Corporate governance is not just a regulatory necessity – it is a cornerstone of running a well-controlled business. UK and international regulators continue to focus on this area and more changes are inevitable with the introduction of the Markets and Financial Instruments Directive  II (‘MiFiD II’) and the extension of the Senior Managers and Certification Regime (‘SMCR’) across the entire UK financial services sector.

These changes follow the significant strengthening of corporate governance arrangements and controls which many companies undertook following the financial crisis which began in 2008 and the implementation of the SMCR.

Corporate governance self-assessment  checklist

Non-executive directors (‘NEDs’), compliance officers, company secretaries or legal counsels often wrestle with how to make governance processes pragmatic and practical. Below we explore ways of addressing those challenges.

1. Can you describe the culture of your firm? How can you demonstrate that the culture throughout your firm is as you believe it to be?

Embedding and protecting the desired corporate culture goes beyond just communicating cultural values. The Board and senior management need to demonstrate their commitment through action and seek evidence from their teams that they operate in an ethical manner, especially when faced with difficult commercial choices. Senior management should recognise and even reward employees across all levels of the firm, who demonstrate strong cultural values.

Enforcing consequences for behaviours inconsistent with a firm’s desired culture is also vital, especially if exhibited by middle and senior management. People follow the behaviours of their direct leaders. If there are inconsistencies between the messages from the top and how these messages are translated and demonstrated in practice by their department’s management, the desired culture will not work and disjointed micro-cultures will continue to flourish.

2. Was the last review of your Board composition and its overall skills and experience matrix effective and comprehensive?

In the competitive financial services environment, having skilled NEDs and senior managers increases your firm’s chances of success in the market. In the current environment where new solutions such as blockchain and electronic signatures - and threats such as cyber-crime - top the headlines, chairmen should be particularly interested in having NEDs on the Board with expertise in IT, systems security or technological innovation.

The regulators expect senior managers to fully understand their responsibilities, and that the Boards are equipped to provide effective oversight and constructive challenge. Regular and planned Board self-assessments should highlight to the chairmen whether they can be confident they have the right team for the job.

3. What was the result of your firm’s most recent Board and Board Committees self- assessment?

If your firm has not done a full self-assessment for a while, or never, this may be a good time to organise it. Such a review can help gain a better understanding of the NEDs’ views on the effectiveness of the chairman, how the Board works collectively and individually, and where a firm should focus  its efforts to address any shortcomings. For optimal benefits and to instill a culture of ongoing improvement, these reviews should form part of a Board’s annual life-cycle.

Proactive and engaged chairmen should use this tool to identify and acknowledge strengths and to inform their decisions about the future composition and succession planning of the Board. Improvement actions should be documented and periodically reviewed by the Board, and any progress should be used as a basis for future evaluations. It is important to note that FTSE 350 companies are required by the UK Corporate governance Code to arrange an externally facilitated evaluation at least regular and tailored education programmes, which should  be specific to the business they oversee. Targeted education plans will help address any knowledge or skill gaps for individual Board members and should be reassessed at least annually to adjust NEDs’ continuous education needs.

4. How often do you discuss with your Board their understanding of your firm’s business? Do you have collective and individual education plans for your Board members?

There is an unequivocal expectation from the regulators that non-executive contribution to the effective governance of a firm should be based on sound judgement and constructive challenge. This can only be achieved with a good understanding of the business and its risks. The Board and senior management should have a regular dialogue to provide NEDs with easily digestible and targeted detail so they can make informed decisions.

This is also where Board education plays a crucial role. The Board’s confidence, individually and collectively, will grow with regular and tailored education programmes, which should be specific to the business they oversee. Targeted education plans will help address any knowledge or skill gaps for individual Board members and should be reassessed at least annually to adjust NEDs’ continuous education needs.

5. Do you have a robust succession plan in place? Are you prepared for unexpected departures from your Board or senior management team?

Succession planning can often be a difficult subject to address as, in addition to the internal talent development, it inevitably talks about individuals leaving a firm. However, embedding an effective process may help address the sensitivity this  topic brings. advance planning for departures from the Board is always prudent and covers not only situations of regular Board turnover, but also provides clarity on how to address unexpected resignations, retirements or unforeseeable events such as deaths or poor performance.

Making succession planning a regular discipline for the effective management of the Board helps focus the minds on supporting the strategy and sustainability of the firm. Without an appropriate response to deal with expected or unexpected Board departures, it may result in unsettling investors, or even cause a decrease in market confidence and consequential impact on commercial performance and share price.

6. Do you have robust risk management arrangements to identify and help weather storms in the business?

The Board and senior management must be able to articulate key risks to their firm and evidence, through their management information, how those risks are monitored. Effective risk management arrangements can also make a difference in the recruitment and retention of talent. good candidates for senior positions are likely to carry out due diligence before joining a firm, especially if they are taking on one of the Senior Managers or Certified Person roles under the new SMCR. They are more likely to be attracted to firms that can demonstrate an effective  risk management framework and the use of controls which are relevant to the market environment and the firm’s business model.

7. Are you confident in the quality of management information you receive from Compliance and Risk Management functions (second line of defence)?

NEDs should ask themselves regularly whether they receive appropriate information from their Risk and Compliance functions. Do they gain comfort that the firm operates with effective controls and in compliance with its Board-approved risk appetite? levels of assurance are seldom proportionate to the volume of management information that Boards receive. The Board should maintain a regular dialogue with heads of Risk Management and Compliance to articulate what detail they require and how frequently, to gain comfort on the different areas of their oversight responsibilities. oversight of risk and compliance matters is not a static process and management information required by the Board should change as the strategy and the business risk profile changes.

8. Do you know what is really going on in your outsourced functions?

Material outsourcing of critical business functions, such as customer complaints handling or internal audit, has become part of many business models. Firms are expected to have a clear line of sight into all activities of their outsourced operations as they remain ultimately accountable for their performance and conduct. Before engaging a third party, firms should conduct risk assessments on the cultural alignment and effectiveness of a third party’s systems and controls, and then maintain continuous assessment of the outsourced activities to identify and monitor any potential risks.

9. What is your relationship with your regulators?

Depending on their risk classification, most financial services firms have at least one regulator with whom they maintain regular contact. Some firms have direct supervisors assigned by the FCa or the PRa. It is essential that firms have protocols for managing communications with their regulators which can be readily accessible by all business areas. all communications with the regulators should be captured and, if appropriate, briefed to the relevant senior management and the Board. Maintaining a single point of contact is not always possible in larger firms. However, even with several points of contact, those individuals should follow an established protocol for recording and responding to regulatory communications. Boards which do not receive information about their firm’s interactions with the regulators should consider if they are asking the right questions or indeed getting the full picture about the state of its regulatory affairs.

10. Has your firm ever received a request for an attestation?

The use of attestations has become a tool which the regulators use more frequently. Now the SMCR is in place, this is unlikely to change. Prudent response by senior managers should always involve appropriate due diligence to underpin commitments in their attestation. This due diligence should include direct access by the relevant senior manager to primary sources of evidence to support their attestations, rather than solely relying on assurances from others.

And finally…

Whilst much focus has been placed on improving corporate governance arrangements in financial services, many firms still get it wrong. Putting things right after the failures have been identified by the regulators is a remedial action all firms should aim to prevent. The goal is to have effective controls  in place, which allow firms to proactively identify and manage problems as a matter of business as usual. This demonstrates to the customers, market, investors and regulators that a firm has the right balance between commercial interest and risk management which should result in good customer outcomes.

By implementing simple but robust self-assessment routines, NEDs and senior managers can clearly demonstrate that the firm is in control of the evolving business in an ever-changing regulatory environment.

The most tangible benefit of good governance is the impact of strong corporate governance standards on the firms’ commercial performance. good corporate governance foundations and effective risk management will undoubtedly have a positive impact on the bottom line, by not only protecting it from regulatory censure, but also by instilling greater regulatory and market confidence.