The updated Malaysian Code on Corporate Governance – an interesting read

With the notable exception of the US, countries around the world have developed corporate governance codes. The typical approach is to require companies listed on the major exchanges to either comply with the provisions of the code or explain why they do not. Some, as in Malaysia, require companies to explain how they have complied.

The Securities Commission Malaysia has released an update of its code, first issued in 2000 and updated in 2007. It “sets out the broad principles and specific recommendations on structures and processes which companies should adopt in making good corporate governance an integral part of their business dealings and culture”. The code “advocates the adoption of standards that go beyond the minimum prescribed by regulation”.

The code defines corporate governance as:

“The process and structure used to direct and manage the business and affairs of the company towards enhancing business prosperity and corporate accountability with the ultimate objective of realising long-term shareholder value, whilst taking into account the interests of other stakeholders.”

Most of the code is straightforward and to be expected.

Of note are:

• Boards must ensure management has processes in place to manage the appropriate taking of risk, within an approved level of ‘tolerance’

• An internal audit function is required, reporting to the audit committee of the board

• Sustainability must be promoted

• The board must oversee and disclose diversity targets and policies

• Independent directors may only serve for 9 years, after which (if they continue) they are considered non-independent

• The CEO and chairman of the board must be separate individuals, the latter being an independent director

• Internal audit should not only provide assurance that the internal controls are operating effectively, but assess the effectiveness of governance, risk management, and internal controls processes

Here are some excerpts:

• The role of the board is to review, challenge and approve management’s proposal on a strategic plan for the company. The board brings objectivity and breadth of judgment to the strategic planning process as they are not involved in day-to-day management of the business. The board should satisfy itself that management has taken into account all appropriate considerations in establishing the strategic plan for the company. The board is also responsible for monitoring the implementation of the strategic plan by management.

• A basic function of the board is to oversee the performance of management to determine whether the business is being properly managed. The board’s obligation to oversee the performance of management contemplates a collegial relationship that is supportive yet vigilant. Therefore, the board must ensure that there are measures in place against which management’s performance can be assessed.

• The board must understand the principal risks of all aspects of the company’s business and recognise that business decisions involve the taking of appropriate risks. This is intended to achieve a proper balance between risks incurred and potential returns to shareholders. The board must therefore ensure that there are systems in place which effectively monitor and manage these risks.

• A key role of the board is to establish a corporate culture which engenders ethical conduct that permeates throughout the company. The board needs to formalise and commit to ethical values through a code of conduct and ensure the implementation of appropriate internal systems to support, promote and ensure its compliance. The code of conduct should include appropriate communication and feedback channels which facilitate whistleblowing. The board should periodically review the code of conduct. A summary of the code of conduct should be made available on the corporate website.

• The board should establish a policy formalising its approach to boardroom diversity. The board through its Nominating Committee should take steps to ensure that women candidates are sought as part of its recruitment exercise. The board should explicitly disclose in the annual report its gender diversity policies and targets and the measures taken to meet those targets.

• The Remuneration Committee should consist exclusively or a majority of, non-executive directors, drawing advice from experts, if necessary.

• it is important for the board to undertake an annual assessment of the independence of its independent directors. When assessing independence, the board should focus beyond the independent director’s background, economic and family relationships and consider whether the independent director can continue to bring independent and objective judgment to board deliberations. The Nominating Committee should develop the criteria to assess independence. The board should apply these criteria upon admission, annually and when any new interest or relationship develops.

• The board should determine the company’s level of risk tolerance and actively identify, assess and monitor key business risks to safeguard shareholders’ investments and the company’s assets. Internal controls are important for risk management and the board should be committed to articulating, implementing and reviewing the company’s internal controls system. Periodic testing of the effectiveness and efficiency of the internal controls procedures and processes must be conducted to ensure that the system is viable and robust. The board should disclose in the annual report the main features of the company’s risk management framework and internal controls system.

Isn’t it time for the US to put a comprehensive governance code together, replacing the various elements in Sarbanes-Oxley and elsewhere with a simple law that mandates compliance and disclosure?