Ethics and Governance

Ethics and Governance

Karen Flannery and Níall Fitzgerald consider the critical points in the revised Chartered Accountants Ireland Code of Ethics, which came into effect on 1 March 2020. The revised Chartered Accountants Ireland Code of Ethics took effect on 1 March 2020. The revised Code was necessary to increase alignment with the International Ethics Standards Board for Accountants (IESBA) Code of Ethics, which underwent a significant restructure in recent years. While there are no changes to the fundamental principles, Chartered Accountants familiar with the previous Code of Ethics (effective September 2016 to 29 February 2020) will find the look and feel of the revised Code significantly different. While additional sections and emphasis were included, others were removed. This results in greater clarity and ease of navigation. Figure 1 provides an overview of the revised Chartered Accountants Ireland Code of Ethics. Added emphasis on fundamental principles The five fundamental principles of the Code of Ethics remain unchanged. These include integrity; objectivity; professional competence and due care; confidentiality, and; professional behaviour. The conceptual framework that describes the approach used to identify, evaluate and address threats to compliance with the fundamental principles also remains the same. However, there is now a heightened emphasis on the fundamental principles and the use of the overarching conceptual framework underlying each section of the Code. Before, much of the narrative was contained in a single section of the Code. Responding to non-compliance with laws and regulations New sections were added concerning non-compliance with laws and regulations (NOCLAR) for professional accountants in practice (Section 360) and professional accountants in business (Section 260). These bring the NOCLAR provisions of the IESBA Code of Ethics into the Institute’s Code. A vital feature of the NOCLAR provisions is the specific in-Code permission to breach the principle of confidentiality in the public interest. This permission has been explicit in the Institute’s Code for several years and so, the NOCLAR provisions can be seen as a change of detail rather than of substance. The new sections outline the required actions when NOCLAR is discovered and provide additional guidance in this area. Key points to note concerning the NOCLAR provisions are: The first response to identified NOCLAR is to raise the matter, and seek to address it, at the appropriate level within the relevant organisation (internally); Where NOCLAR is not dealt with appropriately internally, the professional accountant considers whether to report to an external authority in the public interest. The decision to report externally is (as it always has been) a complex one; and Where a report is made in the public interest and good faith, there is no breach of the confidentiality requirements of the Code of Ethics. However, there may be legal implications for the professional accountant to consider. Revised layout The most obvious change is the revised layout of the Code of Ethics, which now mirrors the structure of the IESBA Code of Ethics with additional material for members of Chartered Accountants Ireland. A new paragraph numbering format was introduced and as a result, sections were restructured (e.g. what was “Part C” (Professional Accountants in Business) is now “Part 2” in the revised Code).The revised layout facilitates more natural referencing and distinguishes between the Code’s requirements (in bold text and denoted by the letter ‘R’) and application material or guidance (indicated by the letter ‘A’). Complexity has been reduced by simplifying sentences and language in parts. Also a new ‘Guide to the Code’, explaining how it works, has been included. Other content changes Table 1 highlights other notable developments in the revised Code of Ethics and suggests where you might focus your attention depending on whether you are a member in practice or business. Retained Institute ‘add-on’ material Where existing Institute ‘add-on’ content created important additional requirements beyond the IESBA Code, these ‘add-on’ requirements are retained in the revised Code of Ethics. Such requirements include: Specific requirements regarding communicating with the predecessor accountant (Section 320); Particular obligations regarding transparency around the basis for fees and dealing with fee disputes (Section 330); and Agencies and referrals (Section 331). No new ‘add-on’ material was created. Additional support for members The Institute’s online Ethics Resource Centre is updated regularly with a range of supports and guidance for members. Additional information included in the old Code of Ethics, but removed in the revised Code and still considered useful, has been reproduced in a series of new Ethics Releases. The Ethics Releases are not a substitute for the requirements of the Code, but they do provide additional support for members in particular scenarios, including: Code of Ethics and changes in professional appointments; Code of Ethics and confidentiality; Code of Ethics and marketing of professional services; and Code of Ethics and corporate finance advice. Future updates The last substantial change to the Institute’s Code of Ethics was in 2016. While the Code does not change regularly, there is a significant body of work happening behind the scenes to ensure it remains appropriate, precise and effective in the context of the issues affecting the accounting profession. Members can, therefore, expect amendments from IESBA in the coming years; for example, considerations addressing the impact of technology-related ethics issues on the accounting profession. For members who are insolvency practitioners, a new Insolvency Code of Ethics is imminent. The current Code of Ethics for Insolvency Practitioners, appended as Part D of the Institute’s old Code of Ethics for members, remains in effect until then.  Actions speak louder than words It was evident from the Ethics Research Report, published by the Institute in January 2019, that members hold their professional and business ethics in high regard. While the Code of Ethics does not change regularly, it is a hallmark that establishes a minimum standard which is signed up to and shared by all members of the profession. It is useful to be familiar with its requirements and to remember that it is individual member actions that express commitment to the Code of Ethics in addition to a member’s personal ethics. The revised Code is available via the Institute’s Ethics Resource Centre.   Níall Fitzgerald FCA is Head of Ethics and Governance at Chartered Accountants Ireland.  Karen Flannery FCA is Head of Professional Standards Projects at Chartered Accountants Ireland.

Apr 01, 2020
Ethics and Governance

From a governance perspective, COVID-19 will test the robustness of our legislation and our ability to take a more technological, and perhaps modern, approach, writes Claire Lord. The Irish Government recently announced additional measures to protect citizens by delaying the spread of COVID-19. One of these measures is social distancing, which requires individuals to keep a two-metre space between them and other people. This measure and the increasing restrictions on international travel is making it difficult for Irish companies to hold ‘in-person’ board meetings and to proceed with shareholder meetings, particularly annual general meetings (AGMs), in the usual way. Against this backdrop, what can companies do to allow business to proceed so as to comply with the law while protecting the health of its directors, employees and shareholders? Board meetings Generally speaking, the board of an Irish company can meet ‘virtually’. This means that board meetings can be conducted by telephone, video conference or a similar facility. For a virtual board meeting to be properly convened, all directors must be able to hear each other and speak to each other. At a virtual board meeting, the quorum is made up of those participating in the meeting. All participating directors are entitled to vote in the usual way and the location of the meeting, consequent on social distancing requirements, is likely to be the location of the chair. The board of an Irish company can also usually pass resolutions in writing. For a written resolution to be valid, it must be signed by all directors of the company at that time. A written resolution takes effect when the last signature is collected. A written resolution can be signed in counterpart and can be circulated and signed electronically. The fully signed version must be retained with the minute book of the company. The written resolution procedure can be used even if one of the directors is not permitted to vote. Where this is the case, the remaining directors sign the resolution and note the name of the director who is not entitled to vote and the reason why. It is always recommended that a directors’ meeting is held where the business to be transacted is contentious, or if it is anticipated that the business to be approved will not be supported unanimously. Directors must also meet where they are required to make a declaration of the company’s solvency as part of the summary approval procedure to approve certain restricted activities. Where these circumstances exist, meeting “virtually” is sufficient. The board of a company must also consider the location of its board meetings or decision-making where it is important from a tax residency perspective for them to be able to demonstrate that the company is managed and controlled in Ireland. Shareholder meetings Companies with AGMs due to occur in the months ahead should consider how best to proceed with their AGMs in a way that complies with the law, and affords shareholders the ability to participate, while observing the Government’s restrictions on mass gatherings. An AGM must have a physical location that is specified in the AGM notice. The quorum for an AGM is determined based on the number of shareholders present in person or by proxy, usually at the physical location of the meeting. Therefore, to avoid a large  number of shareholders attending at the physical location for the meeting, shareholders should be encouraged to appoint a proxy to attend and vote on their behalf. Ideally, shareholders should be encouraged to appoint the same proxy where possible (while always considering how a quorum will be achieved).   While an AGM must have a physical location, a company can permit participation by shareholders at an AGM via technology, once that technology permits shareholders to participate and vote electronically.   Multi-member and single-member private companies limited by shares (LTDs) and single-member companies of other types can dispense with the legal requirement to hold an AGM by opting to carry out the business of the AGM by way of a unanimous written resolution.  Similarly, all company types can pass resolutions in writing.  In the case of LTDs and designated activity companies (DACs), this right applies regardless of any provisions in the company’s constitution.  Similarly, LTDs and DACs can pass majority written resolutions where a particular process is followed. Business as usual? We face significant uncertainty in the months ahead with the spread of COVID-19. Finding ways to conduct business regardless, while protecting the health of others, will test our ingenuity. From a governance perspective, it will allow us to see if our legislation is robust enough to support a more technological and, dare I say it, modern approach.   Claire Lord is a Corporate Partner and Head of Governance and Compliance at Mason Hayes & Curran.

Apr 01, 2020
Ethics and Governance

Barry Robinson explains the obligations placed on private companies arising from the new EU Whistleblower Directive. On 7 October 2019, the EU approved a new Directive on the protection of persons reporting on breaches of European Union Law, also referred to as the Whistleblower Directive. In Ireland, public bodies have had regard to the Protected Disclosures Act 2014, which was amended in June 2018 to incorporate provisions of the EU Protection of Trade Secrets Directive. The current legislation entitles a worker (as defined in the 2014 Act) to report wrongdoing in a public body if there is a reasonable belief of such wrongdoing, and have their identity protected. However, the Whistleblower Directive, which must be adopted into Irish law within two years, will mean that the obligations under the 2014 Act will extend to the private sector as well. The Association of Certified Fraud Examiners’ (ACFE) 2018 Report to the Nations, a global analysis of the costs and effects of occupational fraud, shows that tip-offs or whistleblowing is still the most effective method of detecting occupational fraud, which highlights the importance of this legislation. What will the EU Whistleblower Directive mean for private companies in Ireland? The Directive will make it mandatory for companies with over 50 employees to establish internal reporting channels, both for reporting and follow-up. The Directive allows for companies with between 50 and 249 employees to share resources as regards the receipt of reports and any investigation to be carried out. Who will “reporting persons” be? The 2014 Act currently defines a “worker” who can make a protected disclosure as an employee or a contractor. In the future, under Article 4(1) and 4(2), the Directive will extend the scope of the definition of “reporting persons” to include shareholders, who are not currently included within the 2014 Act. It will also include volunteers and unpaid trainees, and individuals who report on breaches within their knowledge acquired through a work-based relationship, which has since ended. What are the required timeframes for following-up on a disclosure? The Directive will impose timeframes on companies that receive a protected disclosure by creating an obligation to respond to, and follow-up on, the whistleblowers’ reports within three months (with the option to extend this to six months for external channels in duly justified cases). The receipt of a disclosure must be acknowledged within seven days. Will the reporting channels be internal or external? The Directive seeks to encourage disclosures internally in the first instance. The Directive states: “as a principle, therefore, reporting persons should be encouraged to first use internal reporting channels and report to their employer, if such channels are available to them and can reasonably be expected to work”. However, the Directive also allows for external reporting channels. Third parties could be authorised to receive reports of breaches on behalf of legal entities in the private and public sector, provided they offer appropriate guarantees of respect for independence, confidentiality, data protection and secrecy. Such third parties could be external reporting platform providers, external counsel, auditors, trade union representatives or employees’ representatives. Protections against any form of retaliation from employers will be given to persons who report wrongdoing internally and externally. The protections under the Directive will also extend to persons “who make such information available in the public domain, for instance, directly to the public through online platforms or social media, or to the media, elected officials, civil society organisations, trade unions, or professional and business organisations.” Who are “prescribed persons”? The Directive includes provisions in respect of “competent authorities” to whom a disclosure can be made. The Directive states: “in the case of legal entities in the private sector that do not provide for internal reporting channels, reporting persons should be able to report externally to the competent authorities”. Are there any new requirements? The Directive introduces a wide range of new requirements for companies who receive disclosures, which are summarised below: Secure channels for internal reporting. The Directive states that internal reporting shall require “channels for receiving the reports which are designed, established and operated in a secure manner that ensures that the confidentiality of the identity of the reporting person and any third party mentioned in the report is protected, and prevents access thereto by non-authorised staff members”. Dedicated, impartial staff to handle reports. The Directive requires the designation of a neutral person or department competent for following-up on the reports, which may be the same person or department as the one that receives the reports. These dedicated staff members will maintain communication with the reporting person and, where necessary, ask for further information from – and provide feedback to – that reporting person. Diligent follow-up. The Directive requires thorough follow-up and the provision of feedback within three months (which may be extended to six months in duly justified cases). Transfer to another competent authority. The Directive allows for the transfer of a disclosure to another competent authority where the receiving body does not have the competence to deal with the matter. The Directive states that this must happen “within a reasonable time, in a secure manner, and that the reporting person is informed, without delay, of such a transmission”. Reporting the outcome per national law. The Directive states that the receiving body must communicate to the reporting person the result of investigations triggered by the report, in accordance with procedures provided for under national law. Procedures for making a disclosure Article 13 of the Directive sets out the information a competent authority must publish concerning receipts of disclosures. The following information must be published on the competent authority’s website, which must be reviewed and updated every three years: The conditions under which reporting persons qualify for protection; Contact details for the external reporting channels – in particular, the electronic and postal addresses, and the phone numbers for such channels, indicating whether the phone conversations are recorded; Details of how the disclosure will be processed; Details of the timeframes and format for feedback; Details of the confidentiality regime and how personal data will be processed; Details of whether or not a discloser will be held liable for a breach of confidentiality; Remedies and procedures available against retaliation; and Contact details for any other relevant body or information body providing advice to the discloser. Protections against penalisation The 2014 Act makes clear the rights of an individual if an employee is penalised for making a Protected Disclosure. The Directive states: “it should not be possible for employers to rely on individuals’ legal or contractual obligations, such as loyalty clauses in contracts or confidentiality or non-disclosure agreements, so as to preclude reporting, to deny protection or to penalise reporting persons for having reported information on breaches or made a public disclosure providing the information falling within the scope of such clauses and agreements is necessary for revealing the breach. Where those conditions are met, reporting persons should not incur any kind of liability, be it civil, criminal, administrative or employment-related”. Article 20 of the Directive states that reporting persons shall not incur liability of any kind in respect of such a report or public disclosure, provided they had reasonable grounds to believe that the reporting or public disclosure of such information was necessary to reveal a breach under this Directive. What about trade secrets? The 2014 Act was amended in 2018 to incorporate provisions of the EU Provision of Trade Secrets Directive. This required whistleblowers to demonstrate that they acted in “the general public interest” when disclosing commercially sensitive information. The Directive, however, states that where a reporting person can show “reasonable grounds”, they will incur no liability in respect of disclosures including for defamation, breach of copyright, breach of secrecy, breach of data protection rules, disclosure of trade secrets, or for compensation claims based on private, public, or collective labour law. This appears to narrow the burden of proof for reporting persons from acting in the public interest to acting on reasonable grounds. What should companies do? All companies in Ireland should review their obligations under the Whistleblowing Directive and assess their ability to implement internal reporting channels and assign dedicated staff to handle such reports. Companies should undertake planning to identify how reports will be investigated independently, and within the required timeframes of the Directive. While many companies may adopt a “wait and see” approach, companies must act to implement systems and reporting channels per the Directive. Barry Robinson FCA is a Director, Forensic Services, at BDO Ireland.

Feb 10, 2020
Ethics and Governance

It can take several years and a lot of hard work to build an effective board. David W. Duffy outlines key measures that can be taken to improve its effectiveness. It can take several years to build a fit-for-purpose board that has the leadership and dynamism to support the executive team. The most important element in any governance structure is the Nominations or Talent Acquisition Committee. The purpose of this committee is to help the board make sound business decisions by appointing the right board members. If this committee does not do its job, then the board and the organisation risk stagnating through the lack of new ideas or no challenges to the status quo. New appointments should be strategic and not tactical; they must bring unique skills and experience to the company that will have a real and tangible impact at board level.  This could include the world of digital, geopolitical insight, capital raising, or knowledge of a particular sector, such as offshore life assurance. Board appointments that are rushed are not a good sign of good corporate governance; each appointment should be considered carefully before being made. So, assuming the board is populated with the right talent, here are a few examples of other measures that can be taken to improve its effectiveness: Conduct regular external board evaluations to get an external perspective on the effectiveness of the board. Conduct 360 reviews of the board directors. Make sure that the information provided by the executives is assessed annually to ensure the board can do its job efficiently. Have an annual work plan for the board and for all its committees. This will help set the agenda for the year, and will also ensure the board spends enough time on the future by delegating as much as possible to its committees. Hold an away day at least once a year to reflect on the board’s strategy in some depth and to focus on specific issues, such as looming regulation or competition issues. This also provides an opportunity for the directors to get to know one another other better. Invest in the capability of the board through a professional development programme. The board evaluation may well indicate what the directors might like in terms of development, but it is helpful to also ask them. Topics will depend on the company, but the programme could focus on new regulation and compliance requirements, sustainability, diversity and inclusion, etc. David W Duffy FCA is the Founder and CEO of The Governance Company and the author of A Practical Guide to Corporate Governance, published by Chartered Accountants Ireland.

Jan 31, 2020
News

How can a board set the example rather than becoming one? Ros O’Shea gives a five-step approach to creating an ethical board. “Where was the board?!” is the question often asked in the immediate aftermath of corporate misconduct. Stakeholders, quite rightly, expect boards to ensure businesses are run ethically. Yet, sometimes boards (and usually their companies in turn) fail dismally in this crucial aspect of their role. What can a board do to ensure the highest levels of probity in their organisations? This five-step approach can help. Ensure the ethical infrastructure is in place From a code of conduct to ethics training, speak up channels, ethical due diligence procedures and incentives programmes that reward the 'how' and the 'what', directors must ensure the appropriate infrastructure is in place in their organisations to enable and foster a culture of integrity. This is akin to laying down an ethical 'base layer'. Appoint the right CEO In leading that culture, the CEO is key. On appointment, they are bestowed with the organisation’s most precious asset – its reputation – and must be responsible for its safekeeping. It is the most important decision the board makes and demands commensurate investment in a robust process to recruit the right leader. Act ethically It is rare for a board to deliberately endorse an illegal act, but we know there can be a vast difference between decisions that are legal and those that are right. Decisions are usually right when a director is comfortable being personally accountable for their part in it, especially if it would be made known to their family on the front page of the local newspaper. Directors would do well to assess all decisions through that lens and determine whether they want to simply meet a bar, raise the bar or – better – set the bar in terms of moral courage. Lead by example In order to effectively set the tone from the top, the board should be a microcosm of the organisation’s desired culture. Espoused values, such as respect and openness, should underpin board interactions and encourage constructive debate. IQ at this level is a given, but emotional intelligence (EQ) differentiates high-performing directors and their boards and should be a prized quality in director recruitment. Monitor culture Finally, directors must know that only so much governance can be done within the confines of the boardroom; they need to experience first-hand the organisation’s “mood music”. This provides the board with the holistic assurance it needs that the desired culture is truly living and breathing across the organisation. By following these five steps, the board will focus on doing the right things and asking the right questions, which will ultimately lead to the right outcomes. Briefly, that is the board’s role in relation to ethics: to stand squarely behind their chosen CEO and collectively set the tone from the top while providing independent oversight on the organisation’s ethical infrastructure and culture. Ros O’Shea is the founding partner of Acorn Governance Solutions.

Jan 31, 2020
News

With so many disruptive technologies available, is it possible for to directors keep up with the needs of the business? Kieran Moynihan explains how, with the right NEDs, a company can thrive in a constantly evolving digital world. As disruptive technologies such as artificial intelligence, robotic process automation and emerging payment technologies grow in adoption, many boards are struggling to understand how these will impact customers, market segment and the competitive landscape. Crucially, how can they incorporate these technologies into their overall strategy and business models? This relentless wave of new technology disruption is increasingly upsetting the traditional hierarchy of markets by lowering the barrier to entry for new competitors. Companies need to adapt to harness the opportunities and benefits of these disruptive technologies otherwise it risks being left behind irrespective of its traditional market position. Often, the reason behind this struggle to adapt to technological disruptions is that there is a significant lack of technology expertise among non-executive directors (NEDs). This is further compounded by a serious age diversity problem in boards where, across Ireland and the UK, the average age of many boards is late 50s to early 60s. The vast majority of these NEDs indicate that areas such as cyber-security are problematic for them. This, in turn, impacts their ability to provide high-quality, robust challenge, debate and oversight of the CEO and executive team in terms of how a company incorporates these disruptive technologies into its strategy. In marked contrast, younger NEDs in their 30s and 40s tend to be very comfortable in the digital and disruptive technology landscape, have a strong understanding of how customers’ requirements are evolving and can genuinely challenge and support the CEO and executive team in these areas. In most boards, the traditional approach to selecting NEDs has been focused on a majority of generalists with significant executive experience, and a number of sector specialists, which has led to a predominance of financial and general business skills around the board table. However, as both the pace and complexity of emerging disruptive technologies has significantly increased, this traditional model is breaking down and many of the sector-specialist NEDs are finding it challenging to keep up with the pace of change. Many CEOs and executive teams are struggling to make big calls around technology and business model choices. There is a growing trend of board chairs and CEOs who realise that, in order to thrive, the board team needs to be refreshed with the addition of NEDs who have advanced technology expertise. They will be able to provide ample support to both the overall board team and CEO/executive team, thereby strengthening the ability of the company to embrace disruptive technologies, understand the changing needs of their customers and position themselves for sustainable long-term success. Kieran Moynihan is the Managing Partner of Board Excellence.

Jan 31, 2020