When you onboard your new directors, how much attention do you give to ensuring that newcomers are familiar with industry regulations?
Your board’s succession planning and recruitment practices may be such that a good percentage of your incoming directors are already conversant with regulations that are specific to your industry or sector. However, that’s not always the case, and so corporate secretaries and other governance professionals would do well to focus on incoming directors’ familiarity with industry regulations. In providing access to relevant resources and information, you’re positioning new directors – and your board – for success.
It may help to think about this element of onboarding in the context of risk and reputation management.
Board of Directors & Compliance
Compliance is critical. Your board needs to monitor the organization’s compliance with regulations and legislation. Directors must be aware of and understand relevant regulations, and be satisfied with management’s practices, in order that the board can ensure and attest that the organizations they lead comply with regulations. This requires that, individually and collectively, your directors and board need to be familiar with industry, domestic and global regulations.
A board’s attestation of compliance was already a major responsibility, even before European General Data Protection Regulation (GDPR) enforcement came into effect in 2018. If your organization has collected data on even a single EU citizen, then you and your board need to have a solid understanding of compliance and disclosure expectations. There are comparable regulations within other jurisdictions, including the United Kingdom’s (UK’s) Data Protection Act of 2018 and the California Consumer Privacy Act (CCPA). The latter, while also enacted in 2018, cannot be enforced prior to July 1st of this year, and involves regulations to protect consumers’ new rights. Brazil has also enacted a General Data Protection Law (LGPD), which will take effect this year.
If you’re a governance professional associated with an organization operating in more than one regulatory jurisdiction, you’re already accustomed to compliance with regulations that will vary from one country to another. Multinational enterprises (MNEs) must monitor and comply with a range of regulations issued by distinct jurisdictions.
Understanding Jurisdictional Regulations
Not only will regulations vary from one jurisdiction to another; the processes required to ensure compliance can also vary from one country to the next. Globally, as regulators scrutinize companies’ operations, their enforcement practices serve to reinforce expectations that businesses shall function with increased degrees of transparency, and in an ethical manner.
In KPMG’s assessment, “Risk and regulation continue to be key drivers of the strategic agenda. More than a decade on from the global financial crisis, there has not been the anticipated decrease in regulatory challenges for financial services providers.” What are the expectations? KPMG states that regulators will continue to look for overall strengthening of “core risk management governance, controls, practices and reporting, particularly in the areas of cybersecurity, third-party risk management, and conduct and culture.”
Regulations feature in the recently released results of PwC’s 23rd Annual Global CEO Survey . In Navigating the rising tide of uncertainty, the company reported on the findings of its September and October 2019 survey of 1,581 chief executives from 83 territories. Globally, over-regulation was again the most-cited threat to organizations’ growth prospects, identified by 36% of those surveyed. In North America, while over-regulation was cited by an even higher percentage of respondents (38%), it ranked behind cyber threats (50%), political uncertainty and trade conflicts.
Despite concerns of over-regulation, we may anticipate the introduction of even more regulations. The survey results highlight the significance of technology regulation. PwC noted that the private sector’s leveraging of big data and implementation of robotics, artificial intelligence (AI) and the Internet of Things (IoT) has been outpacing the development of regulatory systems and standards that can mitigate associated risks.
Reaching Better Alignment
When asked to project what the future may hold, almost 70% of the surveyed CEOs anticipated that government would increasingly introduce legislation to regulate internet content, including social media, in 2022 and beyond. A similar percentage expected the enactment of legislation to break up “dominant” tech companies. Just over half of those surveyed envision government requiring the private sector to financially compensate individuals for collection of their personal data. CEO Dylan Collins observed, “… personal data is actually a liability. People are placing it on the wrong side of the balance sheet.”
PwC asked CEOs whether governments are designing privacy regulations that increase consumer trust and maintain business competitiveness, and the results were mixed. While the majority of CEOs from Brazil, China and India do believe that is the case, the majority of CEOs from Canada, Germany, Italy, the UK and the US believe otherwise.
Regulations extend beyond technology and data privacy, of course, and beyond those established by stock exchanges and bodies such as Canadian Securities Administrators (CSA), the US Securities and Exchange Commission (SEC) and their counterparts in other countries.
Boards also need to be aware of and anticipate increased environmental regulations. In Canada, the federal government administers regulations to control water pollution caused by activities ranging from pulp and paper processing to metal mining and wastewater management. These, and the country’s energy and transportation sector regulations, are mere samplings of the regulations that can impact how organizations go about their business. These are independent of provincial regulations related to industrial and municipal waste discharge; remediation of contaminated sites; and the protection, management and conservation of natural resources.
In the US, the Environmental Protection Agency (EPA) and multiple state environmental agencies have established regulations with which organizations must comply. Boards and directors of healthcare organizations in the US, Canada and other countries need to exercise oversight to ensure that their organizations remain in compliance with their respective jurisdictions’ health regulations. All boards need to exercise the same degree of oversight with respect to compliance with labor and employment regulations.
You may have begun reading this article with an eye to onboarding, and ensuring that your new directors are familiar with regulation directly impacting your organization. In fact, all directors and boards may be well served by periodic, high-level updates from management and external experts on changing and emergent regulations, with an eye to strategic planning and the organization’s long-term success.