A role for the risk manager in corporate transparency
Dr Marie-Gemma Dequae
The European Parliament in April passed the Non-Financial Reporting Directive that requires all large companies or groups to disclose information on their policies, risks and results in respect to environmental matters, social and employee-related aspects, respect for human rights, anti-corruption and bribery issues, and diversity on boards of directors.
This directive amends the Accounting Directive, and it will become law following the expected adoption by the European
Council in the next few weeks. Most quoted companies already publish a corporate social responsibility (CSR) report that covers many of the topics to be disclosed, but this directive makes disclosure mandatory and it extends this requirement to all companies and groups with more than 500 employees, and insurance companies and banks. The EU estimates it will affect about 6000 enterprises in total.
In terms of non-financial reporting, the EU says it aims to keep the administrative burden to a minimum. Companies will be required to disclose concise, useful information necessary for an understanding of their development, performance, position and impact of their activity, rather providing than a fully fledged and detailed report. Furthermore, disclosures may be provided at group level, not by each individual affiliate within a group or on a country-by-country basis.
Parliament stopped short of amending the directive to require country-by-country reporting on tax matters except for
companies in the extractive industries, but the issue has not gone away. The Commission sees the directive as the first
step in implementing the European Council 2013 conclusions on the need for further transparency on tax matters and countryby-country reporting by large companies and groups.
The Commission will reconsider the possibility of financial country-by-country reporting during the scheduled review of
this directive in 2018. This is likely to meet stiff resistance, but it is clear that pressure for corporate transparency is continuing.
FERMA has welcomed the disclosure of environmental, social and board diversity information but expressed concern that the regulations should not to stray into industry-sensitive issues which could damage competitiveness. One of the difficulties is that the current directive goes beyond requiring companies to assess and disclose their risks and provide assurance that they have processes for managing them. It wants a level of disclosure that could cross over the boundary into the area of risk appetite and so risk tolerance. This could put European companies at a disadvantage to their competitors elsewhere who can keep this information to themselves.
A further complication is that there is no standard or no framework for this type of disclosure. In fact, the Commission specifically says that companies may use international, European or national guidelines which they consider appropriate (for instance, the UN Global Compact, ISO 26000 or the German Sustainability Code).
A role for the risk manager
There is a considerable role for the risk manager in this trend for corporate transparency. The way the risks associated with environmental, social, ethical and diversity issues are managed and disclosed will be an important element in compliance with the directive. The second aspect where risk managers can particularly add value is in managing the reputational risks associated with the consequences of either certain disclosures or non-compliance.
By working with senior managers who are responsible for compliance, the risk manager can ensure that the process for capturing and publishing this information complies with the national legislation. The second part of the process is to work with public and investor relations to manage any potential negative impact of disclosures on corporate reputation.
The aim of the directive is to get to the heart of corporate behaviour, and this flows from the board. Risk managers can demonstrate the value of risk management to members of the board by playing their role in making sure that behaviour is consistent and showing the world that it is. To continue to do this, risk managers will need to be certified and develop their professional knowledge continuously.
Marie Gemma Dequae is scientific advisor to FERMA and was FERMA President from 2005-2009. She serves as a member of
the insurance and reinsurance stakeholder group of the European Insurance and Occupational Pensions Agency (EIOPA). In Belgium, she is a member of the board and audit committee of Belfius Bank and member of the board of the audit and risk committee of Belfius Insurance. Marie Gemma has a particular interest in professional development for risk managers, and is working to raise the risk management profession to a higher level in organisations through education, training and networking.