethics offers an easy target. Personally I am a strong advocate for the view that a rigorous and proactive approach to corporate governance cannot be quantified monetarily. It promotes a good ethic and has been proven to drive business performance too. So do it not simply because it is right, but because it works best.

Garnier: Ethics defines criteria and values which must be respected through action. It is complementary with governance which concerns strategy and management choices made by the governance organs of the firm – the general assembly of shareholders and the board of directors. Linking ethics and governance means evaluating criteria and values underlying strategies and managerial choices. Consideration of ethics is more acute in what Hegel called “historical momentums”. When unity and continuity of a certain world of values are jeopardised, when norms previously considered as normal and obvious are questioned, traditional criteria for legitimising do not operate any longer, then there is space for a debate around ethics and governance. The buzz around Thomas Piketty’s book ‘Capital in the Twenty-First Century’, the Volkswagen scandal and the replacement of BNP Paribas’ chairman and chief executive officer are recent signals that continuity of norms and behaviours are questioned. The Volkswagen event has given evidence that increasing value for shareholders at any ethical price, which is through lies about environmental issues, which were considered as minor until recently, will no longer be tolerated. BNP Paribas’ chairman declared in 2011 that when he was 25 year old, he knew that he would become the CEO of the bank he was just joining – achievement was just a question of ambition. More fundamentally, Thomas Piketty asks whether it is acceptable to have such a discrepancy between a worldwide class of oligarchs and the other people.

Goodman: It is essential for boards to demonstrate commitment to good corporate governance and ethics. And this must go far beyond mere tick box compliance. The board must not only set the tone from the top but must make sure that this tone cascades down throughout the organisation and beyond into its entire value chain. Not only is the world more interconnected than ever before, but stakeholders’ expectations are higher. Bad corporate behaviour can be identified and publicised across the world almost instantaneously via social media. Boards have to oversee reputational risk that is higher than ever before.

There is an appetite among the authorities to try to find fault for systemic failures, and a failure to ensure strong governance and ethics offers an easy target.
— Dr Solomon Osagie

FW: How can a strong governance and ethics culture help to mitigate the broad range of risks that an organisation is facing?

Goodman: A strong and healthy culture is essential to complement even the best risk management analysis and programmes. Without the questioning, thinking and teamwork of a healthy culture, the risk management framework will merely be a set of tools without skilled craftsmen using them. A healthy culture will mean that emerging risks will be more likely to be identified, crises resolved more quickly and with less damage and lessons learned more completely. The governance structures providing for oversight, learning and communication throughout the organisation can help the risk management process and vice versa.

Garnier: To effectively mitigate risks, the culture of an organisation must, explicitly through the chosen discourse, and implicitly through symbols and symbolic actions, make clear what is tolerated and what is not. Risks lie in every process, from the strategy selection, which is a responsibility of the board of directors, to micro-processes, such as the selection and promotion of employees. When defining the risk appetite of an organisation, objectives and means are defined and the degree of tolerance to them. Darwin’s ‘survival of the fittest’ has been badly understood; it has been viewed by many as being necessary to kill competitors, either outside or inside an organisation. In fact, he said something totally different, namely that mankind is emerging from the evolutionary process thanks to its altruist capacities which enabled the human species to survive wars, epidemics and all natural disasters. Governance is also the responsibility of the survival of the organisation, allowing or hindering the actions and interactions between internal and external stakeholders.

Diaz: Companies that compete in the global markets face a wide range of operational and financial risks that need to be minimised and managed on a day-to-day basis. This can be achieved through a comprehensive enterprise risk management strategy, compliance programmes, the implementation of internal controls frameworks and monitoring activity of internal audit and compliance departments. However, the key to mitigating such risks is to disseminate throughout the organisation an ethical culture and conduct principles from the lowest levels to the top of the pyramid. A key element in this respect is understanding at every level of the organisation that individual professional and personal behaviour, even in simple day-to day activities and tasks, can make a difference and proactively drive the achievement of company targets but also of individual improvement. It is true that in current businesses the perimeter of action is no longer limited to business and making profit, but is extended to social responsibility activities and how profits are made. In such a complex context, however, it is quite difficult for top management to be knowledgeable of all that is happening in the organisation around the globe, so strong governance can only be achieved if the drive toward well-doing comes from within the organisation. This is the result of long-term commitment to ethics culture, training and creating awareness in the organisation, and deciding to invest resources and reward individual performance not only based on business results but also for qualitative parameters and ethical values.

Osagie: Ensuring a strong governance and ethics culture can imbue the workforce of a business with a sense of operating boundaries and risk awareness. Ultimately, a large number of risks come as a result of delegated activities, so the board has to have confidence in the structures put in place for the workforce to adhere to. When a negative event happens to a business, the impact can sometimes be mitigated when there is a clear governance process to follow, or records to assist with any investigation into the cause of an issue. Further, a strong culture means that the organisation is proactive about business ethics and behaviour which then drives the culture in the organisation. A strong culture means accepting that the costs of driving corporate governance must be provided for.

FW: To what extent do you still encounter senior management complacency and misguided organisational mindsets? How important is it to have board buy-in when addressing governance and ethics issues?

Osagie: When I speak with professional colleagues in other companies, the trend of bad practice is increasingly infrequent, though there is room for improvement. Especially in the financial services sector and with increased regulator activity, the mindsets are improving. Most general counsels would still like to see an organisation-wide responsibility for corporate governance driven from the top and bought into throughout the landscape. But it is essential to have board buy-in on all governance and ethics issues, particularly because in many instances the board is ultimately responsible in the event of a failure. The board sets the tone for the rest of the business. If it makes a clear show of buying into the importance of strong governance and ethics, then there should be a flow down to the rest of the business.

Garnier: Senior managers who arrived at the top thanks to their unlimited ambitions, particularly with regard to ethical behaviour either with providers, clients, other employees or regulators, will logically be relaxed toward unethical behaviour and misguided organisational mindsets. These managers usually benefited from what Crozier and Friedberg call, in their strategic analysis methodology, a “marge de manoeuvre” allowed by their hierarchy to escape control of their actions. This type of manager will use the formal set of governance indicators to mask the reality of their unethical actions. Referring to Volkswagen or BNP Paribas, both companies did comply with the present formal rules of governance. Addressing governance and ethics issues with these senior managers is a waste of time. If there are courageous directors on the board and if they fight for their controlling power over management and get a budget to order independent audits on sensitive issues, then complacency and misguided organisational mindsets can be overcome. Hopefully, there are many ethical senior managers.

Diaz: Complacency from senior management is quite a common attitude. The presence of an ethics department, a whistleblower hotline and a periodic training programme are considered sufficient from most senior management, who do not see the reason why additional investment should be done in these areas. This approach is particularly true in times of economic and market softness and pressure on business results, which divert company resources to the ‘essential’ priorities. For sure, these are important elements in a corporate governance programme, but they are mainly high-level initiatives, which require integration with best practices embedded in all business processes in order to guarantee the real effectiveness of strong corporate governance. It is very important that boards fully understand what is required – in terms of resources, investment and long-term commitment – to have an effective governance and compliance programme, and at the same time the benefits on overall performance linked to process best practices and efficiency. At the same time, in case of any ‘flaws in these mechanisms’, the negative impact on company reputation and the consequences on business should be brought to the attention of boards. In these terms, boards should take a responsible decision on the level of effectiveness they want to achieve with ethics and corporate governance, considering their risk appetite and commitment to invest.

Goodman: All too often, companies that have suffered risk management lapses or more serious failings are also guilty of underestimating the cultural and organisational blind spots or other shortcomings that have led to or exacerbated the problems. Almost without exception this is at least in part because the board has not sufficiently challenged or guided management to identify and address these shortcomings. Without board buy-in, even the best intentioned management may come up short on ethics and governance.

It is very important that boards fully understand what is required – in terms of resources, investment and long-term commitment – to have an effective governance and compliance programme.
— Chiara Diaz

FW: When implementing governance and ethics best practice across an organisation, how important is it to utilise available resource and prioritise management strategies? Is the process unique to each particular company?

Garnier: The implementation of a governance and ethics framework across an organisation is based on a formal process, which can be summarised as the study of structures, strategy, systems, supervision, sociology and symbols. Once a clear view of the specific culture of a company, its core competencies and competitive resources is obtained, it is necessary to understand the vision of the board of directors, the various anticipations about the future environment of the company, how the board selects a strategy considering its appetite for risk, and how it monitors its implementation. These two first stages are common for all organisations and allow a diagnosis of risk zones. The third stage is more tailor-made. It consists of specific actions either to change processes or add scenarios, in order to cover risk zones which have been identified. These actions have to be prioritised into a roadmap as a real culture and governance transformation takes time. The result is a unique governance and ethics framework for each organisation.

Goodman: It is of course important to utilise and prioritise the company’s resources and strategies. However, it is also essential to look outside the organisation for best practice. The Woolf Report commissioned by BAE Systems in the wake of corruption allegations against it continues to be a vital resource for any company seeking best ethical practice. While external legal counsel is important in certain situations, remember that best practice goes far deeper than legal compliance and will likely provide additional organisational and cultural benefits that a merely legal and regulatory approach will not achieve. While there are general principles, each company has very different cultures, structures and possibly problems to address and so each company’s approach should be different.

Osagie: There are common practices but those responsible for leading these initiatives should ensure that they are specific and relevant to individual organisations. Policies, practices and directives should be relevant to employees and stakeholders, based on things that they can relate with and to.

Diaz: The implementation of an effective ethics and governance programme should be based on risk assessment and identification of key risk areas that need to be addressed considering the specific business, industry, countries and markets in which the company operates, as well as its main business partners and the regulatory environment. This analysis will lead to identification of priorities that management needs to address in order to mitigate the risks, considering business best practice, the existing policies and procedures and the gaps to fill. Although the identified solutions may be specific to each particular company, the risk-based methodology and approach are widely applicable to many industries and public. In the economics and efficiency of the implementation, it is key to prioritise the areas, but also to gain board and senior management support by making good use of existing resources with a practical approach. This means, for example, coordinating the corporate governance initiatives within a wider enterprise risk management strategy, using expertise from internal compliance controls and internal audit departments to drive the implementation of best practices and to support training on ethics to the organisation, minimising bureaucracy in day-to-day activities when introducing new requirements into policies, and so on. Risk assessment must be performed in an ongoing manner as a monitoring routine included in the corporate governance programme in order to identify key changes and adapt to a fast changing environment, otherwise any initiative for prioritisation and efficient use of resources may be undermined.

We think it is vital for companies to engage with investor representatives to demonstrate an important aspect of good governance: listening to the long-term owners of companies.
— Tim Goodman

FW: How should companies disseminate the key elements of their governance and ethics policy to ensure stakeholder understanding? Are internal as well as external communication channels vital?

Diaz: In order to obtain stakeholder understanding and support over ethics and corporate governance company policy, a balance of external and internal communication is key. Many companies tend to focus primarily on external communication, using institutional tools such as a company website, use of media and social media, and relationships with industry associations and institutions. External communication has a more direct and ‘visible’ effect on company reputation, therefore it is often a tendency to keep more ‘low profile’ communication internally within the organisation. Internal communication is, however, just as vital and important, because it drives motivation to ethical conduct – not only do what’s right, but also do it in the right way – in every single component of the organisation. The beneficial effects in the organisation of strong internal communication on ethical conduct can be diminished or totally neutralised if the dissemination of ethical principles and rules is not put into practice by senior management and boards. Employees are the most critical judges of an organisation; where board and senior management’s decisions and conduct are perceived to be or result in contradiction with the key ethical principles that are being communicated, the effectiveness of a corporate governance programme can be totally undermined.

Osagie: Mandatory training on key points of governance and ethics should be provided and not in a tick box manner. The consequences of failure should be adequately explained to the level of sophistication of the relevant stakeholders. Adherence to the required standards – to be codified into policies where possible – can be made a contractual requirement of employees. Monitoring and whistleblowing must be integral to the process.

Garnier: One privileged way to communicate with stakeholders is through the risk appetite statement. This is an emerging practice, and till now, statements are too often vague or disconnected from the reality of processes and decision-making of organisations. A risk appetite statement embedded in the ‘organisational six s’ – structure, strategy, systems, supervision, sociology and symbols – is meaningful for stakeholders as it has deep roots. Internal channels are part of the information system disseminating the discourse. Each employee has contacts with external stakeholders and should be able to disseminate the right behaviour. External channels in turn are essential to attract the right resources and create the win-win symbiotic relationship with stakeholders. It should not be forgotten the importance of fair transactions inside and outside the firm. Communication is also made through contracts and good faith in their realisation. The legal aspect of contracts is essential for governance and there should not be a discrepancy between official communications and practices. For example, the public announcement that providers are well-treated will be totally inconsistent if the organisation is paying providers five months later than was agreed.

Goodman: We have had many detailed conversations with companies that wish to improve their own practices voluntarily as well as those that have had serious governance or compliance failings leading to regulatory action. We think it is vital for companies to engage with investor representatives to demonstrate an important aspect of good governance: listening to the long-term owners of companies. We also encourage companies to disclose publicly what, and importantly how, they are working to improve their culture, governance and risk management. It is through this dialogue and disclosure that investors and other stakeholders, including customers and regulators, can assess not only the quality of a company’s ethics and governance but the commitment of the board and management to constant improvement.

FW: What are the likely consequences for an organisation that routinely sidelines or completely ignores the importance of effective governance and ethics policies?

Goodman: Fortunately, the instances of companies completely ignoring effective governance and ethics are rare but clearly the results are catastrophic for investors, employees, suppliers and customers – think about Enron and other similar corporate frauds. The banking crisis of nearly a decade ago was a crisis of governance and ethics. What is less newsworthy are those companies that are complacent or insufficiently effective in their governance arrangements – in such companies, problems may lurk under the surface until they break out and cause damage to companies’ reputation and value. For every Volkswagen, are there dozens of other companies with as yet undetected problems? Boards must do their best to make sure that management develops systems and controls to minimise the possibility of ethical or governance problems. But this is not enough; boards must encourage behaviour that enables such systems and controls to work as intended and are not subverted.

Osagie: Incoherent and inconsistent practices and behaviours in the organisation, result from having no clear terms of action or engagement. Practically, this presents other challenges too. Executives and business operatives have no idea how to act. Without doubt, most consumers, especially in the commercial space, will expect to see a demonstration of a strong corporate ethic and evidence of compliance. We also see increasing examples of fines, penalties and audits by regulators which have their problems and costs. Reputational damage, and the consequences of regulatory intervention, can often not be quantified in monetary terms, which means most will struggle to get over any problems. In the long run, the value of the business can suffer as discipline and rigour break down.

Diaz: Sooner or later, organisations that completely ignore the importance of effective ethics and governance policies are likely to face some critical issues that could compromise business continuity. For example, quality issues in production and operations could arise, environmental or health and safety issues, or even financial miss-statements, or IT fraud or bribery misconduct in commercial relationships or relationships with government institutions. In complex organisations operating on a global scale, it is highly unlikely that management or boards are knowledgeable or can control everything that occurs. In this situation if management or boards deliberately avoid governance or ethics policies, or have a complacent attitude, it is very likely that when an unforeseen event occurs, individual employees will take action for themselves. In the short-term, companies may avoid negative external communication, but it is highly likely that any sidelining or misconduct will undermine the organisation from within and disaggregate efforts to achieve common targets and results.

Garnier: An organisation may hope to remain unseen and not caught, until an unexpected event stirs a scandal. In terms of the sanctions for such an organisation, are there advanced controls about governance that prevent that type of organisation from passing through the cracks? It highly depends on the institutional regulation of countries and sectors. In the financial industry, the 2007 crisis has triggered a raft of new regulation, asking banks and insurance companies to disclose a risk appetite statement – Basle III for banks, and Own Risk Self Assessment for Solvency II in the insurance sector. But there is no defined framework for this declaration, which is often non-significant in terms of governance. And self-assessment can be highly subjective. Controlling authorities in a few countries review the nomination of directors and have the right to dismiss failing directors. This is usually the case when there is a public or secret bail-out. Rating agencies, especially Standard & Poor’s, issue ratings on enterprise risk management and strategic risk management, with scores ranging from weak to excellent. These ratings are issued upon the appraisal – not the audit – of governance and management. Controlling authorities have probably underestimated the necessity of articulating a governance policy, beyond formal rules, such as setting specialised committees or hiring independent directors, relative to the process of governance itself, which is the anticipation of the possible variations of the organisation and its future environment, the selection of the desired profile and the control of management.

There is a need for a more appropriate and more clearly set responsibility of directors and shareholders in governance.
— Miriam Garnier

FW: How do you envisage governance and ethics issues developing in the months and years ahead? Considering the attitude of regulators and the market in general, do boards need to keep these cultural considerations near the top of their agenda?

Garnier: There will be a shift from market-led governance supervision – the gatekeepers theory, the role of institutional investors, governance codes established by private institutions – towards a more legally embedded reference. The gatekeepers theory, led by mutual funds, is potentially bearing conflicts of interest. Mutual funds manage funds for hire and are not the ultimate shareholders of invested companies. State organisations also need high-quality governance and ethics. Therefore, there is a need for a more appropriate and more clearly set responsibility of directors and shareholders in governance. For example, asking shareholders to vote for the accounts of a listed multinational company is nonsense, as they absolutely cannot have a clue about the accounting treatment that has been handled by the management. The board of directors is itself relying upon the qualified auditors. As an example, in France, the legal code has yet to include governance obligations. A code has been produced by two employer associations. More recently, a high authority for governance has been created to handle this question. The so-called ‘Macron law’ voted in France in 2015 has transformed a 2004 jurisprudence into law, allowing new shareholders to substitute former shareholders of a defaulting company, by excluding them under the control of the Court. The European Union has hesitated to issue a directive on corporate governance. It would be consistent with the objective of legal unification inside the European Union.

Diaz: Governance and ethics has been on the regulatory agenda of many countries for many years, and in many westernised countries regulations have already been put in place. Developing market legislators are following this direction. There are many similarities in regulations and greater cooperation exists today between governmental institutions to prevent and combat unethical behaviour, bribery and fraud, as well as criminal behaviour in general. At the same time, boundaries for business and competition no longer exist as companies operate in the global markets. In this scenario, governance and ethics standards will be increasingly applied across industries and businesses, and therefore can no longer be ignored by management and boards. On one side, there will be a need for increasing professional skills in this area, and governance programmes will need to be integrated more and more in a comprehensive enterprise risk management strategy to manage effectively reputational, operational and financial risks in a coordinated manner. On the other side, the real challenges will come from management and board attitudes. As the economic scenario becomes more difficult, industries become more concentrated through M&A activities with the increasing presence of investment funds in the boards of such companies, influencing governance with predominant cost-cutting strategies and short term orientation.

Osagie: Ethics is difficult to call; much of what is branded as ethics is in fact politics. Insofar as a trend can be identified, it will likely be to create more categories that must be considered in the course of business and harsher penalties for breaches. Governance and its cousin, regulatory requirements, will also likely increase in some areas – financial accountability, risk exposure, data treatment and so on. Boards certainly need to keep the attitude of regulators and markets near the top of the agenda, because the cost of falling foul is expensive and in many cases fatal. A proactive approach must be the preferred one for any forward looking enterprise.

Goodman: We welcome the developing international focus on governance and ethics. Much of the asset management industry is obsessed with making short-term trading decisions, ignoring longer term corporate strategy and risk management, and so also ethics and culture. However, out of the corporate scandals in Japan, we have seen the development of both a corporate governance code and a stewardship code of institutional investors. This is part of a wave of such reforms across large parts of the world, reflecting the desire of institutional investors to ensure that their long-term interests are better safeguarded. Boards should welcome and encourage this increased longer term focus by shareholders, which should help them to properly nurture the companies of which they are temporary stewards.


Miriam Garnier is the chief executive officer of Finance & Gouvernance, a thought leadership company acting in the field of business advisory and restructuring. Ms Garnier has acted as an investment banker in a top 10 worldwide bank during 25 years and managed €35bn of assets for a French state fund. She is a judge at Paris Commercial Court, a chartered accountant and a chartered director, as well as being a director for several companies in the insurance, mining and associative sectors. She has also published groundbreaking articles on governance and is a frequent lecturer at international conferences. She can be contacted on +33 (0)6 23 76 22 78 or by email:

Tim Goodman is a director at Hermes EOS and sector lead for oil and gas industry engagement. He is also responsible for Hermes EOS’ activities in North America. Mr Goodman is a member of the Institute of Chartered Secretaries and Administrators. He is a regular speaker on governance-related matters, a member of the US Council of Institutional Investors’ corporate governance advisory council and a former chair of the UK Quoted Companies Alliance corporate governance committee. He can be contacted on +44 (0)20 7680 2276 or by email:

Chiara Diaz is the financial compliance manager of Italy for the Kraft Heinz Company. Since 2006, she has been responsible for the financial compliance of the Italian business and for the internal controls framework supporting the US GAAP Consolidated Financial Statements according to requirements of the Sarbanes-Oxley Act 2002. Ms Diaz is also in charge of the Italian Corporate Governance System (It Law 231/01) and is responsible for FCPA and UK Bribery Act compliance in the Italian organisation. She can be contacted on +39 02 5256 2244 or by email:

Dr Solomon Osagie is a corporate lawyer with substantial in-house and private practice background. He has legal experience and qualifications in both business and law. His specialties include company law, intellectual property, commercial property transactions, corporate finance and restructuring and commercial contract negotiations and drafting in financial services, as well as the IT and telecommunications sectors. He can be contacted on +44 (0)20 7160 9427 or by email:

© Financier Worldwide

©2001-2016 Financier Worldwide Ltd. All rights reserved.