Gouvernance

Le Bureau du surintendant des institutions financières (BSIF) vient de clôturer une consultation sur une intéressante ligne directrice intitulée : « Ligne directrice Risques liés à la culture et au comportement ».

Quelques extraits :

La culture s’entend des valeurs, des états d’esprit, des croyances et des hypothèses qui dictent ce qui est important et la manière dont les gens devraient se comporter au sein d’une entité.

On entend par comportements, ou normes comportementales, les comportements courants ou typiques observés chez un groupe de personnes.

Les IFF doivent établir les structures de gouvernance appropriées afin de superviser la culture et les comportements attendus. Ces structures de gouvernance doivent indiquer clairement les responsabilités qui incombent aux rôles et fonctions clés de toutes les lignes de défense participant à la gestion des risques liés à la culture et au comportement. En outre, des ressources humaines et financières adéquates doivent être prévues.

Les dirigeants à tous les échelons contribuent grandement à façonner la culture de l’IFF. Ils le font activement lorsqu’ils s’expriment et posent des gestes concrets, mais également lorsqu’ils s’abstiennent de dire et de faire certaines choses. 

À la prochaine…

Matteo Tonello du The Conference Board a publié le 13 juillet 2015 un très intéressant billet sur le blogue The Harvard Law School Forum on Corporate Governance and Financial Regulation consacré au risque d’appréhension par le CA du risque de culture de l’entreprise : « The Next Frontier for Boards, Oversight of Risk Culture ».

Over the past 15 years expectations for board oversight have skyrocketed. In 2002 the Sarbanes-Oxley Act put the spotlight on board oversight of financial reporting. The 2008 global financial crisis focused regulatory attention on the need to improve board oversight of management’s risk appetite and tolerance. Most recently, in the wake of a number of high-profile personal data breaches, questions are being asked about board oversight of cyber-security, the newest risk threatening companies’ long term success. This post provides a primer on the next frontier for boards: oversight of “risk culture.” (…)

This global regulatory storm has culminated in a series of papers from the Financial Stability Board (FSB), a global regulatory advisory body formed following the onset of the global financial crisis. Its main objective is to provide guidance to national financial sector and securities regulators around the world. In its most recent paper, issued in 2014, the FSB called on national regulators to actively assess the “risk appetite framework” and “risk culture” of systemically important financial institutions (SIFI), including assessing boards’ effectiveness in overseeing their company’s risk culture. The FSB summarized the new expectations of national financial sector regulators as follows:

“…efforts should be made by financial institutions and by supervisors to understand an institution’s culture and how it affects safety and soundness. While various definitions of culture exist, supervisors are focusing on the institution’s norms, attitudes and behaviour related to risk awareness, risk taking and risk management, or the institutions’ risk culture.”

The Financial Reporting Council (FRC), the United Kingdom’s national securities regulator, reacted to the FSB’s recommendations by updating The UK Corporate Governance Code that applies to all UK public companies. Provision C.2.3 of the Code mandates that the board should annually review and report on the effectiveness of their company’s risk management and internal control systems. Specifically, Item 43 in Section 5 of the guidance requires the board, in its annual review of effectiveness, to consider the company’s “willingness to take on risk (its ‘risk appetite’), the desired culture within the company and whether this culture has been embedded.”

The FRC, recognizing that there is little tangible guidance available to boards on how to oversee a company’s culture, stated that, in 2015, the initial year of implementation of the new board oversight requirements, it will focus on “company culture: how best to assess culture and practices and embed good corporate behaviour throughout companies.”

Financial regulators globally, including the SEC, are expected to follow the UK’s lead and significantly increase their focus on board oversight of corporate culture generally, and risk culture in particular. In a global survey conducted by KMPG, 1,500 audit committee members ranked government regulation second among risks that pose the greatest challenge for their company. Oversight of risk culture may be one of those areas of new government regulation.

À la prochaine…

Ivan Tchotourian