Foreward by Andrew Chilvers
As companies continue to look for opportunities in global markets, directors from diverse jurisdictions are hired to serve on the boards of foreign businesses as well as domestic ones that have operations and assets in other countries.
Enterprises across the world look for directors from other jurisdictions for any number of reasons. Hiring board directors from other countries can help to build investor confidence, for example. Likewise, an enterprise that is headquartered in a different jurisdiction but with a subsidiary in the US or Europe could seek directors to gain expertise and credibility. The director may have valuable international or local geographic expertise regarding business objectives, strategy, operations and risk management.
Nevertheless, serving as a director on the board of a global enterprise can bring major challenges. It’s true that during the past few years corporate governance laws and regulations have started to converge across regions, but there remain critical international differences regarding the responsibilities and liabilities of directors.
With recent data protection legislation across different jurisdictions, companies are now being held to account regarding their use of personal data. Will this result in a more litigious culture for companies and what does this mean for boards?
Since GDPR was introduced the number of lawsuits filed in Spanish courts has increased, which is why companies should not be caught off guard and should comply with GDPR regulations. This applies to those companies that have a headquarters in an EU member state and also to those that offer services or goods in the EU or process EU residents’ data. Currently, it is not usual for individual directors and officers to be liable for the costs of a data breach, although it is probable that these criteria will change in the future.
The liability risk which the board can face can be mitigated by taking proactive measures. It also should be taken into account that as a consequence of globalisation, where cross-border issues and transactions are common, directors that operate abroad are subjected to the duties and liabilities set in the jurisdiction of their home country. As a result, they should be aware of the possible differences of their potential liabilities in the jurisdiction from their home country and the one in which they operate.
Regarding any class actions, Spain hasn’t yet seen major cases related to personal data security, and it is expected that cases will be increasing in the near future. One of the reasons why it is expected to increase is that the EU is preparing a new Directive which, among others, is planning to expand the class actions sector, allowing cross-border claims, which will result in a new wave of mass litigation. In consequence, data protection legislation is constantly being regulated and updated and for this reason we should be well prepared.
With global directors now increasingly in demand, how important is it for boards and directors to understand the different expectations of directors and different cultures of governance?
As we live in a world of globalised trade, the risk oversight liabilities of the board have been increasing. It is fundamental for an effective governance of the company to be continuously adapted, to cope with different legal frameworks and cultures. It is helpful that in the EU the jurisdictions are increasingly similar to each other regarding regulations, and so the duties and liabilities of the board are not that different between one country and another.
Companies need to comply with the principles of good corporate governance of each country. Hence, an awareness of the fiduciary duties will reduce the company’s exposure to litigation risk. It is also advisable to encourage a corporate culture in a company itself; it is important to set rules for a better cooperation in work when different cultures are involved. In that regard, it will also help to have a strong management framework and avoid facing legal action filed against the board. It should be noted that in Spain the corporate law gives a larger power to the shareholders over the board than in other EU States. In May 2005, a law was introduced to force a voluntary corporate code of governance that defines and recommends the boards duties, and this also applies to the controlling shareholders.
It is crucial for a successful and productive governance to be aware of the needs of each transaction; that is where it is taking place and who is involved in it. A wide cultural point of view will be the key to success as it will help to maximise the resources available, and allow the understanding of the different jurisdictions to minimise risks, making the transaction more productive and effective.
How important is an effective board that follows core principles of international corporate governance? Does this give boards a shield against litigation and other issues such as bankruptcy and bribery?
It is essential to pursue principles of good corporate governance, as the trend in Spain is to tighten up the directors’ liability regime. A good compliance programme and a risk map to define which situations may lead to directors’ liability and to take appropriate protection measures is becoming increasingly important.
A compliance programme can limit or even eliminate criminal liabilities and a good health and safety policy can avoid personal sanctions in the labour and administrative field. This is a fundamental issue in cases of accidents at work, which can lead to serious sanctions, even criminal ones. As for the anti-bribery policy, the existence and enforcement of a compliance programme can avoid the criminal liability of the company and the board of directors in the event of a situation in which an employee of the company commits an illegal act.
In the area of bankruptcy, the Bankruptcy Law also provides for personal liability of the board of directors for unpaid debts, mainly in cases of accounting irregularities and delays in filing for bankruptcy. In order to avoid this, it is necessary to have an accurate control of the company’s management and a full awareness of what is being done, as well as internal or external measures to control the business and evaluate risks (audits, risk prevention services…). The most common protection measures are:
- Civil liability insurance covering the actions of the board;
- Implementation of compliance programs;
- Distribution of liabilities on the Board;
- Implementation of health and safety policies.
The tendency is to harmonise these protection measures since the compliance legislation in Spain derives from the practice of common law countries and increasingly the interrelationship between countries leads us to adopt similar measures to protect the board.