The Nigerian Code of Corporate Governance 2018
The Financial Reporting Council (FRC) of Nigeria recently released the Nigerian Code of Corporate Governance (‘the Code”) on January 15, 2019. The Code highlights key principles that seek to institutionalise corporate governance best practices in Nigerian companies.
KPMG recognises that good corporate governance is a key driver in the establishment of sustainable enterprise. Alignment with leading corporate governance practices will guide companies in establishing a framework of processes and attitudes that increases their value, builds their reputation and ensures their long term prosperity.
Considering the developing awareness and relatively low institutionalisation of leading governance practices in Nigeria, the implementation of the Code may be challenging for those who have not previously had to comply with any corporate governance codes. Whereas, implementation of the principles should be relatively easier for companies that have previously been subject to the provisions of sectoral codes.
In this series, KPMG has provided an interpretative overview of the key provisions in the Code and the key implications for board and key stakeholders of the users of the Code. We have also made an attempt to identify key next steps for those to whom the Code applies and others who choose to adopt its principles.
MMS Plus hopes that Nigerian companies in various sectors of the economy, find this publication useful for their corporate governance journey.
Highlights and Implications
The FRC has put forward the following implementation strategy
Code Philosophy and Implications?—The implementation of the code is based on the “Apply and Explain” principle. —This assumes application of all principles and requires entities to explain how the principles have been applied to suit their unique organisationcontext while still achieving the intended outcome of the principles.How will the Code be enforced?—The FRC will monitor the Code through the sectoral regulators and registered exchanges who are empowered to impose sanctions on noted deviations.—Additionally, the FRC may conduct reviews on the implementation of the Code where deviations from the Code recur.
Highlights of the Code
BOARD STRUCTURE
Section 2 of the Code empowers its users to determine the size and composition of their boards taking into account the scale and complexity of their operations; the need for sufficient members to serve on its committees; the need to secure quorum at meetings; as well as ensuring diversity.
The Code also recommends an appropriate mix of executive (EDs), non-executive (NEDs) and independent non-executive members, (INEDS) with a majority of non-executive directors. However, the Code does not specify the number of INEDs required on boards but recommends that majority of the NEDs be INEDs.
Implications
Companies are now granted the autonomy to determine the size and composition of their Boards, within the confines of the requirements set out by their sectoral regulators. This flexibility gives the users of the Code significant control over their cost of governance.
Companies would thus need to:
review the existing Board composition to ensure that it reflects an appropriate balance of required skills, experience and Independence.
define a governance policy specific to enhancing gender and other diversity on the Board. The policy should also provide for frequent refreshing of the Board’s membership and skill set.
disclose a summary of the policy in the annual report and report on the board’s performance in achieving diversity on the board.
THE CHAIRMAN OF THE BOARD
Section 3 of the Code articulates the responsibilities of the board chairman in providing overall leadership to the company and driving effective board operations. It also recommends that the chairman be not involved in the day- to-day operations of the company. Notable in this section is the requirement for the chairman to periodically interact with non-executive directors.
Implications
The board will need to ensure a clear separation of roles between the NEDs (including the chairman) and the EDs. The roles and responsibilities of each director position should be formally articulated in the board charters and appointment letters to directors. Furthermore, a framework that defines both financial and non-financial matters that need to be referred to the board and those for executive management should be formally developed. Additionally, the board chairman will need to identify effective mechanisms for periodic engagement with other NEDs.
TRANSITION TO CHAIRMANSHIP
The Code discourages the transition of MD/CEOs or EDs to the role of Chairman, and mandates a three-year cooling off period where this is the case.
Implications
This requirement implies that retiring or retired MD/CEOs or EDs who aspire to chairmanship in the same company would need to wait for the required three year cooling-period before they can be considered. This will assist to minimize potential conflicts of interests. During the cooling off period, it is advisable that such directors continuously update their skills, knowledge and experience, remain informed on key changes in their industry and regulatory landscape to ensure that they remain relevant.
THE INDEPENDENT DIRECTOR
All directors are expected to exhibit a degree of independence of mind and appearance. The Code however sets expectations for increased level of independence from INEDs. Section 7 of the Code prescribes for establishing the independent status of an INED. The criteria while not exhaustive aims to strengthen independence on the board and ensure that directors who are classified as INEDs are “independent – both in character and in judgement”. Boards are also expected to annually ascertain and confirm the continued independence of each INED of the Company.
Implications
The independence criteria put forward in the Code appears to include some more stringent requirements than those set out in some of the existing sectoral codes. Specifically, Independent directors cannot have:
Shareholding in excess of 0.01% of the company’s paid up capital (as opposed to 0.1% as set out in the SEC Code. The 2009 NAICOM Code of corporate governance does not permit an INED to have any shareholding in the company);
served as an employee for the company or any of its related companies within the preceding five years (as opposed to three years set out in the SEC Code);
had a material business relationship with the company, directly or indirectly, in the preceding five years (as opposed to three years set out in the SEC Code); or
a close family member who has served as a director, senior employee, creditor, supplier, customer or substantial shareholder of the company.
In addition, an existing NED should not be reclassified into an INED on the same board.
Companies will have to evaluate their independent directors against the above-listed requirements and make amendments as appropriate. They would also have to continuously monitor and annually confirm the independence status of the directors.
THE COMPANY SECRETARY
Section 8 highlights the key role that the company secretary plays in supporting the effectiveness of the board and mandates that he/she provides independent guidance and support to the board. In line with this, the Code mandates that the board should properly empower the company secretary as well as approve his/her performance evaluation, appointment and removal.
Implications
In order to empower and strengthen the independence of the company secretariat function, companies will need to:
Obtain the approval of the board on the appointment and removal of the company secretariat. Furthermore, the performance appraisal of the company secretariat should be approved by the board. Board feedback/input should form a significant portion of the company secretariat performance appraisal results and should be approved collectively by the board.
Realise that where the position of the company secretariat is merged with other functional responsibilities (e.g. legal function, corporate services, etc.), the company secretary would have a dual functional reporting line. Specifically the company secretary would report directly to the board on all company secretariat activities and functionally to the management team on his/her other duties and administrative responsibilities.
Ensure that the company secretary is not a member of the board to guarantee the continuous provision of objective and independent guidance to the board.
Ensure that the company secretary has unfettered access to the board.
BOARD COMMITTEE STRUCTURE
The Code recommends the establishment of committees responsible for nomination and governance, remuneration, risk management and audit. However, companies are availed the flexibility of combining these responsibilities in board committees taking into consideration the size, needs and activities of the company. The Code also recommends that the board committees responsible for nomination, governance, remuneration and audit comprise of only NEDS(majority of whom should be INEDs where possible). Committee chairs are also expected to present a written report of their deliberations to the full board at its quarterly meetings.
Implications
Boards will have to review the existing composition of the committees responsible for nomination, governance and remuneration (where they exist) to ensure that the membership comprises of only NEDs. This review is particularly important for boards of banks and other financial institutions, as the CBN Code permits the inclusion of EDs as members of the nomination and governance committee (where these committees are not combined with the remuneration committee).
Boards will also need to revisit their existing board compositions to reflect an adequate number of INEDs required to form committees as well as directors with sufficient proficiency particularly in the areas of risk management, governance and finance to provide effective oversight. Periodic training courses can be scheduled for the directors to enhance their skills.
Lastly, company secretaries would need to document a written report summarising key deliberations of committee meetings, which would be presented by the committee chairpersons to the full board.
INTERNAL CONTROL
Section 11 of the Code introduces additional responsibilities for the audit committee.Specifically, the audit committee is expected to ensure the development of a comprehensive internal control framework and obtain annual assurance (internal and/or external) and report annually in the audited financials on the design and operating effectiveness of the company’s internal controls over financial reporting.
Implications
The Code buttresses the importance of an effective internal control system and requires the audit committee to ensure :
Development of a comprehensive internal control framework that promote effectiveness and efficiency of operations, ensure reliability and integrity of financial reporting, safeguards assets and ensure compliance with applicable laws and regulations. Companies will need to consider any of the leading control frameworks like COSO, Turnbull, etc. in designing their internal control framework. The framework should address the following:
structure and methodology through which Companies aims to develop its internal control systems in a dynamic operating environment, in order to mitigate risks, support sound decision making and governance, and deliver strong performance;
key elements through which the assurance function provides reasonable assurance to management and board of directors on the effectiveness and efficiency of controls in pursuit of the company’s objectives; and
roles and responsibilities of all stakeholders with regards to Internal Control.
Management will need to ensure that internal controls over financial reporting are adequately designed to substantially reduce the risk of misstatements and inaccuracies in a company’s financial statement
Internal Audit’s scope of work/audit plan to include providing assurance on the design and operating effectiveness of the company’s internal control over financial reporting. Internal Audit’s methodology may need to be updated to include techniques and approach for testing these controls. The audit committee would need to also ensure that internal audit is adequately resourced and skilled to provide this assurance or rely on external consultants where there are skill gaps or resource constraints.
The result of these reviews will form the basis of the audit committee report recommended by the Code which may be made available to external auditors for further review and assurance before inclusion in the annual report.
The results of the assurance on the effectiveness of company’s internal control would be reported annually in the audited financial report by the audit committee.
The existing charters and meeting agendas of the audit committee would also need to be updated to reflect these additional responsibilities.
INFORMATION TECHNOLOGY
The Code stipulates that the board constitutes a committee which will be responsible for providing oversight for risk management related matters within the organization. Amongst other duties, this committee will be responsible for reviewing the company’s IT governance framework on an annual basis. The reviewed framework is to be approved by the board.
Implications
IT governance issues will begin to take front burner in organisations. An annual IT governance assessment will need to be performed to ascertain that the right policies, processes and controls are in place to ascertain that the overall management of enterprise data –including its availability, integrity, confidentiality and overall security.
Key considerations should include:
Policies, Standards, and Strategy: Governance structures in place to support the implementation of IT governance practices within the organisation.
Data Quality: Measures in place to ensure that data is available, usable and accurate for management decision making.
Privacy/Compliance/Security: Data privacy, access control, information security controls, while ensuring compliance with key regulatory, contractual, or internal requirement for data.
Architecture/Integration: Data flows as a result of complex system integrations at various levels of the IT architectural stack.
TENURE
The Nigerian Code introduces a maximum tenure of three terms of three years each for INEDs while recommending periodic refreshing of the NEDs on a board. It also requires boards to determine the tenure of EDs within a company. In determining the tenure of an ED, the board should take into account his performance, the existing succession planning mechanism, continuity of the board and the need for continuous refreshing of the board.
Implications
Boards will need to re-evaluate the tenure of its independent directors as defined in their charters/governance policies to align with the Code. To ensure continuous refreshing of the board, boards would need to define a tenure for the EDs and NEDs. There should also be periodic assessment (at a minimum annually) of the EDs and NEDs, the outcome of which should be utilised in determining the renewal of their contracts and tenure respectively.
PERFORMANCE EVALUATION
The Code recommends an annual board evaluation to assess the performance of the collective board, board committees and individual directors in executing their oversight role on the company. It also introduces a Corporate Governance Evaluation to be performed annually, which will be focused on the implementation of the Code. Both evaluations are to be externally facilitated by an independent consultant at least once every three years.
The summary of the report of this evaluation is to be included in the company’s annual report and investors’ portal.
Implications
The annual performance of board and governance evaluations can be conducted internally while the use of external consultants is required once in three years. However, companies can still choose to have these annual evaluations externally facilitated for objectivity and credibility while reducing conflicts typically associated with the conduct of peer performance evaluation. Companies that choose to perform them internally will need to develop rigorous, objective processes to achieve this. These processes should involve the chairman of the board and the committee responsible for nomination and governance for overseeing the process.
The summary of the report of this evaluation should be included in the company’s annual report and investors’ portal.
REMUNERATION – Policy
The Code provides that the company’s Remuneration Policy should be disclosed in the annual reports, alongside remuneration for all directors.
Implications
It is no longer sufficient for Companies to disclose directors’ remuneration in their annual reports. The remuneration policy should also be disclosed.
The scope and disclosure of a properly defined remuneration policy should include the following:
policy objectives and underlying principles
information on the company’s justification for the remuneration programme, including compensation philosophy
information on how the policy supports the company’s objectives
use of relevant performance measures, with effective linkage to pay
how the policy addresses the issue of excessive risk taking, undeserved / excessive bonus and other forms of incentives
the process and frequency of remuneration reviews.
However, there is no sufficient clarity as to how the directors’ remuneration should be disclosed: individually or on an aggregate basis. In most jurisdictions, the remuneration is presented individually. In Nigeria, the issue of security and safety may not support this approach.
REMUNERATION- Claw back / Exempted Payments
The Code advocates for the implementation of a claw back policy to recover excess or undeserved reward, such as bonuses, etc. from directors and senior employees.
It also excludes EDs from earning sitting allowances at board and committee meetings (including subsidiaries) and NEDs from earning performance-based pay to minimize bias in their decision making.
Implications
The introduction of claw back policy should help in reducing excessive risk taking on the part of the management. Since the Code does not specify any look-back period, companies would be at liberty to define this and how recovery will be pursued based on their own unique circumstances.
Companies may need to review the remuneration structure of their directors to ensure compliance with the Code with respect to payment of sitting allowances or directors fees and performance-based pay to EDS and NEDs, respectively. Companies that are currently doing this will need to discontinue the practice immediately.
EXTERNAL AUDIT FIRM & AUDIT PARTNER ROTATION
An external auditor may provide to the company only such other services as are approved by the board on the recommendation of the committee responsible for audit . These other services should not create a self-review threat.
Implications
Companies would have to put a process in place to ensure that all other services provided by its external auditor are approved by the board of directors on the recommendation of the audit committee.
Also, the process would need to include the audit committee’s consideration of self-review threats for the external auditor.
EXTERNAL AUDIT FIRM & AUDIT PARTNER ROTATION
For a retiring partner from an audit firm and his appointment to the board of an audit client, in order to preserve independence, there should be an appropriate cooling off period spanning at least three years
Similarly, there should be a cooling-off period before a company can engage any member of the audit team as a staff member in the financial reporting function.
Implications
Relevant checks would need to be implemented by companies prior to the appointment of directors and finance staff to prevent the appointment or engagement of former audit partners or audit team members without an appropriate cooling-off period.
RISK MANAGEMENT
The Code requires the board to oversee and approve the establishment of a framework that defines, among other things, the company’s risk policy, risk appetite and risk limits and review periodically relevant reports to ensure the ongoing effectiveness of this framework. The board is also expected to undertake at least annually, a thorough risk assessment covering all aspects of the company’s business.
Implications
Boards would need to define their risk appetite – the amount of risk they are willing to accept in the pursuit of value – and derive relevant risk limits and metrics that would be used to measure and monitor risks. Properly determining a risk appetite and clearly documenting parameters for managing risk will help boards to better manage their performance by bringing discipline to major strategic decisions. Management of companies will also be more efficient as they will be appropriately guided in their operations.
Additionally, companies would need to proactively identify, assess and manage their changing risk profile, to minimise operational losses. A robust risk assessment enables management collectively identify potential events, assess their likelihood and the extent to which they may impact the achievement of company objectives. Considering the varying nature of organisational risks and their drivers, risk assessments should be performed at least annually and appropriate strategies put in place in place to manage risks.
To serve as a focal point for risk management issues, companies should consider appointing a Chief Risk Officer/Head of Risk who would be positioned appropriately within the company and possess the requisite authority. He/she would also report to the committee responsible for risk management.
INTERNAL AUDIT
The Code requires the board to oversee and approve the establishment of a framework that defines, among other things, the company’s risk policy, risk appetite and risk limits and review periodically relevant reports to ensure the ongoing effectiveness of this framework. The board is also expected to undertake at least annually, a thorough risk assessment covering all aspects of the company’s business.
Implications
The Code advocates for a proactive internal audit function that adopts a risk-based audit process as opposed to a compliance approach, limited to the evaluation of adherence to procedures. This enables internal audit to provide independent assurance on the management of risks and the effectiveness of the controls designed to mitigate identified risks. To achieve this, the Function would need to be headed by a competent and experienced senior management person who will report functionally to the audit committee and administratively to the MD/CEO. Companies may also choose to outsource the function to a competent firm. The committee responsible for audit should refine the scope of work of internal audit and ensure that appropriate tools are employed in the implementation of the auditing process and that the function is adequately resourced and funded.
In addition, the committee should ensure that the internal audit function is independently
COMPLIANCE
The Code requires the board to oversee and approve the establishment of a framework that defines, among other things, the company’s risk policy, risk appetite and risk limits and review periodically relevant reports to ensure the ongoing effectiveness of this framework. The board is also expected to undertake at least annually, a thorough risk assessment covering all aspects of the company’s business.
Implications
The Code advocates for a proactive internal audit function that adopts a risk-based audit process as opposed to a compliance approach, limited to the evaluation of adherence to procedures. This enables internal audit to provide independent assurance on the management of risks and the effectiveness of the controls designed to mitigate identified risks. To achieve this, the Function would need to be headed by a competent and experienced senior management person who will report functionally to the audit committee and administratively to the MD/CEO. Companies may also choose to outsource the function to a competent firm. The committee responsible for audit should refine the scope of work of internal audit and ensure that appropriate tools are employed in the implementation of the auditing process and that the function is adequately resourced and funded.
In addition, the committee should ensure that the internal audit function is independently assessed at least once every three years.
COMPLIANCE
The Code encourages the board as part of its responsibilities to ensure that the company is in compliance with the laws of the Federal Republic of Nigeria and other applicable regulations. It further requires external auditors to report to the regulator any observed instance where companies or anyone associated with the companies commit an indictable offence under any law whether or not such matter is or will be included in the Management Letter issued to the committee responsible for audit and/or the board.
Implications
Companies would need to put in place structures and processes required to strengthen and promote a culture of regulatory compliance. Some of the immediate actions that could be implemented include;
Reviewing the effectiveness of the current process to identify gaps in compliance with laws, regulations and good business ethics
Ensuring the development of a regulatory rule book i.e. a compendium of all applicable rules and regulations the organisation is exposed to
Establishing a compliance function, board and management committees, or designating existing structures that would be responsible for monitoring regulatory compliance
Establishing processes and systems for assessing, monitoring, managing and reporting regulatory compliance
Establishing whistle-blower mechanisms that provide a platform for stakeholders to anonymously report instances of regulatory noncompliance
Implementing a framework for effective internal audits & investigations that ensures accountability through
WHISTLEBLOWING
The Code requires the board to establish and periodically review an effective whistleblowing framework for stakeholders who wish to report any illegal or unethical behaviour, as well as ensure that there is no retaliation against the whistleblower for making reports. Such whistleblowers who suffer retaliation may be entitled to compensation and/or reinstatement as appropriate. Furthermore, the Audit Committee is required to present issues reported through whistleblowing channels to the board.
Implications
Boards are required to establish a whistleblowing program and design policy which should address all the specific requirements of the Code. The whistleblowing program should be reliable, accessible, provide anonymity for the whistleblowers and, confidentiality of the whistleblowing reports and the resulting investigations. Consequently, organisations will need to conduct a current state assessment of their whistleblowing program and accordingly, update existing whistleblowing policies to reflect the terms of the Code. Organisations will also be required to define their fraud response protocol such that investigation reports are received by the appropriate board committees.
In line with leading practice and the requirements to ensure anonymity and confidentiality, Boards should consider outsourcing their whistleblowing channels to a competent professional service firm.
SUSTAINABILITY
The Code encourages companies to pay adequate attention to sustainability issues by disclosing their environmental, social and governance (ESG) activities in their annual reports. Furthermore, it also encourages an independent review of these ESG reports to be carried out.
Implications
Board’s will need to formalise their approach to sustainability issues within the organisation by articulating strategic initiatives to be implemented and a framework for reporting these activities using globally accepted reporting standards. Boards will also need to obtain assurance on their sustainability report from an independent assurance provider. This will enable users of the sustainability report effectively measure the company’s ESG investment.
DISCLOSURES
The Code contains extensive disclosure requirements which should be made in the annual reports of companies. The Code requires boards to provide adequate information on their corporate governance practices and level of compliance with the Code, summary of the annual evaluation reports of the board including the name of the consultants utilised for the exercise, sustainability policies and programmes, director remuneration, related party transactions, directors’ interest in contracts, company policies on accounting and risk management issues.
Implications
The increased level of disclosure required by the Code helps to promote a more transparent and uniform reporting process and enables accountability to stakeholders. Boards will have to ensure that timely disclosures are made to provide internal and external stakeholders with relevant and reliable information about the quality of the company’s governance practices.
Conclusion
The Nigerian Code advocates for stronger governance practices within companies and accountability to shareholders. The practices recommended in the Code will require companies – particularly those who have not previously been regulated by a governance Code – to conduct a preliminary assessment of their existing governance practices in line with the principles articulated in the Code and put in place appropriate processes and practices to address any observed gaps.
Furthermore, the Code was also silent on the following areas that will enable the ease of implementation of the Code:
1. Applicability and commencement period;
2. Transition arrangement;
3. Treatment of current sectoral codes in existence that may have more stringent rules; and
4. Guidance for the frameworks to be utilised in developing and reporting on internal control and sustainability frameworks.
Consequently the FRC will need to issue directive on the areas noted above to properly guide companies in the implementation of the Code.