News

Revised Corporate Governance Code issued by Securities Commission of Malaysia, 2007

Introduction

Malaysia has in my opinion one of the best frameworks for corporate governance in South East Asia. The recently announced changes in the Corporate Governance Code, originally issued in 2000, are an example of the on going evolution and improvement of Corporate Governance in Malaysia. This is further emphasized by a number of recent cases where the Securities Commission of Malaysia has taken action to recover monies illegally defalcated, in breach of fiduciary responsibilities of directors and the Code and other guidelines.

The crucial issue in improving the Corporate Governance environment in Malaysia, however, is not just the establishment of good frameworks and guidelines but also the enforcement of such guidelines and rules on a consistent and pertinent basis. This is, in my opinion, one area where improvement is needed to truly progress effectively to a transparent environment and effective results from the efforts invested in improving Corporate Governance standards.

The following opinions are my own, and based on my belief in the adaptation of corporate governance frameworks and standards, including Committee of Sponsoring Organizations of the Treadway Commission (COSO), to different cultures and cultural entities, both countries and organizations. In this article I will focus on how the Corporate Governance Code could be made more effective by identifying several areas for improvement based on personal experiences.

Prescriptive versus Non Prescriptive Approach to Corporate Governance

A debate has been taking place over the past 5 years, since the passing of the Sarbanes Oxley Act 2002 in the USA, which has started to divide supporters of Corporate Governance into two camps. There are those who believe guidelines and rules should be prescriptive (enshrined in legally enforceable laws and regulations) and those who believe that Corporate Governance guidelines should be optional and not necessarily enforced by law. A third group believes in a hybrid approach.

The division of opinions has been exacerbated by the recent increasing trend for companies to list on stock exchanges outside the USA, ostensibly due to the pressures from the prescriptive requirements contained in the Sarbanes Oxley Act 2002 (The Act), which are applicable to listed companies on the New York Stock Exchange, as compared with the relatively less prescriptive codes adopted by, for example, the London Stock Exchange.

The reality is somewhat different in my opinion. For example, for a while there was debate in the USA as to what constitutes an adequate (suitable and recognized) internal control framework, required by the Act. The Act is in fact silent and non prescriptive, while additional guidelines issued by the Securities and Exchange Commission (SEC) in 2003 clarified that an example for guidance (non binding legally) is found in the COSO framework issued by the Committee of Sponsoring Organizations of the Treadway Committee.

Where the Act is prescriptive is in confirming the legal liability of the CEO and the CFO of a company to jointly approve and sign off on certificates (Certification) to confirm they are satisfied that the internal control frameworks in their organizations are effective. This, in my opinion, leaves a great latitude and freedom for the CEO and the CFO to determine what constitutes to them an adequate Internal Control Framework to address, inter alia, corporate governance requirements, and hence their ability to defend their specific organizational solutions against any third party reviews and audits.

Some observers have stated, and I concur, that the reasons for any de listings and moves away from listing on the NYSE is in fact due to the costs of doing so as compared with other stock exchanges as well as the more litigious environment in the USA when things go wrong. The Stock Exchanges are private enterprises, intent on attracting the maximum number of listings while balancing risks of corporate breakdowns and providing as advantageous conditions as possible, including lower listing fees, to reach their economic goals, to maximize profitability for their shareholders.

This, in my opinion, confirms that prescriptive regulations are not necessarily responsible for capital movements. Capital movements are in fact attributable to other environmental factors.

The weakness inherent in non prescriptive rule setting

In considering the risks of non prescriptive approaches I draw on my own global experience, of which follows one example.

During my projects in Africa, I had observed major petrochemical damages caused to the environment by a refinery that was being overhauled. As an Internal Audit Director I brought this issue to the attention of the directors and shareholders of the company as a priority matter to be addressed. In spite of several attempts over the course of 3 years to convince the directors of the need to take action, the profit motive for the refining operations proved too strong, and the refinery continued to pollute waterways, affecting villager's livelihoods and the general environment where the refinery operated.

In the particular locale where I operated as an Internal Audit Director there were no corporate governance laws or procedures on the reporting lines of the Internal Audit Department, whistle blowing systems and procedures, audit committee operations and responsibilities or access to legal agencies such as the Environmental Agency equivalent of the country. The company was operating on non prescriptive requirements to establish a good corporate governance environment as a pre requisite from its main financier of crude oil cargoes, which included the need to establish an Internal Audit Department.

My continued insistence on bringing the environmental spills and pollution to the director's attention affected my working relationship to such an extent that I was shunned by colleagues. Negative rumors were created about my private life with the connivance of the Board of Directors. I was unable to effectively undertake my work as an Internal Auditor, leaving no option but to resign from my position. Confidentiality clauses in my employment contract prevented me from blowing the whistle and report the issues to an outside agency. My family was at risk, not only from a premature contract termination leaving me stranded in a foreign land, but also from implicit threats in case any reports were made to outside agencies, including non payments of outstanding salaries and relocation allowances (in the event this did happen). The incident followed me around the world and affected my success during other projects in different countries, where there was an active smear campaign to sully my professional image and name.

In effect, only the consistently idealistic and naïve would in such a case decide to take the appropriate steps and report the breaches of environmental legislation to outside government agencies. In the event, the company was taken to court and fined the sum of around USD $ 2 million related to their breach of environmental protection laws.

The current update of the Corporate Governance Code in Malaysia

Although the Code's provisions have been strengthened in a number of areas, relating to audit committee operations, nomination committees and the requirement for an Internal Audit department in companies listed on the Bursa Malaysia, I believe a key area for improvement arises from its lack of prescription. This lack of enforceability could easily create experiences for other professionals similar to the one I have described previously.

The Code provides for companies to report on their Corporate Governance environment in the annual reports and allows them to not comply as long as they clarify reasons for not doing so. According to Bursa Malaysia listing regulations, any company not complying (ie, not including a section on Corporate Governance) will be subject to sanctions from Bursa Malaysia applied to the company or its directors.

The issues arising from the current Code are as follows:

• The Code of Corporate Governance 2007 has been issued by the Securities Commission (Established under the Securities Commission Act 1993) but the provisions and details in the Code are legally non binding and non enforceable by the Securities Commission.
  
  
• The enforcement and policing of the requirement to include a section on Corporate Governance and any areas of non compliance are the responsibility of an organization which is a private listed company. Bursa Malaysia is focused on competing with other regional and global stock exchanges and maximizing profitability for its shareholders. This is an inherent conflict of interest.
  
  
• It is unlikely that the average reader (read investor) of a Corporate Governance section in an annual company report would really understand the issues relating to Corporate Governance. For example, does anyone outside professional circles really understand the impact if the external auditor has not been able to report privately to the Audit Committee at least twice per annum? And what impact does it have that the Head of Internal Audit does not have the same rights to do so under current Code provisions?
  
  
• Any non compliance with the Code identified under the provisions of the Code and Bursa Malaysia regulations does not in fact constitute a breach of requirements. As long as a section is dedicated to the topic of Corporate Governance and identifies non compliances and suitable countermeasures there is compliance. There are no easily enforceable qualitative measures. Even if a company chooses to ignore the Code provisions they could provide a comment on compensating measures that would require a professional review to evaluate the effectiveness of any such compensating measure. From experience, this is a task both onerous and time consuming, and unlikely to be undertaken.

Conclusion

Taking into account the analysis provided, the updated Code is making progress in the right direction to provide a better and more transparent environment for investors. The main areas for improvement are in enforcement and legal sanctions that may be applied in case of a breach of the Code.