There is no doubt that corporate governance has a positive impact on the company’s reputation, employees and customers. But you also cannot look at corporate governance in isolation of the business. You cannot have good corporate governance on the one hand and then have poor practices in terms of customer dealings. Corporate governance is about how you ingrain your values and principles into every aspect of doing business
The growing focus on ethics and corporate governance within organizations has increased the importance of the role of an Independent Director, in being an effective deterrent to fraud, mismanagement and lapses in corporate governance.
The business disruption caused by the pandemic has further underscored the need to be vigilant and strengthen governance frameworks as historically, data shows that business disruptions/crisis have been followed by a rise in prevalence of fraudulent practices.
Against this background, a recent survey highlighted how Independent Director’s perceive corporate fraud, their preparedness in addressing it, and the adoption of best practices to mitigate fraud and misconduct risks.
Around 63% Independent Directors feel that the current business disruption can spur fraud over the next 2 years (Reference a Deloitte study)
While the accountability and expectation of Independent Director’s in consideration of past corporate scandals / failures have considerably increased over the past few years, regulators are also mindful of the limitation and challenges that Independent Director’s face as part of their fiduciary responsibilities.
In this context, the Ministry of Corporate Affairs (‘MCA’) issued a clarification on 2nd March, 2020 declaring that prosecution proceedings will not be initiated against independent and non-executive directors (‘NEDs’) unless there is sufficient evidence to prove that such default or violation had been committed with their knowledge or consent or they were guilty of gross and willful negligence or fraud.
To fulfil regulatory obligations and meet stakeholders’ expectations, Independent Directors could consider the following measures:
A. Before joining the organisation
- Evaluate the background and reputation of the management/promoters from a technical capability and integrity standpoint
- Gain an understanding of the fraud risks including faced by the organisation after considering industry trends, geo-political factors, macro and micro business trends
- Ascertain the nature of adverse news/media items on the organisation and evaluate the potential risk from a financial and reputational standpoint
- Ascertain the primary elements comprising the organisation’s fraud risk governance framework, including steps taken to establish “tone at the top” and mechanisms designed to ensure that employees at all levels understand the organisation’s approach to fraud risk
- Review the mechanism implemented by the organisation to communicate and educate the organisation’s risk management strategy to all the stakeholders
- Enhance skills/knowledge through training programmes on the emerging fraud risk landscape relevant for the industry and fraud risk management techniques, including best practices to mitigate the risk of fraud
B. Oversight and continuous monitoring
While the FRM framework implementation responsibility remains with the management, Independent Directors should periodically review and monitor effectiveness of FRM framework. Further, to build a robust FRM framework, Independent Directors should also promote/push the agenda in the board for the senior management to take charge and actively work on the following initiatives:
- Undertaking of periodic detailed assessment of the organisation’s risk management system, including a review of the board’s capabilities and expertise, considering the industry or regulatory arena in which the organisation operates
- FRM framework knowledge enhancement drives highlighting 'best practices' for the board and appointing external consultants to help the board understand and analyse business-specific risks
- Ensuring that the organisation has implemented a well-oiled mechanism to report major or new risks fructified during the period, investigation conducted, and findings are reported back to the board or relevant committees, as appropriate
- Getting comfort on the availability of an approved set of investigation protocols, clearly indicating investigation roles and responsibilities, depending on the nature of an allegation, which helps avoid reputational risks that may arise from inappropriate investigation methods
- Evaluate if the organisation has communicated reporting protocols to be followed by the whistle-blower system operator to notify the designated officials for different types of allegations
- Ascertaining if the organisation has identified in advance, the legal and forensic investigative resources needed to conduct investigation into serious allegations, including the identification of instances requiring support from external subject matter consultants
- Ensuring that the organisation has an adequate system of continuous monitoring in place for critical areas of concern to identify red-flags, if any, on a real-time basis
- Assessing the effectiveness of a continuous monitoring tool to analyze transactions and keep a close look-out for key outcomes and steps taken by the management to tackle potential risks areas
- Performing a review of reports from the statutory auditors, internal auditors, legal counsel, regulators and other experts to understand the risk profile of the organisation and evaluate if the implemented corporate governance framework is robust and sufficiently well-equipped to oversee all facets of the organisation’s risk profile
- Scrutinizing and challenging high-value complex or “extraordinary” transactions that form a part of financial statements
- Considering all whistle-blower complaints/tips diligently and ensure that the instances of suspected or known fraud is appropriately investigated and suitable action is taken against perpetrators
- Ensuring that the learning from the investigations is considered/incorporated and that the organisation revisited the fraud risk management framework to ensure that loopholes, if any, in the existing anti-fraud controls framework as envisaged were adequately enhanced to minimize the possibility of reoccurrence
- Promote appointment of independent experts for opinions on key matter.
C. Action items in case of any suspected fraud
In case of any adverse events, Independent Directors should oversee the management response to ensure the effectiveness and provide guidance. Accordingly, below are some of the considerations that Independent Directors should push for:
- Ensuring all the allegations of fraud/misconduct are looked into and acted on by the management Ensure that the complexity and severity of the suspected fraud and its implications both from financial, regulatory, and reputation perspective are assessed appropriately.
- Ensure that there is a well-equipped team to handle the investigation, fraud incidents are assigned to senior, trusted individuals. Depending on the complexity and potential implications, consider appointing forensic experts to conduct an independent investigation.
- Ensure that all efforts are made as an immediate priority for collection and preservation of critical information to avoid any attempt to destruct the evidence/information.
- Seeking updates and overseeing the outcome of the investigation to understand the potential impact and any interim action, if required, to be taken by the management, e.g., disclosures to stakeholders, immediate plug for any loopholes, and internal communication.
- Take appropriate actions based on the outcome of the investigation, including but not limited to, actions against individuals/third parties involved in the fraud, disclosures to internal/external stakeholders, and remediation of the identified loopholes.
