1. The Law of Corporate Governance Rupert Nevin Partner Gordons Cranswick

2. Outline Debate: the hawks and the doves Existing legal requirements for good governance The US Dimension: Sarbanes - Oxley Who gets blamed when governance goes wrong? Criminal and Regulatory law developments Practical implications/guidance

3. Propositions Not a stand alone law Immense potential for conflict –Regulators/Government –Regulator/Regulated –Within organisations –Role of auditors and advisors Rise of criminal law in boardroom Threat and opportunity (“carrot and stick”)

4. Direct threats: Companies Acts Insolvency Act 1986 Pensions Act 1985, as amended Sector regulation, e.g. FSMA 2000 Local Government Act 2000

5. Indirect threats: Regulation –administrative regimes –technical: safety, health and environment –market : competition laws Personal criminal liability –consent, connivance, neglect –act/default Criminal law Public Interest Disclosure Act 1998

6. Opportunity Knocks? Turnbull Comply or explain Legal risks are business risks Significant risks only Offences of strict liability usually include statutory defence of “due diligence” Non-executive directors

7. Trends Regulators trained in corporate governance Expansion of governance principles - benchmark of legal compliance –performance reporting –directors’ codes of practice Shareholder activism Disqualification and enforcement activity Prosecutions

8. The US Dimension Sarbanes - Oxley 2002

9. Corporate Defence Structures, roles and responsibilities Scrutiny Recording decisions Communication Written policy Document management Response Audit/review (“birds eye view”)

10. Who gets blamed? Conflict –directors –the board –employees –staff –management Value of internal investigations Principles of “managing it out”

11. The future Tax evasion Cartels Fraud Money laundering Insider dealing Corporate killing

12. A little knowledge Whistle blowing cartels Reporting money launderers

13. Gaps Undermines collective responsibility No positive requirement to manage fraud Too much responsibility on individuals Codification - The US Experience Lack of clarity Lack of consistency : public/private sector

14. Implications More criminal and regulatory law introducing governance requirements Individual director “due diligence” New dimensions to directors’ duties and obligations New breed of criminal lawyer More positive approach to Legal Risk Management?

15. Laws Best Practice Rules Ethics/ Social responsibility Corporate governance

16. Significant legal risks Financial Services and Markets Act Directors Liability Data Protection Safety, Health and Environment Human Rights Employment Law Companies Act Licensing / Registration Requirements Tax Corporate Governance Competition Law Criminal Law

17. IdentityEvaluateControl Risks Influence Contain Transfer Manage CORPORATE GOVERNANCE

18. Risk Management Process Monitoring Education Competencies Training Review Controls Policy for compliance

19. KNOWLEDGE Meeting legally defined minimum –statute –case law Written systems Operated as intended Review/audit Providing reasonable assurance Exceeding legal minimum Complying with –codes of practice –Published guidance –Reorganised industry standards Providing high degree of assurance Legal ComplianceGood PracticeBest Practice CHARACTERISTICS Setting and achieving high standards of performance Meeting “practice” guidance High level policies High level involvement Risk ownership Embedding processes Forward looking Providing assurance MANAGEMENT RISKS REDUCING RISKS INFLUENCING CHANGING ELIMINATING RISKS UNDERSTANDING