This article was produced by Nabarro LLP, which joined CMS on 1 May 2017.
NEDs are under continuous pressure to be accountable to the shareholders in their companies. Corporate governance is also currently being closely scrutinised which could lead to changes concerning directors' liabilities. To help NEDs through this changing and challenging environment, below are three key areas where the reputational and financial consequences can be significant if NEDs and the company, fail to operate properly.
Cyber-security: is the company protected?
In the event of a cyber attack or breach, a company’s reputation could be significantly impacted. The resulting loss of customer, employee and investor confidence could leave a company struggling to recover.
The High Court recently found in favour of several claimants in a case involving the accidental publication of personal data online (TLT and others v Secretary of State for the Home Department  EWHC 2217 (QB)). The Court awarded damages between £2,500 and £12,500 to the six claimants. The awards were made through the court's assessment of the psychological damage to each claimant and the data breaches of the company. In a class action suit these relatively small amounts could be multiplied by hundreds or thousands of times and therefore paves the way towards potentially substantial payouts for data breaches, emphasising the ever-increasing importance of data protection.
Phishing emails, viruses and other malware attacks are on the rise. Companies must ensure they have the ability to keep client and investor information confidential through (i) the implementation of a robust security policy, (ii) ensuring computer systems are up to date with the best possible anti-virus software and (iii) employing the correct staff who have relevant technical expertise. All these aspects are vital to secure confidential information and to build up resilience to a data breach. This is also enhanced by the upcoming implementation of the General Data Protection Regulation in early 2018. Under the regulation, companies could be exposed to higher penalties and fines in the event of a breach, up to a maximum of 4% of the business’ global turnover.
Insurance policies should also be reviewed to check whether a company is covered for data breaches. Most businesses are not actually insured in the event of a cyber attack. An incident management plan should also be put in place. You will want to act swiftly if you become aware of an attack and the plan will contain the procedure to follow.
Cyber-security should be a regular board agenda item, with appropriate reporting systems in place. Subsequently, with efficient risk management, strong security and effective corporate governance policies, the impact of a breach can be significantly reduced whilst ensuring that a company continues to comply with its data security obligations.
Gender pay gap: what are the company's stats?
Emphasis has been placed on the need for greater transparency in connection with gender pay differences. As a result, all employers have to publish their gender pay gap information by 4 April 2018 and update it on an annual basis.
In January 2017, ACAS and the Government Equalities Office published guidance on "Managing gender pay reporting in the private and voluntary sectors". This sets out the legal requirements and indicates what is considered to be good employment practice.
- Employees, part-time workers, job-sharing employees, agency workers and some self-employed individuals will be included in the headcount for reporting purposes.
- Facts and figures to be given include, but are not limited to:
- the mean gender pay gap,
- If a company has 250 or more employees, it must comply with the gender pay reporting requirements.
- proportion of males and females receiving a bonus, and
- a written statement confirming the accuracy of the calculations which must be authorised by an "appropriate person" i.e. a director, or equivalent.
- The information is to be published on the employer's website and on a designated government website.
- mean bonus gender pay gap,
The grey areas:
- Companies who send employees abroad may also need to include these employees in the headcount, but these specific cases have to be assessed carefully.
- When an employee elects to defer a bonus entitlement i.e. under a long-term incentive plan (LTIP), the bonus would only be captured at the time when income tax is charged; consistent monitoring and updating of records will therefore be required.
- There is no reference to contractors who supply services through their own service company. Would they fall within the headcount of their own service company or the company receiving their services? It is suggested that they would be included in the service company headcount, however, it is yet unclear that this is correct.
As a reminder, equal pay claims can be substantial as demonstrated by the judgment against Birmingham City Council, whereby the council had to pay at least £757m in respect of claims, brought predominantly by women, who missed out on bonuses.
Clarity and consistent monitoring is important to ensure the company, and consequently the NEDs’ reputation is maintained. It will also incentivise the company to look at the long-term effects and the changes that need to take place to tackle inequality and provide for an equally represented workforce.
There has been an upsurge in the incidence of accounting issues being identified by listed companies including BT, Cobham and MITIE. There seems to be a particular issue where a company operates on a long-term contract basis with recurring variable revenues and variable costs supporting those revenues. Furthermore, the Financial Reporting Council is conducting regular reviews of accounts and is increasingly looking to NEDs to be on the lookout for accounting issues.
We have been involved in a number of accounting investigations over the years and the key areas to focus on are revenue and cost recognition; prepayments and accruals; and cash conversion.
If the company has multiple accounting centre locations, it is important to ensure that the local accounting is carried out properly and that there are adequate and robust procedures for providing that information to the head office accounting function.
In the unfortunate event that things go awry, you will need to consider
- ensuring continuous compliance with disclosure obligations
- instigating a forensic review and legal privilege relating to any output from that review
- how to interact with your auditors
- disciplinary action against any responsible employees
- how to handle any potential incoming or outgoing claims
- how to interact with regulators such as the FRC, FCA/AIM, and the SFO, and
- having an efficient PR and commercial response system, ready to respond quickly and effectively to defuse the situation.
A version of this article was first published in The Sunday Times as part of Peel Hunt’s 2017 Non-Executive Director Awards coverage.