Comply or you will do time!
South African CEOs can go to jail
Corporate governance and compliance is a hot topic given all the legislation passed in the last few years in an effort to protect stakeholders from nefarious activities on the part of company executives.
Unfortunately, although there is a lot said about compliance, few companies seem to realise how serious these regulations are.
"South Africa's Insider Trading Act, for example, makes provision for a R2 million fine or 10 years in jail," says Allen Smith, MD of Continuity SA. "Internationally, the Sarbanes-Oxley Act in the US provides for a fine of up to $5 million or 20 years in jail.
"What's more important than the numbers, however, is that these and other regulations are not aimed at low-level employees, but at business leaders. In particular, company boards are today being held responsible for governance breaches."
The first step in compliance must be the acceptance by the board that it is accountable for good governance and any breach thereof. While someone else may have done an illegal or unethical act, the board and specifically the CEO is responsible.
The second step, following the acceptance of accountability, is the realisation that this means the CEO and the board is accountable for every action undertaken or neglected. The board can delegate responsibility for specific functions to management, but it can not delegate accountability - if the controls are not in place to ensure all management functions are carried out correctly, the manager may have neglected his/her duty, but the board will be liable.
The third step is to implement effective corporate governance processes designed for your company - as opposed to the template approach, which does not work. Corporate governance is not something to delegate to a governance officer or compliance consultant. Smith acknowledges that these positions need to be filled, but warns that they are simply tools in the corporate governance process that must continue to be managed and monitored from board level.
Looking at the recent WorldCom and Enron cases in the US, the leadership in both cases said it was impossible for them to know what everyone in their company was doing. And most of us would agree that it is impossible to know what thousands of employees are doing at any one time. This did not help their trial, however, as the courts found both parties guilty.
"The message sent to business was that corporate governance is no longer optional and ignorance is not an excuse," says Smith. "Business leaders that do not ensure the appropriate corporate governance policies, processes, procedures and controls are put in place and enforced (and managed from the top) are courting disaster."
The fourth step of compliance is to understand that all the pieces of legislation and recommendations we have today are not designed to make life difficult for board members, but are in place to protect organisations' stakeholders. And everyone potentially affected by poor corporate governance, including shareholders, employees, suppliers or even small businesses dependent on the continued success of a larger concern is counted as a stakeholder.
"And good governance does not end with preventing fraud or insider trading," concludes Smith. "Good governance ensures companies are able to withstand a serious operational disruption, even a worst case scenario in which normal trading becomes impossible unless operations are continued at a standby business recovery site.