Time for boards to take control of tech governance
May 2019 | SPECIAL REPORT: BUSINESS STRATEGY & OPERATIONS
Financier Worldwide Magazine
May 2019 Issue
Developments in information technology, such as Big Data analytics, artificial intelligence (AI) and distributed ledger technology, are ever more central to companies’ operations, strategy setting, risk management and compliance functions. What are the governance implications?
Some economists and lawyers have argued that the application of such technologies to corporations (CorpTech solutions) could make a corporate board’s fundamental task, namely monitoring management, obsolete. In their view, shareholders will no longer need boards to make sure that managers do not deviate from the strategies and policies that maximise shareholder value. That will be because technologies such as distributed ledgers (DLTs) will allow shareholders to access reliable corporate information directly and immediately.
As NYU financial economist David Yermack has put it, “[a]nyone could aggregate the firm’s transactions into the form of an income statement and balance sheet at any time, and investors would no longer need to rely on quarterly financial statements prepared by the firm and its auditors”. That, however, fails to consider that some degree of confidentiality will always be needed for companies to thrive, so that it is unlikely that shareholders will be given as much access to a company’s operations and strategies as a corporate board can have.
Others have argued that AI-powered CorpTech solutions will lower the agency costs arising in connection with key management and governance issues, such as the selection of directors and executives, accrued earnings management, related-party transactions and management compensation systems. As Tel Aviv University law professor Assaf Hamdani and co-authors have put it, “AI algorithms may become better on average at making governance decisions than individuals due to their superior ability to process information, freedom from biases, and lack of side interests”. Boards would be liberated from the need to focus on such aspects and may focus on strategy (and the choice of CorpTech solutions) instead.
In the long run, that may well be the trajectory. It will take time, though, before these technologies will be capable of performing many of the tasks of monitoring boards. And in the meantime, companies’ increasing reliance on CorpTech solutions poses obvious challenges for directors.
Boards composed predominantly of non-executive independent directors, as is the case in the US and the UK, cannot be expected to be themselves in charge of CorpTech solutions. That has been so far, and is bound to remain, the domain of management, if only for the simple reason that management has the time and knowledge needed to make informed choices in the matter. The interpenetration between operations and oversight software is necessarily very strong and we cannot expect board members to make choices for both, while focusing on the latter without deep knowledge of the former appears to be suboptimal.
At the same time, the more technology is relied upon for companies’ operations, strategy setting and governance, the more it has to become the focus of a corporate board’s monitoring. In other words, we cannot trust CorpTech to give solutions that best allow the company to pursue its goal of maximising shareholder long-term welfare (or any other goal a company has set for itself). So long as algorithms are made by humans (software engineers) and sold to humans (corporate managers), CorpTech solutions are bound to reflect the interests and views of those ultimately in control of the code selection and design process. If management wields influence over the company’s CorpTech system, then CorpTech solutions will reflect management’s interests and, in fact, enhance management’s ability to cater to its own interests by leaving less room for slack, human error and cognitive biases.
Corporate boards’ monitoring tasks must then urgently be extended to overseeing CorpTech products selection and development, to reviewing the internal organisational structure dealing with IT matters and to assessing the governance of contractual relations with CorpTech suppliers. In order to do so, changes in board’s composition and committee structures are needed.
It is perhaps stating the obvious, but corporations can no longer afford not to have technology expertise at the board level. Tech-savvy directors should be considered no less essential than financially literate ones.
With the right expertise on board, it will be easier for companies to set up tech governance committees, whether as separate ones or by broadening the remit of risk and, preferably, tech committees. The latter are becoming more common at listed companies, but their focus is currently on cyber attacks and technology-related business risk, rather than on CorpTech governance oversight.
A tech governance committee would serve a different function than digital advisory boards, which an increasing number of companies have been setting up in the last few years. The latter’s function is to advise a company’s top management on how to navigate the external challenges of new technologies and fully adapt to the digital world. The former would rather focus on the internal challenge of making sure that a company’s IT is not used to further management’s agenda, rather than to serve the corporate interest. While non-board members may be well-suited to provide advice about strategy and to act as a sounding board for management by bringing their own outside experience and vision to the table, when it comes to evaluating internal aspects that may expose self-serving behaviour on the part of management, board-level involvement and accountability are needed.
A tech governance committee would be no silver bullet. One considerable challenge is that, at least at the current stage of IT development, ex post review of the functions, limits and biases of AI algorithms is of little effectiveness, so that monitoring can only focus on process and outcomes rather than assessing the technology itself. And while independent directors themselves can work better than shareholders as monitors of management, including in overseeing management’s exercise of discretion when it comes to CorpTech, they are bound to suffer themselves from information asymmetries and imperfect alignment of incentives.
But no obvious alternatives exist to increased board involvement in tech governance. That does not mean that best practices cannot be developed to tackle the challenges outlined in this article. For that reason, it is suggested that the law could help in this area by requiring disclosure of listed companies’ tech governance arrangements. Existing periodic disclosures on corporate governance arrangements could be supplemented with additional explanations on, for instance, whether the issuer has a tech committee or other arrangements in place to oversee CorpTech management. This could be either part of annual required disclosures or stock exchanges’ listing rules. Like similar disclosures, for instance on internal controls and executive compensation, dissemination of information about individual companies’ practices may help issuers become aware of better practices and adopt them in a timelier and less costly way.
Luca Enriques is the Allen & Overy Professor of Corporate Law at the University of Oxford Faculty of Law and a Research Fellow at the European Corporate Governance Institute (ECGI). He can be contacted on +44(0)1865 279 751 or by email: email@example.com.
© Financier Worldwide
University of Oxford