Boards of Directors and Industry Regulations

Shelagh Donnelly
When you onboard your new directors, how much attention do you give to ensuring that newcomers are familiar with industry regulations?

Your board's succession planning and recruitment practices may be such that a good percentage of your incoming directors are already conversant with regulations that are specific to your industry or sector. However, that's not always the case, and so corporate secretaries and other governance professionals would do well to focus on incoming directors' familiarity with industry regulations. In providing access to relevant resources and information, you're positioning new directors ' and your board ' for success.

It may help to think about this element of onboarding in the context of risk and reputation management.

Board of Directors & Compliance

Compliance is critical. Your board needs to monitor the organization's compliance with regulations and legislation. Directors must be aware of and understand relevant regulations, and be satisfied with management's practices, in order that the board can ensure and attest that the organizations they lead comply with regulations. This requires that, individually and collectively, your directors and board need to be familiar with industry, domestic and global regulations.

A board's attestation of compliance was already a major responsibility, even before European General Data Protection Regulation (GDPR) enforcement came into effect in 2018. If your organization has collected data on even a single EU citizen, then you and your board need to have a solid understanding of compliance and disclosure expectations. There are comparable regulations within other jurisdictions, including the United Kingdom's (UK's) Data Protection Act of 2018 and the California Consumer Privacy Act (CCPA). The latter, while also enacted in 2018, cannot be enforced prior to July 1st of this year, and involves regulations to protect consumers' new rights. Brazil has also enacted a General Data Protection Law (LGPD), which will take effect this year.

If you're a governance professional associated with an organization operating in more than one regulatory jurisdiction, you're already accustomed to compliance with regulations that will vary from one country to another. Multinational enterprises (MNEs) must monitor and comply with a range of regulations issued by distinct jurisdictions.

Understanding Jurisdictional Regulations

Not only will regulations vary from one jurisdiction to another; the processes required to ensure compliance can also vary from one country to the next. Globally, as regulators scrutinize companies' operations, their enforcement practices serve to reinforce expectations that businesses shall function with increased degrees of transparency, and in an ethical manner.

In KPMG's assessment
, "Risk and regulation continue to be key drivers of the strategic agenda. More than a decade on from the global financial crisis, there has not been the anticipated decrease in regulatory challenges for financial services providers." What are the expectations? KPMG states that regulators will continue to look for overall strengthening of "core risk management governance, controls, practices and reporting, particularly in the areas of cybersecurity, third-party risk management, and conduct and culture." 

Regulations feature in the recently released results
of PwC's 23rd Annual Global CEO Survey . In Navigating the rising tide of uncertainty, the company reported on the findings of its September and October 2019 survey of 1,581 chief executives from 83 territories. Globally, over-regulation was again the most-cited threat to organizations' growth prospects, identified by 36% of those surveyed. In North America, while over-regulation was cited by an even higher percentage of respondents (38%), it ranked behind cyber threats (50%), political uncertainty and trade conflicts.

Despite concerns of over-regulation, we may anticipate the introduction of even more regulations. The survey results highlight the significance of technology regulation. PwC noted that the private sector's leveraging of big data and implementation of robotics, artificial intelligence (AI) and the Internet of Things (IoT) has been outpacing the development of regulatory systems and standards that can mitigate associated risks.

Reaching Better Alignment

When asked to project what the future may hold, almost 70% of the surveyed CEOs anticipated that government would increasingly introduce legislation to regulate internet content, including social media, in 2022 and beyond. A similar percentage expected the enactment of legislation to break up "dominant" tech companies. Just over half of those surveyed envision government requiring the private sector to financially compensate individuals for collection of their personal data. CEO Dylan Collins observed, "...personal data is actually a liability. People are placing it on the wrong side of the balance sheet."

PwC asked CEOs whether governments are designing privacy regulations that increase consumer trust and maintain business competitiveness, and the results were mixed. While the majority of CEOs from Brazil, China and India do believe that is the case, the majority of CEOs from Canada, Germany, Italy, the UK and the US believe otherwise.

Regulations extend beyond technology and data privacy, of course, and beyond those established by stock exchanges and bodies such as Canadian Securities Administrators (CSA), the US Securities and Exchange Commission (SEC) and their counterparts in other countries.

Boards also need to be aware of and anticipate increased environmental regulations. In Canada, the federal government administers regulations to control water pollution caused by activities ranging from pulp and paper processing to metal mining and wastewater management. These, and the country's energy and transportation sector regulations, are mere samplings of the regulations that can impact how organizations go about their business. These are independent of provincial regulations related to industrial and municipal waste discharge; remediation of contaminated sites; and the protection, management and conservation of natural resources.

In the US, the Environmental Protection Agency
(EPA) and multiple state environmental agencies have established regulations with which organizations must comply. Boards and directors of healthcare organizations in the US, Canada and other countries need to exercise oversight to ensure that their organizations remain in compliance with their respective jurisdictions' health regulations. All boards need to exercise the same degree of oversight with respect to compliance with labor and employment regulations.

You may have begun reading this article with an eye to onboarding, and ensuring that your new directors are familiar with regulation directly impacting your organization. In fact, all directors and boards may be well served by periodic, high-level updates from management and external experts on changing and emergent regulations, with an eye to strategic planning and the organization's long-term success.
Related Insights
Shelagh Donnelly
Shelagh Donnelly writes about governance and the world of administration, and speaks internationally on both topics. She's been a direct report to C-level executives, including four CEOs, in the private and public sectors. Shelagh spent the last decade of her 21-year higher education career immersed in the world of governance. As the institution's governance point person, she elevated the directors' onboarding program, championed the introduction of portal software, and introduced efficiencies and practices that enhanced operations and ongoing board development. Responsible for effective operations of the institution's governance system and accountable to board Chairs and the institution's CEOs, Shelagh supported all five of the board's committees. She worked with four board chairs, more than a dozen committee chairs and multiple directors. Shelagh's professional affiliations have included the Institute of Corporate Directors (ICD) and the National Association of Presidential Assistants in Higher Education (NAPAHE). Through the Association of Governing Boards' (AGB's) Board Professionals Leadership Group, she served as a board professional mentor. She remains a member of Governance Professionals of Canada (GPC) and has served as Chair of the Board of Directors of CICan:GPOP (GPOP), a national professional association affiliated with Colleges and Institutes Canada (CICan). She is one of only two individuals to be recognised with the CICan:GPOP Award for Distinguished Service. Shelagh began publishing Exceptional EA, an online professional development resource for career assistants, in 2013. She continues to publish Exceptional EA and write for other publications, and is the author of the forthcoming book, The Resilient Assistant. Exceptional EA: 'https://exceptionalea.com/ Colleges and Institutes Canada (CICan): https://www.collegesinstitutes.ca/