The Law of Corporate Governance Rupert Nevin Partner Gordons Cranswick

Outline Debate: the hawks and the doves Existing legal requirements for good governance The US Dimension: Sarbanes - Oxley Who gets blamed when governance goes wrong? Criminal and Regulatory law developments Practical implications/guidance

Propositions Not a stand alone law Immense potential for conflict –Regulators/Government –Regulator/Regulated –Within organisations –Role of auditors and advisors Rise of criminal law in boardroom Threat and opportunity (“carrot and stick”)

Direct threats: Companies Acts Insolvency Act 1986 Pensions Act 1985, as amended Sector regulation, e.g. FSMA 2000 Local Government Act 2000

Indirect threats: Regulation –administrative regimes –technical: safety, health and environment –market : competition laws Personal criminal liability –consent, connivance, neglect –act/default Criminal law Public Interest Disclosure Act 1998

Opportunity Knocks? Turnbull Comply or explain Legal risks are business risks Significant risks only Offences of strict liability usually include statutory defence of “due diligence” Non-executive directors

Trends Regulators trained in corporate governance Expansion of governance principles - benchmark of legal compliance –performance reporting –directors’ codes of practice Shareholder activism Disqualification and enforcement activity Prosecutions

The US Dimension Sarbanes - Oxley 2002

Corporate Defence Structures, roles and responsibilities Scrutiny Recording decisions Communication Written policy Document management Response Audit/review (“birds eye view”)

Who gets blamed? Conflict –directors –the board –employees –staff –management Value of internal investigations Principles of “managing it out”

The future Tax evasion Cartels Fraud Money laundering Insider dealing Corporate killing

A little knowledge Whistle blowing cartels Reporting money launderers

Gaps Undermines collective responsibility No positive requirement to manage fraud Too much responsibility on individuals Codification - The US Experience Lack of clarity Lack of consistency : public/private sector

Implications More criminal and regulatory law introducing governance requirements Individual director “due diligence” New dimensions to directors’ duties and obligations New breed of criminal lawyer More positive approach to Legal Risk Management?

Laws Best Practice Rules Ethics/ Social responsibility Corporate governance

Significant legal risks Financial Services and Markets Act Directors Liability Data Protection Safety, Health and Environment Human Rights Employment Law Companies Act Licensing / Registration Requirements Tax Corporate Governance Competition Law Criminal Law

IdentityEvaluateControl Risks Influence Contain Transfer Manage CORPORATE GOVERNANCE

Risk Management Process Monitoring Education Competencies Training Review Controls Policy for compliance

KNOWLEDGE Meeting legally defined minimum –statute –case law Written systems Operated as intended Review/audit Providing reasonable assurance Exceeding legal minimum Complying with –codes of practice –Published guidance –Reorganised industry standards Providing high degree of assurance Legal ComplianceGood PracticeBest Practice CHARACTERISTICS Setting and achieving high standards of performance Meeting “practice” guidance High level policies High level involvement Risk ownership Embedding processes Forward looking Providing assurance MANAGEMENT RISKS REDUCING RISKS INFLUENCING CHANGING ELIMINATING RISKS UNDERSTANDING