Risks for South African businesses in 2012
January 2012 | 10QUESTIONS | RISK MANAGEMENT
FW speaks with Ken van Sweeden, a specialist in D&O liability, about the risks facing South African businesses in 2012.
FW: In your experience, what corporate risks are South African executives placing at the top of their agenda as we enter 2012?
Van Sweeden: Supply chain security and reputational damage seem to be the greatest concerns for executives at the moment. These are followed by political risk, cyber risk, skills and talent shortage, crime and corruption, credit risks (particularly if exposed to Europe), compliance with new legislation, and lost opportunities for being a member of BRICs. Climate change, population demographics, and food security also feature on the list.
FW: Are South African companies paying enough attention to reputational damage to their business? How does a company recover from an ethical failure, and how can it mitigate this risk in the first instance?
Van Sweeden: If one looks at recent events in corporate South Africa, such as the price fixing of the bread between prominent companies of the food sector, or the stripping of surpluses from retirement funds in the 1990s, which until recently remained unresolved, one might think that the value of a company’s reputation does not enjoy the board’s attention to the extent that it should. In the event that a company is caught in the middle of a scandal, and even after the perpetrators have faced the consequences, the company and individuals must try to recover from ethical failure. The more denial, procrastination and indecision that take place following an incident, the worse the situation will get. Consider the News of the World and Rupert Murdoch’s handling of the matter to get an idea of the damage that can be caused. It is most important to do whatever it takes to re-establish a measure of trust or confidence with all stakeholders, whether they be shareholders, employees, customers, unions, and so on. The best way to achieve the re-establishment of trust entails four steps. Admission is the first step and is critical. It could do more harm for the news to be broken by someone else other than the company, for example the media. Apologies should be made in conjunction with admission, and is just as important. This may not right the wrong but it will create a platform for moving forward. Making amends is the next step but this should not be a token gesture. Blackberry found that its offer to give free airtime to its customers following the down time of its servers last year only infuriated their customers even more. Finally, make sure that the failure never happens again. It will do irreparable damage to the company’s reputation to be caught in a similar incident shortly after the first one had been dealt with. Ideally though, it is better to manage ethics proactively and the new Companies Act has requirements for most companies to form Social and Ethics Committees. The company must now report on ethics and stakeholder relationships, and must pursue the effective management of workplace ethics which is recommended as the best strategy to establish a strong ethics culture within the company.
FW: Anti-bribery legislation is appearing all around the world, from the US Foreign Corrupt Practices Act, to the UK Bribery Act 2010, to South Africa’s Prevention and Combating of Corrupt Activities Act 2004. Are boards whose companies trade in foreign markets aware of the potential impact of legislation not just locally but abroad as well?
Van Sweeden: As a consequence of the recent global financial crisis, public sentiment has forced governments around the world to take a more active role in the way business is conducted. This invariably means the introduction of new legislation in an attempt to control corporate behaviour and avoid the repeat of undesirable circumstances in the future. Globalisation means that as our companies expand beyond our borders, they also need to be aware of legal developments in other countries. These developments can have a severe impact on their business. International focus on anticorruption and greater cross-border cooperation between judicial and regulatory authorities, have increased the risks of trading in foreign markets. South African legislators have dealt with the issue through the promulgation of the Prevention and Combating of Corrupt Activities Act, 12, 2004 which is very similar to the Foreign Corrupt Practices Act (FCPA) found in the US, and the UK Bribery Act, 2010 which came effective on the 1 July 2011. Directors must familiarise themselves with the new legislation and decide to what extent they are exposed.
FW: The Protection of Personal Information Bill is due to be enacted in South Africa, and may introduce a requirement for public companies to disclose cyber-attacks and the cost to shareholders in financial statements, similar to US regulations. Are South African boards ready to comply with this legislation?
Van Sweeden: Most companies are reluctant to share the fact that they were hacked or that cyber-crime occurred in their organisations as it could violate their security policies and may expose their fragile platforms. History shows that quantified financial losses due to cyber-crimes are as a result of theft of priority information and financial fraud. The Protection of Personal Information Bill seeks to bring us in line with the US and Europe when it comes to companies storing the personal data of their customers, and the protection of that data. It also establishes an obligation on the custodian of that data and what redress and liabilities exist in the event of a breach to the system warehousing the data. Examples are the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, among others in the US, and the Data Protection Directive enacted by the European Union in 1998. It is most likely that the Johannesburg Stock Exchange (JSE) will eventually require disclosure to investors in the event of a breach in the interests of transparency. I doubt whether many boards have thought about this issue as yet but I’m certain that disclosure of cyber-attacked and associated costs will become a requirement in the future.
FW: What recent trends have you seen in terms of environmental risk to companies in South Africa? Is this a hot topic at the moments?
Van Sweeden: Public awareness of environmental problems is ever increasing and consequently, public tolerance toward polluters is decreasing. The new Companies Act, which came into effect on 1 May 2011, requires certain companies to appoint social and ethics committees. Their role is to monitor the company’s activities relating to social and economic development and to report on their findings. The committee will also be obliged to make disclosures about the company’s environmental performance. The increase in pollution related risk needs to be of concern to all directors but particularly those in the mining industry. If one considers the fact that acid mine drainage is emerging as one of the greatest environmental threats facing South Africa today, any director involved in the industry should be concerned. This problem was first recognised in 1996, and constant media coverage has put pressure on the South African government and the mining industry for a solution. This is an example of the balance that needs to be found between economic activity and environmental damage which is a constant challenge for boards of companies in the industrialised nations of the world.
FW: Although there is nothing concrete in the pipeline, South Africa may see the introduction of ‘Corporate Manslaughter’ legislation similar to that found in the UK. Should local boards be concerned about this possibility?
Van Sweeden: The concept of ‘Corporate Manslaughter’ followed the Zeebrugge ferry disaster which prompted the promulgation of the Corporate Homicide Bill in April 2008 in the UK. Following the disaster, allegations were made that the company, and thus its directors, knew about the safety risks involved. These manslaughter charges are an attempt to reduce accidents in the workplace. It demonstrates the authority’s commitment to prosecute entities that fail to protect the health and safety of employees. The Act does not impose personal liability on individuals, but individual directors and managers remain accountable under health and safety regulations as well as common law. We have seen considerable focus on fatalities in the workplace in South Africa recently, particularly in the mining industry. Mine management can be found personally or criminally liable under certain circumstances which mean that our courts are already grappling with the concept of corporate manslaughter in some way. Individuals including directors and officers can be subpoenaed to provide evidence, produce documents, and testify, which in itself can be a very costly and time consuming exercise. My feeling is that boards would do themselves and their companies a disservice should they choose to ignore the risks associated with formal enquires. I understand that corporate manslaughter legislation in some form will be a feature of South African law in the future. The only question is when.
FW: What is a board’s obligation when it comes to corporate governance? How has this risk evolved in recent years?
Van Sweeden: A guide in South Africa is our King III report on corporate governance. Two of its principles are that “the board should appreciate that strategy, risk, performance and sustainability are inseparable” and “the board should be responsible for the governance risk”. The board must govern risk and delegate the responsibility for risk management to management, but the board always remains accountable for both the governance and management of risk. Most large South African companies have already established risk committees separate from audit committees. However, for any company, big or small, the board should issue management with a risk mandate. The risk mandate is ideally expressed in a board approved risk policy and risk strategy that spells out what acceptable levels of risk are to the particular company. The board must then establish reporting parameters and ensure that the pursuit of acceptable risk and the mitigation of risk are appropriately balanced.
FW: Is South Africa moving towards a system whereby the remuneration of directors will need to be approved by shareholders? How will this affect pay for performance?
Van Sweeden: The new Companies Act now compels companies to review and overhaul their constitutions, their capital and governance structures, and the way they have been doing business in the past. One of the far reaching measures in the new Companies Act is the requirement that directors’ remuneration be approved in advance by shareholders by way of special resolution, as opposed to disclosing emoluments accrued to them retrospectively in the annual financial statements at the conclusion of the company’s financial year. In addition, shareholders may only approve director’s remuneration for up to two years in advance. This requirement is aimed at addressing the often publicised concerns of excessive and exorbitant directors’ pay in which shareholders do not have an adequate say. It remains to be seen if this will have an impact on directors’ performance.
FW: Current events involving South African Airways have raised the question of whether D&O policies should cover parastatals. What are your thoughts on this issue?
Van Sweeden: Parastatal companies are interesting to observe in many ways and one could argue that the directors and officers of these companies do not carry the same risk as directors and officers of public companies. As a result of this their directors do not need the protection of an insurance policy – after all, the company only has one shareholder, being the government, and the risk of a shareholder action is therefore almost non-existent. The company has a mandate to fulfil a certain function for the state and many of the strategic decisions of the company are not even made by the board so how can they be held accountable? I do not necessarily agree with this view since a parastatal not only has to comply with the Companies Act and King III, like all other companies, but also has the additional obligation to comply with the Public Finance Management Act which governs the financial affairs of all parasatal organisations. One could argue this increases risk, rather than reduces it, for the boards of those companies. These companies are similar in many ways to other companies in that they have boardroom battles, internal squabbling, rivalry, votes of no confidence, and all the other daily challenges faced by boards from time to time. In my opinion, the SAA matter demonstrates that they need the protection of the insurance cover just the same as any other director or officer.
FW: Finally, what is your advice to South African boards on managing the risk they face through 2012? Could you outline any proactive steps that should be taken?
Van Sweeden: Circumstances do not allow you to differentiate yourself from your competition on price and service any longer. Everyone will have those sooner or later. Your differentiation will increasingly be how you do business. How you treat your customers, suppliers, and investors will be what you are judged on. You are expected to treat your stakeholders decently, consistently, openly, and honestly. The board’s stewardship of the company’s hard earned corporate reputation is, in my opinion, the most critical item the board must focus on in order to ensure the long term survival of the business. In the past, we used to say that no matter what the size of the company we work for, we all work for a ‘boss’ who votes with their wallet. They can decide to buy your product or not. Today, the relationship is even more intimate. By blogging and podcasting, or mocking your product on YouTube, your customers have even more ability to have their say if they are unhappy with the company. Your company’s conduct is much more measurable by outsiders and the internal workings are under so much more scrutiny. It is for this reason that I believe reputation to be the most critical component of any company today. In order for the board to succeed in protecting and enhancing the company’s reputation, it will need to get every other component of the business right. Only then will the company withstand the close scrutiny and flourish in the new world where most people have access to instant information.
Ken van Sweeden has been underwriting and developing liability products in the South African insurance market for some 30 years. For the last 17 years he has specialised in D&O Liability after successfully launching the first D&O product sold domestically in South Africa. He was until recently head of liability at Aquarius Underwriting Managers (Pty) Ltd. Mr Van Sweeden is an associate of the Insurance Institute of South Africa by examination and a member of both the Institute of Directors of Southern Africa (IoD) and Professional Liability Underwriters Society (PLUS). He can be contacted on +27 (0)79 879 1735 or by email: firstname.lastname@example.org.
© Financier Worldwide
Ken van Sweeden