Balancing the Baby and the Bathwater, a Risk-Based Approach to Subsidiary Corporate Governance

Transcription

1 International In-house Counsel Journal Vol. 5, No. 18, Winter 2012, 1 Balancing the Baby and the Bathwater, a Risk-Based Approach to Subsidiary Corporate Governance JAMES KRUGER Executive Director, Global Head of Legal, Macquarie Securities Group, Hong Kong How should corporate governance apply to subsidiaries of large international organisations? How do directors at the subsidiary level discharge their duties? How often should they meet and what level of involvement should they have in the entity s financial control and internal risk management? These are not easy questions and there is no one right answer or single governance approach. Further, as is often the case, there are a number of competing interests and practical concerns in play and they all need to be balanced. What this paper seeks to do is outline a risk-based methodology that an inhouse counsel or company secretary of a large institution could apply in devising a practical yet robust corporate governance approach to subsidiary entities. Good corporate governance serves a number of different purposes it facilitates better development and execution of corporate strategy, it enhances the entity s networks with its customers, suppliers and other stakeholders, and it also serves a monitoring and control function. 1 In this paper, I focus on the monitoring and control aspect and the risks (for the subsidiary directors, the parent directors, and the group) of poor corporate governance. I assume, for example, that the subsidiary Boards analysed are not empowered to develop a separate and distinct business line and that the corporate governance task is therefore not one of promoting the effectiveness of a Board to pilot its own strategy. To further concentrate the discussion I also assume the subsidiary is a wholly owned subsidiary in a typical Anglo-American legal structure. In this context, a bottom-up, risk based approach is suggested by undertaking 6 steps: Step 1. Understand the competing internal practical concerns. Step 2. Assemble all the tools for corporate governance. Step 3. Understand the rationale for the establishment of each subsidiary. Step 4. Assess each entity s likely stakeholder requirements. Step 5. Understand and improve the existing enterprise-wide internal control environment which enhances subsidiary entity corporate governance. Step 6. Implement an adaptable corporate governance approach which gears itself according to the risks it needs to address and control gaps it needs to fill. 1 Kiel, Geoff C et al (2006) Corporate Governance Options for local subsidiaries of Multinational Enterprises. Corporate Governance: An International Review 14(6) p 568 International In-house Counsel Journal ISSN print/issn online

2 2 James Kruger Another approach - a cookie cutter, top-down approach where each Board is tasked separately with the responsibility of designing and overseeing its own monitoring and control - could lead to a number of problems: Background Boards will need to meet very regularly (when an organisation has hundreds perhaps thousands of subsidiaries this is a big load for the company secretary department and the management team). Boards may design controls differently (from entity to entity or, even in the same entity, from year to year). The effort may cause fatigue and the risk position actually worsened where corporate governance becomes a tradition more honoured in its breach than its observance. For parent entities, particularly listed ones, the imperative for corporate governance has been driven by the capital markets (which the entity taps for equity and debt financing) and listing / regulatory authorities (which have an obligation to ensure a fair and efficient market). Accordingly, corporate governance principles generally focus on the role of the Board in the public eye and protection to shareholders as a whole, including all minority interests. The OECD principles, for example, view the Board s role as essentially 8 functional matters 2 : i. Reviewing and guiding corporate strategy, major plans of action, annual budgets and business plans etc. ii. iii. iv. Monitoring effectiveness of company s governance practices and making changes if needed. Selecting, compensating, monitoring and, when necessary, replacing key executives and overseeing succession planning. Aligning key executives and Board remuneration with longer term interests of the company and its shareholders. v. Ensuring a formal and transparent Board nomination and election process. vi. vii. viii. Managing and monitoring potential conflicts of interest of management, Board members and shareholders, including misuse of corporate assets and abuse in related party transactions. Ensuring the integrity of corporations accounting and financial reporting systems, including the independent audit, and that appropriate systems of control are in place, in particular systems for risk management, financial and operational control, and compliance with laws and relevant standards. Overseeing the process of disclosure and communications. 2 OECD Principles of Corporate Governance 2004

3 Subsidiary Corporate Governance 3 At the subsidiary level, these external market imperatives are usually not there. For example, a wholly-owned subsidiary is unlikely to have pressures around related party transactions and disclosure (except to the extent there is an international transfer pricing issue or there is a financial covenant in any private external debt arrangement). One might assume, therefore, that subsidiary corporate governance is much less of a concern. However: 1. Directors will always retain certain statutory duties (eg that the financials are true and fair and the financial position of the company is not insolvent) and fiduciary duties (to act in good faith and for a proper purpose, to manage conflicts, to not misuse of information). 2. Regulatory authorities are increasingly expecting localised control and accountability (cross-entity corporate approaches may fail to take into account local nuances and fail to demonstrate sufficient local management). 3. Statutory safe harbours for directors duties when they re acting in the interests of the parent entity 3 do not exist in many places. 4. Delegation of duties does not mean an abrogation there has to be reasonableness in the reliance on the delegate and regularity in the oversight of his/her performance. Good corporate governance at the subsidiary level is still needed to specify the distribution of rights and responsibilities among different participants in a corporation and other stakeholders and spell out the rules and procedures for making decisions on corporate affairs 4. Step 1 Understand the Competing Practical Concerns Within a large organisation there will likely be a number of potentially competing interests in the design of subsidiary governance. One must not be blind to these. Whatever approach devised, it must work for all implicated parties otherwise it will not be respected or continually adhered to months / years down the track. One therefore needs to understand, respect, and balance the interests of the: 1. Parent entity The separate legal identity of the parent and the subsidiary could be jeopardised if the legal doctrines around piercing the corporate governance and alter ego can be invoked Parent Board members or other members of senior management who are not on the subsidiary Board director liabilities in most jurisdictions can extend to shadow directors. These two aspects make it important that the entity functions under real Board supervision. 3. Subsidiary Board members business units may not have specific focus on legal entity boundaries; they may operate more along functional management lines than through the demarcation of a corporate constitution. Board supervision may not come naturally as part of how the business operates. 4. Internal staff A one-size fits all approach to subsidiary corporate governance is easy to understand but in large organisations may create too great an administrative burden. 3 See, for example, s 187 of the Australian Corporations Act 4 OECD Principles of Corporate Governance A good discussion paper on this can be found at: Murphy, Damien (1998) Holding Company Liability for Debts of its Subsidiaries: Corporate Governance Implications Bond Law Review Vol 10. Issue 2, Article 6

4 4 James Kruger Step 2 Assemble All the Tools for Corporate Governance Good corporate governance should encompass all the mechanisms that enable the Board to not only undertake their duties but also be held accountable for their actions. In the context of subsidiaries of large organisations, one should look at a whole range of mechanisms, such as: Mechanism Features for Good Corporate Governance Company Secretarial function Responsibility covers all controlled entities. Manages corporate reporting, record keeping, and administrative functioning (for example when directors change departments or leave the organisation). Provides new directorship training and regular re-refresher training. Where it is outsourced, the above functions are covered in the service level agreement and there is an effective monitoring program in place. Controls a company incorporation process and subsidiary director appointment through which nominees are screened against certain experience benchmarks. Familiar with local corporate governance requirements. Subsidiary By-laws / Corporate Constitution Sole shareholder provisions dealing with voting and modifications to the constitution. Authorises information to be provided to parent entity. Deals with directorship terms consistent with company secretary policy as above. Authorises directors to act in the best interest of holding company. Consistent as much as possible across all controlled entities. Financial Practices Management Responsibility covers all controlled entities. Material capital, dividend, external liabilities and restrictive covenants (eg negative pledges) require Board approval. Internal Control Environment Refer step 5 Board Operations Refer step 6

5 Subsidiary Corporate Governance 5 One should resist the temptation to jump straight to the Board operations (composition, delegations, meeting agenda and frequency) in designing a subsidiary corporate governance approach. This effectively just leaves the Board to fend for itself. One should assemble all the tools for corporate governance and gear them appropriately to all subsidiaries. For example, depending on the rationale for the subsidiary and more on this below - one may be better served re-examining the enterprise-wide support infrastructure and internal control environment. Step 3 Understand the Rationale for Establishment of each Subsidiary There are numerous reasons behind setting up a subsidiary. If one is able to categorise subsidiaries into different types of establishment rationale some guidance is provided to the corporate governance approach required. Rationale Financial risk rationale; eg to establish a project finance vehicle, to insulate corporate assets from a new / highly geared venture, to undertake debenture fundraising and ring fence promoter liability. Financial structuring rationale; eg to set up a regulated entity, to take advantage of natural tax efficiencies by incorporating a vehicle where the management and control is located (which is different to the parent entity), to facilitate different staff incentive schemes. Strategic rationale; eg establishing / acquiring a new business, ring fencing an operation to possibly spin off via share sale / listing etc, incentivising staff differently through different remuneration stream. Administrative rationale; eg to facilitate employment expenses and leave accruals into a service company, to lease office premises, to house group wide software licences Joint Venture Rationale; eg to enter into a joint venture with an outside equity interest. Note: as stated in the introduction, the focus of this paper is on wholly-owned subsidiaries. Preliminary Corporate Governance Risk Profile High. The risk that the corporate veil is pierced or shadow director liability imposed (thereby undoing the rationale for subsidiary incorporation) is greater where the subsidiary Board does not act independently in a meaningful way from the parent Board. Medium-High. The underlying basis of the regulatory / tax footprint of the vehicle will typically require a strong audit trail of localised management and control. Potentially low, but need to undertake further steps as per below. Potentially low, but need to undertake further steps as per below. High. The potential for conflicts and contractual covenants concerning management will typically necessitate a high touch corporate governance approach. 6 6 Note it is common for the Joint Venture Agreement and the incorporated JV entity constitution to recognise that nominee directors may act in the interests of their parent. To the extent this does not fly directly in the face of primary director duties, this may be useful to ratchet down the level of governance required.

6 6 James Kruger Step 4 Assess each Entity s Likely Stakeholder Requirements In addition to establishment rationale, the shape of the subsidiary (its operational history, size, financial position etc) provides more clarity on the corporate governance risks. Each subsidiary will carry an array of external stakeholder requirements as it undertakes its activities: Key Stakeholder Creditor Regulatory - corporate Regulatory financial services Regulatory anti-corruption Regulatory - Environmental Employee External Shareholder Requirements Account holder segregated cash account. Financial position accurately disclosed and adherence to covenants. Ensuring corporate filings and annual return are accurate Management and control to preserve market integrity Foreign corrupt practices / antibribery obligations Environmental protection laws Labour and occupational health & safety laws Participation in strategy, minority interest protection, agency problem of management (eg executive pay, related party transactions, insider trading) Preliminary Corporate Governance Risk Profile Potentially low where: 1. Entity has positive cash flow and balance sheet position with adequate working capital; 2. Entity assets and liabilities are inextricably linked; and 3. The internal control environment is adequate (refer next step). Need to ensure the integrity of corporations accounting and financial reporting systems, including an independent audit, and that appropriate systems of control are in place, in particular systems for risk management, financial and operational control, and compliance with laws and relevant standards. As above As above As above As above As above High. Ensuring appropriate checks and balances, principally through an effective functioning Board covering all the items of the OECD Principles discussed in the Background section above. As demonstrated from the above, for wholly-owned subsidiaries the external stakeholder requirements correlate highly with the need for an enterprise-wide internal control environment.

7 Subsidiary Corporate Governance 7 Step 5 Understand and Improve the Internal Control Environment This is not a paper on enterprise risk management or internal controls. However it is important to understand how these control functions apply to subsidiaries because, as stated above, corporate governance and, in particular the way a subsidiary Board operates, should be supplemental to that. An assessment should be made therefore of the following aspects: 1. Risk Management Policy Framework for key entity control matters: Directorship Appointment Policy to ensure: that business units using the entity are adequately represented. that only employees with sufficient seniority and experience are appointed (so that they can really act as a last line of defence, exercise professional scepticism, and act on red flags). the Board composition and operation broadly accords to the factual assumptions underpinning tax advice (eg whether the entity has a permanent establishment in a jurisdiction outside its place of incorporation or existing branch). Risk Limits Framework and New Business Approvals - Outside of Board resolutions or specific delegated authorities (which should be monitored and adherence reported regularly) are there restrictions and processes on staff committing an entity to new financial risk? Document Execution - Are there restrictions on execution of legal documents (excluding standard client correspondence) other than through the corporate seal or a specifically approved power of attorney? Note: allowing senior management to habitually sign documents beyond these actual authority mechanisms not only creates ostensible authority that may go beyond intended boundaries but also creates internal operational risk. Absence a discipline around document execution, an entity is exposed to risks that it becomes bound to things that are either sub-optimal (because they didn t go through internal review channels, like in-house legal signoff on contracts) or unauthorised (because matters didn t go through new business approval processes). Third Party Payments Is there a segregated back office or accounts department with sole custody of the mechanisms for the movement of cash (account signatories, SWIFT codes, company chops etc)

8 8 James Kruger 2. Internal Review Approach. Best laid plans and policy frameworks need to be actualised by the staff. Core controls for a subsidiary are only as good as: Operations Review Processes a tick-a-box reporting of policy adherence into a quarterly Board meeting is not a robust management of operational risk. Regulated financial institutions have long since recognised this and have established various dedicated functions and breach reporting processes and review mechanisms to keep a closer and more fulsome watch on operations. The approach will differ depending on the institution and local circumstances. Some institutions will have regional operating committees that span multiple entities within a particular business unit and/or region. If a corporate entity does have operations across multiple regions or business units, it is therefore possible that it could have very different operations review processes. From a corporate governance perspective, whatever operations review processes are applicable it is very important that the processes are: Combined (or at least consistent). High risk regulated entities can these days ill afford to have different control processes with different risk tolerances and degrees of effectiveness. Entity focussed a forum may be looking at issues potentially touching multiple entities, but for each issue being discussed, it is important that participants are at least aware which entity is affected and which Board they are assisting. Discussed openly and collectively. Incidents need to be work shopped to enable a better understanding of the root cause, to agree ownership, and to track improvement plans. Staff Compliance Culture Is there a pervasive code of conduct? Is there a whistle blower policy with independent reporting channels? Responsible Officer Training all the staff relevant to the above controls (senior management, operations committee members, donees of powers of attorney, back office staff, company secretaries) need to receive frequent training on not only the risk management framework (in particular the aspects discussed above) but also red flag scenarios and appropriate ways to enquire and investigate when a red flag is raised. 3. Treasury and Finance function this must respect and preserve the integrity of each subsidiary s reported financial position. Material cash flows out of subsidiary back to a parent should have an appropriate check and balance within the treasury policy framework to ensure the following cannot occur (unless with subsidiary Board approval): Material voluntary repayment of parent entity financing; Re-hypothecation of subsidiary assets beyond reported levels; Extra-ordinary dividend payments; or Income and expenses from related party transactions not in accordance with approved transfer pricing policy.

9 Subsidiary Corporate Governance 9 Step 6 - Identified Gaps and Determine Board Operations If, through the above assessment process, one can determine that there are limited or no gaps in the control environment (a low risk profile), the Boards of wholly owned group subsidiaries may only have a residual function. In this sense they can and should operate as a last lines of defence through a Low Touch Board Operation Approach and not as an active and primary internal control and monitoring mechanism. The term Board Operation Approach covers the following items: Item Board Composition Decision Making Framework Meeting frequency and items covered Feature of High Touch Board Operation Approach Full compliance with directorship policy. All business lines using the entity are covered with Board representation. Sufficiently senior personnel are on the Board. The Board composition is different to the composition of the parent entity. All subsidiaries should formally approve a set of delegations to management. Board approval should still be required for major transactions and substantial indebtedness above fixed thresholds and for the use of the entity by a new business division. At least 6 monthly (or such sooner frequency as required by local statute or regulation, if any). No departure from Document Execution Policy and reporting of executed documents by Legal department, inter alia. Features of Low Touch Board Operation Approach As per High Touch but on a reasonable endeavours basis only. Exceptions can be granted. Delegations can be broad with the Board retaining only major matters such as appointment of Board members, approval of accounts and solvency declarations, capital issues and reductions, dividends, capital restructures and a change in the company s main undertaking. At least annually (or such sooner frequency as required by local statute or regulation, if any). Other Annual directorship training. Less frequent directorship training.

10 10 James Kruger Conclusion How should corporate governance apply to subsidiaries of large international organisations? How do directors at the subsidiary level discharge their duties? How often should they meet and what level of involvement should they have in the entity s specific financial control and internal risk management? With this risk-based analysis we now have the tools to address these questions in a systematic and pragmatic way. Where the entity has a low risk corporate governance profile (per steps 3 and 4) and where the internal control environment is effective with respect to the items discussed in steps 5, the subsidiary Board need not serve as a front line, active control. The reasonableness of the Board delegation is more assured and the need for regularity of delegate oversight less pressing. To demonstrate the approach: Is the subsidiary 100% wholly owned? Yes Is the Corporate Governance Risk Rating High per the above steps No No Apply High Touch Board Operation (akin to parent level board) Apply Low Touch Board Operation Yes Is the entity covered by a robust operations control framework? No Yes Apply Low Touch Board Operation Apply High Touch Board Operation (akin to parent level board)

11 Bibliography Subsidiary Corporate Governance 11 Australian Stock Exchange Corporate Governance Council (2003) Principles of Good Corporate Governance and Best Practice Recommendations. Kiel, Geoff C et al (2006) Corporate Governance Options for local subsidiaries of Multinational Enterprises. Corporate Governance: An International Review 14(6) p 568 Murphy, Damien (1998) Holding Company Liability for Debts of its Subsidiaries: Corporate Governance Implications Bond Law Review Vol 10. Issue 2, Article 6 OECD Principles of Corporate Governance (2004) Office of the Superintendant of Financial Institutions Canada (2003) Corporate Governance Guideline. Thompson & Thompson PC. The Parent/ Subsidiary Relationship *** James Kruger, Executive Director, Global Head of Legal, Macquarie Securities Group, Hong Kong Global Head of Legal, Macquarie Securities Group Integrity Officer (Asia), Macquarie Group Macquarie Securities Group Senior Management Committee member Extensive pan-asian experience in finance legal, tax and legal entity structuring with a focus on Equity Markets, M&A, derivatives and structured product, broker-dealer regulatory risk management, and corporate governance Based in Hong Kong for last 6 years Macquarie Group is a global provider of banking, financial, advisory, investment and funds management services. Macquarie s main business focus is making returns by providing a diversified range of services to clients. Macquarie acts on behalf of institutional, corporate and retail clients and counterparties around the world. Founded in 1969, Macquarie employs more than 15,000 people in over 28 countries. At 30 September 2011, Macquarie had assets under management of $A327 billion.