ILA Directors' Day : Responding to climate change, regulation, cyber security and more
Conferences & pictures
Never before have boards been expected to face such complex, central questions related to strategy and control. ILA’s Directors’ Day has become an increasingly important forum in which to discuss how to approach new challenges. The seventh edition on 29th November 2018 at the Chamber of Commerce probed climate change, cyber-security, and substance requirements, and heard the advice from the financial regulator.
Setting the agenda in Lux
The last ten years have seen a global revolution in the importance of corporate governance, and ILA has helped to set the agenda in Luxembourg. In his introduction to the Directors’ Day, chairman Raymond Schadeck highlighted how one of ILA’s key roles is to “continue our public advocacy role”. They had met all political parties prior to the October 2018 general election, and had worked with the coalition “formateur” as the new government’s programme was fleshed out. They will continue to meet relevant ministers throughout the coming five-year term, including working in partnership with the Chamber of Commerce on official opinions about draft legislation.
Today’s directors need a highly professional approach, hence the focus ILA puts on knowledge acquisition. New brochures have been produced and existing ones up-dated on subjects as varied as the audit committee, not for profit best practice, board organisation, board evaluation, investment funds, audit and more. There is also a range of formal training sessions offering general and specific insights. Highlights this year were the completion of the corporate secretary’s qualification course, a new programme to help younger directors, and a start-ups governance course. More than 25 events were organised this year, offering new insights and networking opportunities.
Mr Schadek also reminded the audience that he was coming to the end of his second and final two-year term as chairman. His successor will be elected at the 18th June 2019 AGM.
His first piece of advice was that this challenge poses such potentially existential threats that it is indeed the board’s responsibility, and not something that IT departments can deal with alone. He highlighted the worrying results of a survey of CIOs and CSOs in the US, where only 44% said information security had been discussed at board level.
“Insiders seeking financial gain and rogue states are the biggest challenges,” he said, not to mention “hacktivists” wanting to make a political point. There are many motivations for seeking to find incriminating or apparently incriminating information, and each organisation must have a protection and response strategy. As well as the risk of theft and reputational damage, there is now the GDPR risk. Organisations have 72 hours to inform authorities, customers and relevant partners of a data breach. Moreover this comes just as the second payment service directive is requiring banks to open data to third parties, thus making secure data management an even more complex challenge.
Mr Buck highlighted how threats have become more sophisticated. As businesses are more resistant to random phishing attacks and ransomware, now criminals are moving towards “spear phishing” techniques. “This might come in the form of an email asking for payment that appears to come from a senior manager, often with the message having accurate insider information,” he said.
He reassured the conference that it was not necessarily the job of board members to know the technical details. “Maybe bring this topic to the risk and audit committee before it reaches board level, possibly inviting people who have the knowledge to ask the technical questions,” he advised.
Seeing this as “digital risk” helps too, he advised. “Break risks down the potential threats, taking into account what is your key data, and bring business language to the discussion and ask common sense questions,” he added. This means understanding which are your most critical data and ensuring a more secure strategy for this. As well boards should probe the risk management approach, ask about breach notification policy, find out about communication plans, and how often strategy is reassessed as threats and regulation changes. With a full understanding of breach risk one can then examine whether certain business lines are viable. They may be legal and profitable, but is the potential risk to reputation too great?
Adding clarity on substance
Luxembourg’s international businesses know they need “substance” but exactly what this means in practice is a matter for lively debate. This is because the BEPS process is only around five years old, and the anti tax avoidance directive has yet to interact with reality. After the conference networking lunch, Fanny Bueb, Director in the International and Corporate Tax department at ATOZ and Oliver Hoor, Tax Partner & Head of Transfer Pricing at ATOZ, discussed some of the many scenarios.
Despite recent rulings by the European Court of Justice to interpret substance rules there is still considerable uncertainty in a changing situation. “To help assess potential risk in an international environment the key point is to understand when substance is required, what is the basis for this, and what is the appropriate level,” said Ms Bueb. This is not a straight-forward task, as each investment platform needs to analyse on an individual basis the evolving situation in each jurisdiction.
Even so, there can be no conclusive definition. She said some of the easiest aspects relate to infrastructure, employees, premises, IT equipment and other tangible elements. Also the need to prove that decisions are taken here is key, even if substantial preparation can be made outside the country. Having directors resident in Luxembourg and a well documented paper-trail is also important. It also helps to articulate less tangible connections to Luxembourg, including references to investor familiarity with the jurisdiction, the diverse regulatory framework, wider industry practice, factors particular to certain investors, and so on.
Oliver Hoor continued, highlighting several technical examples of how different organisations approach strategy around substance. “Substance requirements can be seen from different angles,” he said. “These might be a Luxembourg tax and regulatory perspective, from a foreign tax law standpoint, with regard to transfer pricing, or reputational risk,” he explained. How these are taken into account depends on how cost benefit analysis is applied. “One thing is clear: the need for transparency is high so businesses cannot hide, and tax authorities can come back to you in the future to question activity in previous years,” he added.
Being part of the solution on the climate
The keynote speech was a passionate call to action on climate change by Ravi Fernando, chairman of the Sri Lanka based consultancy Global Strategic Corporate Sustainability. “Climate change will disrupt our supply chains and thus poses a major operational risk to business and investment,” was the stark warning he presented to the conference. The world has failed to halt warming, so serious action must be taken to cope with the consequences he said.
He reminded the audience that a week previously the World Meteorological Organisation had announced a record level of greenhouse gasses in the atmosphere in 2017. He echoed the words of U.N. Secretary-General Antonio Guterres who commented that: “failure to act means more disasters and emergencies and air pollution that could cost the global economy as much as US$21 trillion by 2050.”
The reality is daunting. Mr Fernando highlighted how the countries that signed the Paris accords are falling to meet their collective target by 67%. The result is that the 16 hottest years ever have been since 2000 and that 2018 will break all records. He pointed out that this is affecting developed nations as well as developing, with forest fires, droughts, searing summer temperatures and flooding set to affect all our lives. He added that there are now 450 extreme weather events a year now compared to 70 before 2000.
Despite the implications of man-made climate change being familiar to everyone, as Mr Fernando pointed out, we remain hesitant about taking the long-term decisions which will ensure a sustainable future. Yet this is unnecessary, he said. He quoted estimates for the cost of creating a sustainable world at $1.5trn globally per year. If this sounds like a lot of money, it is less than a third of the subsidy Mr Fernando says is given annually to ensure the stability of fossil fuel delivery.
Yet despite this he thinks we need to be realistic and admit this action is unlikely to transpire quickly. Hence we will need to build resilience to climate change with the floods, droughts and high winds this implies. As well as the lives that will be lost and the property damaged, imagination and investment will be needed to cope with global water stress as we seek to safeguard the food supply. We saw in Europe this summer how a lack of rain and high temperatures affected production of certain crops.
“Can Luxembourg be a force for good,” he said, challenging the audience. He insisted the lead had to come from business and this needs to be high on the agenda of boards. “Board leadership is an action not a position,” he said. He said there was no need to be a climate scientist to challenge CEOs and executives, just to be aware of the potential risks and solutions. He said that if used with care the UN’s Sustainable Development Goals should be a guide. However he recommended focusing on four essential goals out of the 17: clean water and sanitation; affordable and clean energy; responsible production and consumption; and sustainable land use.
“One of the first questions I ask on a board is ‘what is the electricity and water bill?’ and then I ask how much is sustainable,” he said. This is part of building a sustainability mindset, he said. And having these conversations works. For example, Apple, Alphabet, Microsoft and Amazon are world leaders in their markets and in terms of renewable energy use as each uses 60-70% of renewables. This is why “we don’t all need to be Elon Musk to be part of the solution,” he added.
Technology and AI are our best hope of mitigating the worst of the unfolding crisis. For example, Mr Fernando highlighted the case of the Netherlands which is one of the world’s most largest exporters of fruit and vegetables. This is despite being one of the smallest countries on the planet. “Their secret is precision agriculture which uses 80-90% less water with 3-4 times the yield of mass techniques,” he said. Technology could also help. For example, there are particular hopes for a revolution in desalination, with work on graphene film being particularly encouraging.
However, at the moment we are failing, and in particular industries such as asset management are often not contributing to the solution. For example, some extrapolations of the impact of investments by Swiss pension funds imply a global increase in temperature of 6%. “Can Luxembourg and the EU be a force for good? Can all of you in your spheres of influence be a force for good for the planet and your organisation?” said Mr Fernando. “Yes you can and must.”