Board priorities in 2023

For many companies, principal risks at the end of 2022 are considerably different from those faced at the beginning. A mixture of economic stress, geo-political uncertainty and bad actors at nation state level makes for an unappetising cocktail. Boards need to ask themselves if they have the right strategy to weather the storm and, fundamentally, whether they have the right information on which to make that judgment. Testing the effectiveness of internal controls, both as regards financial reporting and more generally, has never been more important.

Boards need to consider their response to the cost of living crisis and its impact on those in the company's value chain. While a company will not control the level of pay in third party organisations, it does have an ability to influence it - activist investors will increasingly expect that influence to be brought to bear. And, like it or not, executive pay and particularly pay rises will be scrutinised in that wider context.

The magnitude and frequency of cyber attacks is only heading in one direction. The speed of a company's response to an attack directly correlates with the ultimate severity of its impact. Response plans are essential and need to be regularly tested, reviewed and updated. Failure to prepare and, indeed, rehearse, must be viewed as a serious dereliction of a Board's duty.

Recent cyber attacks have highlighted the need for Boards to have detailed and actionable cyber incident response plans. For several years Boards have been focused on preventing or mitigating cyberattacks but it is now recognised by most Boards - and by regulators - that cyberattacks are highly likely and the ability of companies to respond to and recover from those attacks (cyber resilience) is critical. Boards must now assume every company is at risk of attack and ensure their company has plans in place to respond and recover.

Climate risk reporting is attracting growing attention in Australia. Several regulators have issued disclosure guidance relating to climate reporting and it is expected that specific climate risk related disclosures will be mandated in 2023, following the example of the UK and New Zealand.

With mandatory climate risk disclosure requirements and increasing expectations on companies and their Boards to commit to sustainability targets, there is likely to be an increase in climate related litigation and the number of claims regarding 'greenwashing'. Key regulators have already flagged that they will be watching closely for breaches and will not hesitate to take enforcement action.

2022 has been awash with unexpected challenges affecting all aspects of company activities, from supply chains to sanctions. In 2023 business continuity planning and strategy reviews will remain high on every Board's agenda to ensure that companies are robust and ready for further challenges ahead.

ESG will remain a topic requiring specific attention. The EU and the US are shaping what net-zero for companies will mean and require. Those companies who demonstrate that they take the required actions stand to gain a competitive advantage and gather support from their stakeholders.

Ensuring efficient but robust corporate governance to manage the multitude of risks will become ever more important.

Additional disclosure and reporting requirements are already here for some companies and are coming for others. The best in class are using these opportunities to investigate and stress test their strategy. Reporting against the TCFD (Taskforce for Climate-related Financial Disclosure) framework is not a tick box or compliance activity, it is an opportunity to critically assess the resilience of the organisation. Companies that spend the time to do this now will be well placed for the TNFD regime (Taskforce for Nature-related Financial Disclosure) that is on the horizon.

Companies are working through the details of their ESG commitments and realising it’s difficult. Companies doing this right are focusing on what they do and don’t know about their organisations. Details around energy efficiency and energy transition, water, waste and other information material to each company’s industry will increase the integrity of the decision useful data companies have available within their own organisations and from their value chain. Boards and Senior Management will need to dedicate resource to determining where their company is at present and what it will take to get them to where they need to be. On a positive note, those that do this now will be building in their competitive advantage for years to come.

Regulations like the EU Corporate Sustainability Due Diligence Directive will require companies to engage with and understand much more about their entire value chain than ever before.

With the increasing focus on ESG from all stakeholders, including regulators, Boards need to find a way to ensure that ESG risks and opportunities are given the same focus by executives as traditional risks and opportunities. One way to do this is by including quantifiable ESG hurdles in executive remuneration targets. Provided that there is a balanced approach to the types of hurdles used in incentive plan designs, using incentives as a means to reward executives for driving ESG outcomes (or penalising them for failing to achieve them) can benefit shareholders and further promote a pay-for-performance philosophy that aligns with creating long-term, sustainable value.

During the last 3 years, there has been some leniency shown by regulators in terms of what constitutes useful and meaningful disclosure in annual and half year reports. This was largely due to the unanticipated and unknown impacts and risks associated with the COVID-19 pandemic. This leniency has come to an end and regulators have made it very clear that they will no longer accept reports which do not, in their view, adequately include information relating to key risks and, importantly, any underlying assumptions relating to those risks.

Most Boards now meet in a hybrid fashion. However, video meetings are usually significantly shorter and can lead to less effective and in-depth deliberations. Regardless of how a Board meets, it is important to maintain a culture in which every director feels like they can voice dissent, ask questions and have an impact.

People are the common thread between all companies, the essential ingredient for success. People, individually and collectively, require psychological safety to perform at their best. The International Organization for Standardization highlighted this with their release in June 2021 of ISO 45003:2021, the first global standard giving practical guidance on managing psychological health in the workplace. Many countries are now expanding local workplace safety regulation to expressly cover psychological safety and expand officer duties. Directors will be key in driving recognition and acceptance of the importance of psychological safety at work.

ESG risks can only be mitigated and ESG opportunities realised, when ESG is at the heart of all Board decision making.

How will you operationalise ESG decisions such that they are implemented and seen in practice, not just talked about as aspirational goals?

Globally high inflation and higher interest rates will have an increasing impact. Over the next 12 to 24 months, these forces will act to dampen growth. Growth is a key element to sustainability – to ensure a business is here for the long-term for its shareholders and stakeholders.

Those companies that can demonstrate a genuine commitment to ESG issues stand to gain a significant competitive advantage, positioning them for a sustainable long-term future. In particular:

• The ‘E’ – net zero, climate change and energy transition remain among the top issues of the day.
• The ‘S’ – social licence to operate is vital to long-term sustainability and is gaining increasing prominence globally. Reputation and brand can take decades to build, but can be destroyed in an instant.

Technology, Digitisation, Data, Convergence and Cybersecurity – key instruments for any large company to secure its future and mitigate disruption.

The case numbers and range of claimants and defendants in relation to ESG litigation continues to grow and diversify. In any statements or commitments to helping the world decarbonise to reach net-zero or climate positive emissions, companies need to 'Say what you mean’ and ‘Do what you say'. This simple approach will mitigate the risk of ESG litigation.

Environmental Protection and Cultural Heritage Reforms are more frequently blurring the distinction between 'E' and 'S' factors in relation to communities, human rights and First Nations’ rights. Environmental legislation is increasingly looking at social impacts and the duty of care. Companies should undertake horizon scanning across the regulatory and legal landscape for trends associated with these reforms and prepare to implement changes to align with stakeholder expectations.

Climate Positive is more than just carbon emissions; biodiversity, community, and social impacts should also be considered. The decisions we make today and the Net Zero pathway we end up on needs to support the well-being of all people. The consequences for not doing so can be significant for a company, such as a perceived loss of their social licence to operate; significant media scrutiny; resignation of executives; shareholder activism; and impacts on executive remuneration.

Cyber crime, crypto, digitisation, conduct regulation, governance, operational risk, ESG, economic uncertainty, and supply-chain shocks are just a few of the risks driving Boardroom discussions today. The challenge for many C-suite executives is how to delegate effectively, while also managing their own personal exposure. 

Managing risk for the organisation and managing personal accountability risk are now intrinsically linked. As most companies work through cross- functional delegation models, and cross-functional systems and controls, this is a serious challenge for effective governance more generally.

The key question is what framework to put in place, and how to ensure that it can enable both delegation and oversight effectively.

Time and resource constraints mean that many companies have little choice but to be reactive and address risks once they have crystalised. However, in the current environment, truly effective risk management acts to manage current risks while also pre-empting and preparing for those which are emerging.

Whilst technological advancement is generally a good thing, digitalisation and automation bring new risks to be considered. The cost of progress will be more legislation and regulation; it will also create a company-wide risk that the long-term implications of new systems and the processing within them may not be fully understood, unless there is some hard work done up front to put the right frameworks in place.