The collapse of the Irish banking system in 2008 and the subsequent EU bailout have brought corporate governance to the fore as an issue in the country. Ireland’s Companies Act of 2014 provides specifics on directors’ duties, and imposes liability, with fines reaching €10 million (£8.86 million). Recent legal cases and controversies, however, have illustrated some gaps in the approach, specifically concerning board composition, conflicts of interest on boards, and lack of sufficient controls, with particular reference to cybersecurity. Irish authorities have begun to address these issues, but the Irish Institute of Directors (IIOD) calls for further action.
Evolution of Corporate Governance in Ireland
In 2008, a number of Irish financial institutions faced collapse, and the country’s banking system was bailed out with £77 billion from the European Central Bank. The subsequent restructuring brought corporate governance issues to the fore. When, in 2009, accounting and consulting firm Grant Thornton surveyed companies in Ireland for corporate governance compliance, they found that overall compliance was at only about 50 percent.
Since then, the authorities have worked to increase compliance as well as the scope of the code.
Regulations that govern companies in Ireland derive from several sources. The legal framework consists of EU law, the Constitution, common law (i.e., legal principles and precedents), and legislation, with particular reference to the Companies Act of 2014.
Irish companies are also subject to the UK’s “Combined Code,” published by the British Financial Reporting Council – companies listed on the Main Securities Market of the Irish Stock Exchange (ISE) are obliged to comply with the code or explain departures from it. Irish authorities have also added an “Irish Annex” to the UK Code, based on a report published by the ISE and the Irish Association of Investment Managers in 2010.
This “Annex” (first published in 2012) addresses board composition, audit committee rules and executive pay. The “Annex” requires more specific detail on the policies of listed companies for these areas.
Ireland also has a specific corporate governance code for financial institutions, regulated by the Irish Central Bank, and for institutional investors, produced by the Association.
Directors’ Duties Under the Companies Act of 2014
The Act, which came into force in 2016, introduced two new forms of private limited liability company (LTDs and DACs), and also codified directors’ duties at all companies. An LTD may have a single director, and must have a separate company secretary. Other company types must have at least two directors.
The general duties are:
- Compliance with legislation – Directors must ensure compliance by the company with the Companies Act.
- Interests of shareholders and employees – Directors must take into account the interests of the members of the company and have regard to the interests of the employees in the performance of their functions.
- Compliance statement – Directors are required to acknowledge the existence of their duties by signing a declaration to that effect in the form of a compliance statement. Directors of all public limited companies and of private companies that meet certain financial thresholds will be required to include a directors’ compliance statement in their directors’ report (or explain why not).
- Appointment of company secretary – There is an obligation incumbent on directors to ensure that the company secretary is suitably qualified for the role.
- Directors’ duty to disclose any interests in contracts made by the company – A director who is, in any way, directly or indirectly interested in a contract or proposed contract to which his or her company is a party, shall have a duty to disclose the nature of that interest at a meeting of the directors. This is, in the main, a restatement of the existing law.
Fiduciary duties are:
- Act in good faith – Each director is obliged to act in good faith in what the director considers to be the best interests of the company.
- Act honestly and responsibly – Directors must act honestly and responsibly in relation to the conduct of the affairs of the company.
- Act within powers – Directors must act in accordance with the company’s constitution and exercise his or her powers only for the purposes allowed by law.
- Use of company property – A director is not permitted to use the company’s property, information or opportunities for his or her own, or anyone else’s, benefit.
- Independent judgment – A director shall not agree to restrict his or her power to exercise independent judgment unless this is expressly permitted by the company’s constitution; or the director believes, in good faith, that to fetter his or her discretion is in the best interests of the company.
- Avoid conflicting interests – A director is obliged to avoid any conflict that may arise between the duties the director owes to the company and the director’s other (including personal) interests,
- Due care, skill and diligence – A director must exercise the care, skill and diligence that would be exercised in the same circumstances by a reasonable person having the knowledge and experience that may reasonably be expected of a person in the same position as the director.
As Irish law firm Dillon Eustace noted in a recent report, this enumeration fills a much-needed gap in the country’s company law. However, the general nature of the duties prescribed will require much clarification over time.
Directors who are found to be in breach of their duties will be liable to account for any gains accrued and must indemnify companies for losses resulting from any breaches of duties.
Fines for non-compliance with the Act can run as high as €10 million.
Enforcement Authority, Conflict of Interest, Data Breaches
But a recent survey by the IIOD found that a number of issues have not been addressed sufficiently.
First, there is still no enforcement authority in Ireland like that of the Financial Reporting Council in the UK. Listed companies that do not comply with the rules or sufficiently explain their approach are subject to fines and delisting by the Irish Stock Exchange. Other non-financial companies are not subject to any such authority – banks are, of course, regulated by the central bank.
Then, conflicts of interest on boards have been a topic of major concern. On February 29, 2016, the Irish Central Bank published a letter expressing concern about conflicts of interest on the boards at Irish financial institutions. Shortly after that, the IIOD surveyed non-financial firms, and found that attention to conflicts of interest was lacking:
“There is still some way to go regarding the declaration and monitoring of conflicts of interest,” commented IIOD Chief Executive Maura Quinn.
Shareholders at Irish mining firm Conroy Gold & Natural Resources have, for example, in July 2017 attacked the board on conflict of interest issues. Patrick O’Sullivan, who owns just over 27 percent of the shares, has ignited a controversy in proposing sweeping board changes.
“What is of concern,” Quinn pointed out, “is that there is no procedure at most companies for monitoring and removing conflict of interest issues on boards.”
Then risk management shows gaps at most companies, particularly in terms of cybersecurity.
Almost two-thirds (61 percent) of organisations have had at least one data breach in the last year, an increase on the previous year, according to a new survey of 200 professionals by the Irish Computer Society. Successful attacks by external hackers are on the rise, with the number of breaches by people outside the organization up to 22 percent in this year’s survey, compared with 15 percent in 2016.
While breaches have increased, data protection has been addressed extensively by Irish law. Ireland is the only EU country to have a Data Protection Minister as well as a Data Protection Authority, and it is among the first nations in the EU to have placed an expanded version of the General Data Protection Regulation, which comes into force in all EU countries on May 25, 2017, on its books.
November 13, 2017
UK: New Guidelines for Boards on Stakeholder Engagement
With the upcoming reform of the UK Corporate Governance Code being prepared by the Financial Reporting Council, it has emerged that stakeholder engagement will be a central issue. All private and public companies of significant size will be required to explain how their directors comply with the requirements of Section…
November 8, 2017
Why Board Members Should Be Aware of How Cybersecurity Is Impacting ESG
UK investors today take careful account of environmental, social and governance factors, and they are not satisfied with directors’ efforts to manage cybersecurity risk. About 85 percent of British investors polled by KPMG said that they wanted to see boards spend more time managing cybersecurity risk. Directors…
November 6, 2017
Corporate Governance Code Applied to UK Law Firms?
Professional firms in the UK, such as law firms and consultancies, are usually organised as Limited Liability Partnerships. These LLPs are run by the partners group, and have no obligations as regards the official Corporate Governance Code. This could change under the reforms being planned in corporate governance by the…