|
|
Thursday, 18th April 2024 |
| Striking a balance with corporate compliance will be key to creating a workable framework |
Back |
| The development of a corporate compliance code in Ireland has been a long and tortuous process that is yet to be completed. Terence O'Rourke argues against enshrining detailed statutory requirements in law in favour of a pan industry and regulator code, saying, 'One of the lessons we should take from this process is that it is difficult to enshrine in legislation detailed requirements when their application, when assessed from a pragmatic and practical viewpoint, requires appropriate tweaking and amendment'. Citing the Higgs Report on the role of non-executive directors, he states that the law is not a good place to set out strict requirements like compliance statements. Business and regulators could come to agree a sensible regime much quicker if they were unimpeded by the detailed statutory requirements of legislation, he says. |
DDerek Higgs, in the introduction to his eponymous report ‘Review of the Role and Effectiveness of Non-Executive Directors’ published in January 2003, stated that the framework for setting the standards of boardroom behaviour was best left to a code and a philosophy of ‘comply or explain’. He said ‘the brittleness and rigidity of legislation cannot dictate the behaviour, or foster the trust, I believe is fundamental to the effective board and to superior corporate performance’. Reflecting on our experience in Ireland, grappling with the introduction of the Directors’ Compliance Statements required by the Companies (Auditing and Accounting) Act, 2003 (CAAA), it is easy to see the wisdom in Derek Higgs’ words.
The genesis of the requirement for certain limited companies (plc’s and those whose turnover exceeds €15.2 million or whose balance sheet total exceeds €17.6 million) lies in the report of the Review Group on Auditing (RGA) published in July 2000. The RGA was set up by the Tanaiste, Mary Harney, to consider issues arising from the DIRT investigation by the Public Accounts Committee. That investigation saw bankers and their auditors questioned, along with the Revenue, about how millions in DIRT had apparently not been properly accounted for, largely, it appeared in hindsight, because of a widespread number of bogus non-resident accounts.
When the RGA considered the issues arising, the question arose as to why auditors had not reported on incidences of non-compliance with Revenue requirements that appeared to have come to their attention. But, as had been previously concluded, at the time of the Beef Tribunal, auditors’ statutory responsibilities were limited to considering whether annual accounts presented a true and fair view. If non-compliance with tax (or any) law did not materially affect the true and fair view, there was no onus or requirement for auditors to publicly report on any such non-compliance. And indeed, even if there were a compliance breach which did have a material impact on the financial statements, provided the company rectified the breach and accounted properly for the consequences of being in breach, auditing standards largely required no further action by the auditors.
The RGA briefly considered whether to change the basic auditor framework – the requirement for external auditors to report to shareholders on the accuracy and presentation of annual accounts. Should auditors, it was considered, instead be asked to report to the Government or to Regulators on the accounts of the companies they audited? The RGA quickly concluded that this controlled economy model would not be appropriate for the open, market based economy of Ireland where the life blood of our capital market system continued to require the principal duties of auditors to be to report to investors on how their money had been spent and looked after. And so the debate moved on to whether auditors should ‘whistleblow’ to Revenue and other regulators if they encountered instances of non-compliance. But auditing theory is based on the general premise that auditors are not a ‘primary’ party. They offer opinions on the assertions of others (and thus the origin of the term auditor – it was originally to listen, to hear the reports of those entrusted with funds and to consider whether the reports they heard were fair and accurate). Thus the requirement of directors of companies to report on compliance was born. The RGA agreed and recommended that the directors of companies should be responsible for reporting on a company’s compliance with its tax law obligations and that auditors be asked to give an opinion on the assertions reported by the directors. Additionally, although it was a Revenue issue that provoked the DIRT enquiry and the consequent RGA, it was proposed that as directors would be reporting officially on tax compliance, they should also report on company law compliance (the focus of a previous report which highlighted widespread ‘patchy’ compliance with company law in Ireland) and, while they were at it, on any other breach of Irish law the impact of which breach was significant enough to affect the true and fair view of the annual accounts.
Once the RGA had reported, the Tanaiste undertook to implement its recommendations. The Bill to implement the report was largely drafted by 2002 and was published at the end of that year. The Bill had taken the compliance reporting requirement, as recommended by RGA, and transposed it into detailed legislation. The Bill required a policy statement (outlining a company’s general approach for achieving compliance) which was ‘to be updated at least every third year’and an annual statement of how directors viewed the application of their compliance policy. The Bill as originally drafted caused significant concern. In particular, it was proposed to apply the requirement to a very wide range of companies, the Bill seemed to require an absolute confirmation of compliance (little scope for judgement or for ‘materiality’) and it also proposed that directors explain their non-compliances in their annual reports (‘washing their dirty linen in public’). Some of these requirements had not been envisaged by RGA and the brittleness of legislation was evident. So it was with some relief that the Bill was amended during its passage through the Dail and Seanad. There was an increase in the scope of companies which fell within its remit, directors were now to be required to confirm only that they had made all reasonable endeavours to secure compliance and details of non-compliances would not need to be published.
But there were still lots of questions left outstanding even after the Act was passed just before Christmas 2003. How was the law to be applied? What exactly did ‘all reasonable endeavours’ mean? What was the scope of the ‘other laws’ requirement (ie other laws besides tax and company law)? And what exactly were the responsibilities and duties of directors and auditors in preparing the respective statements and reports?
To that end, the Minister for Commerce, Michael Ahern, asked Paul Appleby, the Director of Corporate Enforcement, to se up a pan industry working party to examine these issues.
That group issued a consultation paper at the end of July and asked for comments back by the end of September. As more and more organisations in Irish business began to grapple with the detailed requirements of the compliance statement law, there was more and more concern. It was felt that the consultation paper itself did not satisfactorily address all issues.
I believe there has been a growing consensus among companies and representative business bodies which suggests that:
• The scope of the requirement should be increased so that only very large companies should be asked to comply with this additional regulatory burden
• The lack of a ‘materiality’ threshold for tax and company law compliance should be dealt with, the requirement for each individual company in a group (if large) to report on its own compliance, instead of requiring only a groupwide compliance statement for Irish based groups, was cumbersome and inappropriate and should be removed
These are all sensible improvements, I believe. Corporate Ireland is ready to support reasonable compliance endeavours. But the mechanics of the process must not be such as to create an undue burden on companies which already strive hard to comply with their responsibilities.
And here it is that the virtuous words of Derek Higgs comes back to remind us. The law is not a good place to set out strict requirements like compliance statements. Business and regulators could come to agree a sensible regime much quicker if we were unimpeded by the detailed statutory requirements of the Act. By removing details from the Act and having them in a pan industry/regulator code, it would enable Ireland to be appropriately reactive to developments in international governance and compliance issues. It would also help to ensure that Ireland could be at the forefront of good corporate behaviour, without burdening our companies unnecessarily at a time when there is ever increasing competition for mobile global investment. There is a feeling now that the regulatory responses to issues that emerged at the time of the dot.com boom and related economic growth of the late ‘90s and early 2000s should rest. One of the lessons we should take from this process is that it is difficult to enshrine in legislation detailed requirements when their application, when assessed from a pragmatic and practical viewpoint, requires appropriate tweaking and amendment. |
Terence O’Rourke is head of audit at KPMG in Ireland and is the president of the Institute of Chartered Accountants in Ireland.
|
| Article appeared in the December 2004 issue.
|
|
|
