Following a corporate failure the usual questions are asked: What went wrong? Who was at fault? More often than not a finger is pointed at the auditors. Is that fair? Sometimes the attribution of responsibility to the auditors is correct. On other occasions, one or more of the other role-players in the total compliance ecosystem must bear the blame. The purpose of this article is to identify all of the role-players in the compliance ecosystem, to specify each of their responsibilities in preventing corporate failures, the consequences of which are devastating to the market, investors, employees and creditors. It is important to appreciate factors which companies operate against– complexity, cross-border activities, regulators, new technology and a multiplicity of stakeholders.
More often than not, after a catastrophic corporate failure, questions are raised about the adequacy of the law. South African company law, in respect of its substance, procedures and remedies, ranks among the best in the world. Laws and regulations that regulate companies and their officers, such as the Banks Act and Financial Markets Act, are also highly comparable with their peers in other jurisdictions. In the case of state-controlled companies, the provisions of the Public Finance Management Act apply. It imposes strict duties on directors and management.
Corporate governance – codes of good practice
A mistaken belief exists that corporate governance, including codes of good practice, is a topic distinct from corporate law. That is erroneous. The foundation is the law. Codes of good practice contain principles designed to ensure better implementation of the requirements of the law.
Whilst I support the principles of King IV, I stress that the three essential requirements of good governance are:
- Full disclosure – as the eminent US jurist Louis Brandeis remarked in his book Other People’s Money, “Sunlight is the best policeman; electric light the best disinfectant”;
- A culture of healthy dissent in the organisation, from the chairman down; and
- Non-executive directors who have a good knowledge of the business of the company, failing which they are captive to management and unable to discharge their role of being an essential filter of management’s performance and conduct.
The regulators include the Prudential Authority, the Market Conduct Authority, the JSE and the Takeover Regulation Panel. They contribute to the content of the law, including obligatory standards of conduct and, in appropriate cases, must approve the appointment of directors and senior managers. They also exercise an important role in enforcement.
They do not have the power, nor should they, to prescribe the business model nor to regulate on purely commercial issues.
There are a number of specialist regulators, such as the Independent Regulatory Board of Auditors which has a vital supervisory role over auditors.
Enforcement of the law
Having opined that the relevant law is more than adequate, the focus turns towards the adequacy of its enforcement. Unfortunately, problems do arise in this sphere. A committee of the US Senate, which was vested with identifying the causes of white-collar crime, evaluated the extent to which the justice system acted as a deterrent to would-be perpetrators. In order of effectiveness, the deterrents were:
- The fear of detection and being apprehended;
- The fear of a successful prosecution; and
- Far behind the first two, the fear of the severity of the sentence.
Without the fear of detection, apprehension and successful prosecution compliance will suffer a severe handicap.
The non-executive directors determine the strategy of the company, prescribe performance targets for management and monitor compliance with those targets. Clearly, they have a multitude of other responsibilities and duties, including the purpose of the company.
In the complexity of the modern company, directors delegate to committees of the board and to management.
In delegating functions to committees of the board it is necessary that certain principles are complied with, namely suitably qualified people must be selected to serve on those committees, the terms of reference must be clear and specific, and there must be systematic report-back to the board. The board cannot abdicate its functions.
In delegating to senior management it is the responsibility of the board to ensure the existence of sound systems and controls. The absence of these sound systems and controls and the existence of complex corporate structures often constitute a fertile opportunity for sophisticated frauds.
The audit committee
The audit committee is a statutory committee and not a board committee. Its functions are prescribed by the Companies Act and King IV and other specialist legislation. A properly functioning audit committee is a vital component of the compliance ecosystem.
Senior management, whether or not designated as prescribed officers, generally have the same fiduciary duties and duties of care, skill and diligence as are applicable to directors. They often have additional contractual duties.
It is self-evident that the auditors have a significant role in the entire ecosystem of compliance. I do, however, believe that the existing auditors model is anachronistic with regard to the complexity of the modern economy, often with cross-border dimensions and huge developments in technology.
Very often the auditor is dependent on compliance by directors and management with their duties and responsibilities. The converse is clearly also true. This interaction between the responsibilities of directors and management on the one hand and auditors on the other hand is extremely complex.
Auditors essentially have two roles:
- Preventative, in the sense that they must ensure that their client companies have adequate systems and controls which will enable and ensure compliance; and
- Detection and disclosure of non-compliance. These findings and qualifications by auditors are essential tools for other role-players, such as the boards and regulators, to discharge their duties in responding to frauds and other breaches.
The role of investors, particularly the institutional investor, in the compliance ecosystem is often understated. Their role arises in at least three contexts:
- They elect directors. In doing so they should be vigilant in assessing the reputation and performance record of potential candidates;
- They should be conscientious in monitoring compliance by directors and management. The fundamental philosophy of regulation in this context in South Africa is regulation by disclosure – full and truthful disclosure in all documents, financial statements and circulars issued by companies. These should be carefully evaluated by investors and appropriate action taken, including recovery of damages by derivative action and removal of delinquent or non-performing directors; and
- They vote with their feet. They should consider, in appropriate cases, disinvestment from non-performing companies and those whose activities are inconsistent with socially acceptable conduct or prevailing public policy.
Journalists, particularly financial journalists, play a fundamental role in a system of regulation by disclosure. The ordinary investor is often ill-equipped to properly evaluate company disclosures. This function is often better performed by sophisticated well-trained journalists. Journalism is a key profession in a democracy and, consistent with its general watchdog and investigative function, its role in the compliance ecosystem of companies is vital. It is often the first line of attack in detecting wrongdoing, or non-performance by a company. The published detections by journalists of misconduct or non-performance are often the beginning of action by other role-players in the compliance ecosystem, such as regulators, institutional shareholders and auditors.
Compliance by boards and management, particularly in the case of complex companies with cross-border activities, requires monitoring by an entire ecosystem. Each role-player has a specific function that clearly interacts with those of the other role-players. Performance by each of the role-players of their specific functions provides the most effective chance of reducing corporate fraud and other non-compliance. Does this mean that there is no requirement for reform? Let us return to where we began. There is certainly a need for auditor reform. But that must occur in recognition of the significant complexity of business and new technology. A new model for an audit is probably required.
There are promising signs of a return to a properly functioning criminal justice system.
South Africa should remain vigilant to developments in the fight against white-collar crime and non-compliance in foreign jurisdictions which face the same challenges as those faced by us.
The primary responsibility for the management and direction of a company vests in its board of directors and senior management. In discharging their duties they are subject to strict fiduciary duties and duty-of-care skill and diligence. Directors of state-owned companies are also bound by the Public Finance Management Act. In recognition of the fact that directorship is not a profession with entrance qualification requirements it is an absolute necessity that directors must initially on appointment, and on an ongoing basis thereafter, be required to undergo education and training on the law in respect of their duties and responsibilities. DM