Key considerations for IDs

Amidst uncertain times that corporates are facing today due to COVID-19, IDs need to act with the highest standards of vigilance and prudence. While the accountability and expectation of IDs in consideration of past corporate scandals/failures have considerably increased over the past few years, regulators are also mindful of the limitation and challenges IDs face as part of their fiduciary responsibilities .

In this context, the Ministry of Corporate Affairs (‘MCA’) issued a clarification on 2 March, 2020 declaring that prosecution proceedings will not be initiated against independent and non-executive directors (‘NEDs’) unless there is sufficient evidence to prove that such default or violation had been committed with their knowledge or consent or they were guilty of gross and wilful negligence or fraud.

To fulfil regulatory obligations and meet stakeholders’ expectations, IDs could consider the following measures:

A. Before joining the organisation

• Evaluate the background and reputation of the management/promoters from a technical capability and integrity standpoint
• Gain an understanding of the fraud risks including faced by the organisation after considering industry trends, geo-political factors, macro and micro business trends
• Ascertain the nature of adverse news/media items on the organisation and evaluate the potential risk from a financial and reputational standpoint
• Ascertain the primary elements comprising the organisation’s fraud risk governance framework, including steps taken to establish “tone at the top” and mechanisms designed to ensure that employees at all levels understand the organisation’s approach to fraud risk
• Review the mechanism implemented by the organisation to communicate and educate the organisation’s risk management strategy to all the stakeholders
• Enhance skills/knowledge through training programmes on the emerging fraud risk landscape relevant for the industry and fraud risk management techniques, including best practices to mitigate the risk of fraud

B. Oversight and continuous monitoring

While the FRM framework implementation responsibility remains with the management, IDs should periodically review and monitor effectiveness of FRM framework. Further, to build a robust FRM framework, IDs should also promote/push the agenda in the board for the senior management to take charge and actively work on the following initiatives

• Undertaking of periodic detailed assessment of the organisation’s risk management system, including a review of the board’s capabilities and expertise, considering the industry or regulatory arena in which the organisation operates
• FRM framework knowledge enhancement drives highlighting "best practices" for the board and appointing external consultants to help the board understand and analyse business-specific risks
• Ensuring that the organisation has implemented a well-oiled mechanism to report major or new risks fructified during the period, investigation conducted, and findings are reported back to the board or relevant committees, as appropriate
• Getting comfort on the availability of an approved set of investigation protocols, clearly indicating investigation roles and responsibilities, depending on the nature of an allegation, which helps avoid reputational risks that may arise from inappropriate investigation methods
• Evaluate if the organisation has communicated reporting protocols to be followed by the whistle-blower system operator to notify the designated officials for different types of allegations
• Ascertaining if the organisation has identified in advance, the legal and forensic investigative resources needed to conduct investigation into serious allegations, including the identification of instances requiring support from external subject matter consultants
• Ensuring that the organisation has an adequate system of continuous monitoring in place for critical areas of concern to identify red-flags, if any, on a real-time basis
• Assessing the effectiveness of a continuous monitoring tool to analyse transactions and keep a close look-out for key outcomes and steps taken by the management to tackle potential risks areas
• Performing a review of reports from the statutory auditors, internal auditors, legal counsel, regulators and other experts to understand the risk profile of the organisation and evaluate if the implemented corporate governance framework is robust and sufficiently well-equipped to oversee all facets of the organisation’s risk profile
• Scrutinising and challenging high-value complex or “extraordinary” transactions that form a part of financial statements
• Considering all whistle-blower complaints/tips diligently and ensure that the instances of suspected or known fraud is appropriately investigated and suitable action is taken against perpetrators
• Ensuring that the learning from the investigations are considered/incorporated and that the organisation revisited the fraud risk management framework to ensure that loopholes, if any, in the existing anti-fraud controls framework as envisaged were adequately enhanced to minimise the possibility of reoccurrence
• Promote appointment of independent experts for opinions on key matter.

C. Action items in case of any suspected fraud

In case of any adverse events, IDs should oversee the management response to ensure the effectiveness and provide guidance. Accordingly, below are some of the considerations that IDs should push for: 

• Ensuring all the allegations of fraud/misconduct are looked into and acted on by the management Ensure that the complexity and severity of the suspected fraud and its implications both from financial, regulatory, and reputation perspective are assessed appropriately
• Ensure that there is a well-equipped team to handle the investigation, fraud incidents are assigned to senior, trusted individuals. Depending on the complexity and potential implications, consider appointing forensic experts to conduct an independent investigation
• Ensure that all efforts are made as an immediate priority for collection and preservation of critical information to avoid any attempt to destruct the evidence/information
• Seeking updates and overseeing the outcome of the investigation to understand the potential impact and any interim action, if required, to be taken by the management, e.g., disclosures to stakeholders, immediate plug for any loopholes, and internal communication
• Take appropriate actions based on the outcome of the investigation, including but not limited to, actions against individuals/third parties involved in the fraud, disclosures to internal/external stakeholders, and remediation of the identified loopholes