Absolutely. It was mentioned in the Dáil and quoted in numerous articles in the national press. Some, if not many of the responses were unfavourable, suggesting that we were being too critical of governance standards. Our report contained a number of recommendations, including the suggestion that the key provisions of the existing governance framework should be incorporated into legislation, a suggestion that was subsequently incorporated into the renewed programme for Government.
In 2010, the latest edition of the report echoed and expanded upon our recommendations for 2009, and I will explain these recommendations in more detail shortly. A number of our key points from the most recent reviews have been echoed by the Financial Regulator in statements and in consultation paper CP41 on corporate governance requirements for credit institutions and insurance undertakings. These points include: those in relation to the balance and independence of boards; the role of the chairman and the clear separation between chair and chief executive; limits on the number of directorships which directors can hold in listed or regulated entities; more active involvement by boards in the risk management process; and the need to balance principles-based and rules-based regulation.
I will describe the scope and methodology of the review. The report covers companies listed on the main securities market of the Irish Stock Exchange at the time of their most recent annual report. This includes not only many of the largest companies in the State, but several companies with significant State shareholdings, including Aer Lingus, AIB, Bank of Ireland and Anglo Irish Bank, which was still listed on the ISE as of the most recent annual report available.
The regulatory framework for these companies is — aside from the Companies Acts which apply to all companies — the combined code on corporate governance issued by the Financial Reporting Council in the UK. Listed companies are required, under the ISE's listing rules, to make a statement as to whether they comply with the combined code and, if not, to explain which provisions they do not comply with. Sanctions for non-compliance with the code extend to censure of companies or directors and suspension or de-listing of shares, which is rare — in fact, I am not sure it has ever happened in an Irish context.
Corporate governance is not just a theoretical framework for how companies should ideally be run. It is a series of practical mechanisms, operating at board and management level, which aim to ensure that the shareholders, stakeholders and others with a vested interest in the performance of a company gain assurance that their interests are protected. For companies on the Irish Stock Exchange, these stakeholders include taxpayers, the State, the Government, those with pension funds, and institutional investors — in other words, virtually every citizen in the country. Consequently, the review covers a wide range of governance topics — directors and board composition, independence, sub-committees and so on. The review assesses the extent to which companies disclose compliance with important provisions of the code related to these topics.
One of the key findings in the 2010 report was that the number of companies reporting that they are fully compliant with the combined code has fallen. In the first two years of our review, around one third of companies claimed to be fully compliant. Last year, the number of companies claiming full compliance increased to around 50%; in 2010, the number dropped back down to 36%. This finding, predictably, received the most media attention. Although it may be interpreted as indicating that companies are now less compliant, an alternative explanation — that companies are being more transparent about their levels of compliance — seems more plausible.
We can say that, by and large, companies comply with the vast majority of the code's provisions. In fact, a report commissioned by the ISE and the Irish Association of Investment Managers reported "a high level of compliance by Irish listed companies with the code during the 2008 financial year". Considering all the individual compliance requirements across all companies, it is correct to say that a majority of compliance requirements are met. Nonetheless, it is still the case that only a minority of companies, by their own assessment, manage to comply with all requirements. Although the code is designed to allow companies to comply or explain, this was intended to allow companies to either comply with the exact requirement of the code or explain how they have implemented a governance mechanism better suited to meeting the needs of the company and its shareholders. The "explain" option was never intended to allow companies to opt out of complying.
Exacerbating this situation is what is arguably a failing in the code and the compliance framework for listed companies, in that there is no clear distinction between minor and major compliance requirements. Clearly, a company that is virtually compliant except for some minor disclosure items is in a different camp from a company that is 95% compliant but chooses not to have an independent board, or does not properly disclose how it manages risks in the business. Our research shows that some of the areas in which companies are not compliant are significant, such as not having an internal audit function or having issues with board independence.
With regard to independence, 23% of companies did not have a majority of independent non-executive directors for the full financial year. Added to this, many companies made it difficult to determine which directors were independent. In general, the quality of disclosures in Irish listed companies — and, to be fair, those in many other jurisdictions — could be significantly improved. Other principal findings from our review include the following: some 36% of companies did not disclose the terms and conditions of appointment of non-executive directors; one third of companies did not disclose appropriate evaluation of their chairmen's performance; 28% of companies did not disclose a clear division of responsibilities between chairman and chief executive; and more than half of companies did not state that any member of their audit committee had recent and relevant financial experience.
Based on these findings, we published recommendations. One of the key statements in this regard is that regardless of the regulatory framework, it is clear that it is the behaviour of boards — and, in particular, their leaders — that ultimately determines the corporate governance culture of a company.
Our review includes significant editorial sections highlighting the implications of the findings and incorporating our recommendations for change to improve governance among Irish companies. These recommendations fall into a number of areas, the first of which is the quality, structure and organisation of boards. A fundamental requirement of good governance is to have a board that is diverse but cohesive, balanced, and sufficiently independent, and which performs at an optimum level to ensure that the interests of the company and shareholders are protected. This requires a board that has a sufficient number of genuinely independent non-executive directors and sufficient skills and expertise to ensure that conflicts of interest between shareholders and management are properly managed. The results of our survey indicate that there is room for improvement in the levels of independence on boards of Irish listed companies, and that the level of essential skills — such as "recent and relevant financial experience", as required by the code — is either not sufficient or needs much better disclosure.
The requirement for a majority of independent members on the board should be mandatory, and regulators should have an active role in ensuring that boards contain members who possess all the required skills, particularly in the case of banks and other financial institutions. The oft-stated assertion that there are not enough appropriately qualified directors in the Irish market should be challenged, not least because the increasing exposure of Irish companies to international markets means that Irish companies should seriously consider the level of international representation on their boards.
The critical role of chairman is clearly defined in the guidance, and entirely distinct from that of the chief executive or any other director. The chairman is, according to the combined code, "responsible for leadership of the board, ensuring its effectiveness [in] all aspects of its role, and setting its agenda". This goes much further than the common misconception of the role, in which the chairman is responsible for little more than chairing board meetings. The chairman of a well-governed board should bear ultimate responsibility for the structure, composition, balance, organisation, and resourcing of the board, and for ensuring that it is effective in balancing the interests of the shareholders with the — often conflicting — interests of the executive management of the company. Given that a strong chair is vital to a successful board, the requirement to clearly separate the roles of chair and chief executive, so that they are occupied by different people with clearly distinct responsibilities and terms of reference, is essential for listed and regulated companies and should be mandatory.
Much of the regulatory framework is, as I mentioned previously, optional on a "comply or explain" basis. The suggestion that much of it should be made mandatory has gained acceptance in many quarters. However, overall there is not a lack of regulation in Ireland; if anything, there is a lack of compliance with regulation and a lack of enforcement and sanctions. There are now clear indications that there is an appetite for change and for increased enforcement; this is to be welcomed. In addition, there are multiple regulators involved in the regulation of listed entities in Ireland. Although this is not in itself a problem, it increases the need for clarity in the roles of the regulators and the expectations of how they will enforce compliance and sanction non-compliance.
Risk management and internal control are vital management-level governance mechanisms that should provide assurance that an organisation's strategic objectives are being met and its stakeholders' interests protected. Our report highlights the lack of detail in annual reports with regard to risk management and internal control. Events of the past two years have indicated that these processes are not adequately understood at board level. The Financial Regulator's consultation paper has suggested a requirement that boards set the risk appetite for the institution and monitor adherence to this. In the US, legislation requires that boards disclose significant details about their company's risks and controls, and certify that these controls are operating effectively. Ultimately however, regardless of the legislative requirements it is essential that boards understand the risks faced by their companies, and ensure they are properly disclosed.
In particular, the apparently prevalent use of standardised disclosure text, where the wording of the disclosures varies little year-on-year or even across companies seems to indicate that companies are more concerned about "checking-off" compliance requirements than providing detailed, relevant information to shareholders and other users of annual reports and this practice should be challenged.
The foreword to our 2009 report noted that "failure to meet the expectations of the global markets will ultimately destroy the trust of international investors in Irish listed companies". Our 2010 report reinforced this point and noted that "we need to be a leader in the development and enforcement of standards both in listed companies and public interest bodies such as state companies". It is clear from reading the international press that governance scandals in Ireland, coupled with the severe downturn in our economy, have caused our reputation in international markets to suffer. The role of the Legislature in addressing this should, we believe, lie in strengthening our regulatory environment to ensure that Ireland not only catches up with other jurisdictions in the EU and further afield, but moves ahead. This can only be done by putting in place the governance mechanisms that achieve this goal without damaging our companies' competitiveness in international markets, and putting in place a regulatory framework focused on monitoring compliance and enforcing it with strong and effective sanctions.
The combined code on corporate governance is due to be renamed later this year as the "UK Corporate Governance Code" highlighting the fact that Ireland, exceptionally in the EU, lacks its own specific corporate governance code for listed companies. This is a unique opportunity for Ireland to establish our own corporate governance framework, and establish the country as a standard bearer for international corporate governance, for the ultimate benefit of shareholders and the economy.