It would be rather trite to note that much has been written and discussed lately regarding corporate governance. However, virtually all of this discussion has focused on the boards of public companies and their audit committees. While obviously valid concerns, corporate governance challenges have a much broader scope, especially in large, complex organizations with vast subsidiary networks. In particular, multi-national financial institutions are currently facing an array of complex problems in corporate governance that need addressing. Globalization, along with increasing complexity and regulatory expectations, raise legal and corporate governance issues at the subsidiary level that both in-house and external counsel need to consider in advising clients.
Rising Complexity of Corporations
The rise of increasingly complex organizations today is creating the need for innovative solutions to address gaps in governance controls. As Thomas Homer-Dixon noted in The Ingenuity Gap (2001): "Rising complexity also magnifies the ability of individuals and subgroups to extract illicit gains from the systems around us. National and international regulators, for example, can't possibly anticipate all the weaknesses and loopholes that criminals might exploit in the world's rapidly evolving financial systems-systems now rife with unknown unknowns." More importantly, unlike Enron and WorldCom , it doesn't take excessive greed or ambition to create subsidiary governance failures, just a lack of attention or an ineffective oversight mechanism.
Reputational and Economic Risk for Parent Companies
While failures in subsidiary corporate governance may pale in comparison to the failures experienced by public companies like Enron, such failures can pose both reputational and economic risk for their parent public companies. Throw into the mix the rise of virtual entities alongside the proliferating growth of legal entities and you have a governance challenge of nightmarish proportions. As financial institutions shift from product orientation to client focus without a corresponding change in the legal environment (the four pillars still exist legally if not functionally), virtual entities are being created to accommodate the new business paradigm. There is simply no guidance either from a regulatory or academic point of view on how to govern these virtual entities or how they should relate to and interact with the legal entities.
Subsidiary Corporate Governance
The truth is that parent company boards "can't do it all", either from a practical or legal point of view-at least not in complex multi-national organizations. They must rely on extensive control mechanisms throughout the organization, which includes boards operating effectively at the subsidiary level. Ensuring that the organization has an effective subsidiary governance programme in place is critical for the parent company board to assure itself that "downstream governance" reflects the same values, ethics, controls and processes as at the parent board level.
Regulators are also beginning to recognize the importance of subsidiary corporate governance. In its recently published guidelines, "Effective Corporate Governance in Federally Regulated Financial Institutions," the Office of the Superintendent of Financial Institutions (OSFI) noted that "[t]he corporate governance responsibilities of boards of subsidiary financial institutions are the same as those of regulated parent financial institution boards....
Boards of parent companies should determine what board structures for its subsidiaries would best contribute to an effective chain of oversight."
This "effective chain of oversight" can be particularly complex for financial institutions due to a variety of factors:
- the level of regulation imposed on such organizations from different regulators in multiple jurisdictions;
- the growth of virtual entities alongside legal entities;
- the need for financial institutions to provide innovative financing products for their clients, which in turn leads to the creation of a complex web of subsidiaries to deliver these products (special purpose entities (SPEs)); and
- the broad definition of "subsidiary" found in the Bank Act (Canada) and other federal financial institution legislation.
Combined, these factors potentially create a complex web of subsidiaries with differing needs and risks-one size fits all governance does not suffice.
Subsidiaries
A particularly thorny issue for Canadian federal financial institutions is determining just what is a subsidiary. The 2001 amendments to the Bank Act broadened the definition of subsidiary from any "body corporate" controlled by the bank to any "entity". Given that "control" includes de facto, as well as legal control, this simple change significantly broadened the scope of what is considered a subsidiary of a federal bank to include entities such as trusts and limited partnerships. For example, mutual fund trusts created by a bank to provide investment vehicles for clients and/or employees may now be considered "subsidiaries" if the bank has de facto control-a factual analysis that can often be difficult to apply in practice. Indeed, many SPEs will be considered subsidiaries under the Act, although determining whether they are or are not may prove to be a frustrating exercise. (I find it only a trifle annoying that after 18 years of practice, I still can't easily identify a subsidiary.)
What is a Subsidiary?
So what if an entity is now definitionally a subsidiary? Apart from having to appear on one's list of subsidiaries and hence tracked and reported on for regulatory purposes, there are other consequences to being a "subsidiary" that could be problematic. For example, under the Act, except in limited circumstances, a subsidiary may not hold shares of the bank. For investment vehicles controlled by the bank, this could be an unwanted investment restriction. Further, except in limited circumstances, the subsidiary must have the same auditor as the bank, which may not be problematic, but is still a detail that must be kept in mind when creating these "controlled" investment vehicles.
While determining whether an entity is a subsidiary is an interesting preliminary legal question, establishing a subsidiary governance programme to manage these subsidiaries involves consideration of numerous issues, many of which are distinctly different from the governance of a public board.
Subsidiary Governance Program
First consideration in any subsidiary governance programme is board composition. Without the right people on the board, the board will simply not be effective in its oversight role. This is as true for a subsidiary as it is for the parent board. However, what may be appropriate at the public board level may not work for a wholly owned subsidiary. For example, loading up subsidiary boards with directors independent of the organization would not only be costly, it could compromise the parent board's ability to control the strategic direction of the organization as a whole. At the same time, subsidiary boards must do more than just reflect management of the subsidiary, otherwise effective board oversight will simply not exist. This is particularly critical for regulated entities.
Appointment of Outside Directors
Fortunately, several options are available. For major regulated subsidiaries, consideration could be given to appointing a few outside directors from the parent board. This will ensure consistency in strategic direction and provide a connection between the boards, which can prove useful. In a large organization, however, this mechanism can only be used to a limited extent. For most subsidiaries, as a practical matter, all directors will be employees of the organization. However, from a governance perspective, some independence on the board can be achieved by selecting directors from outside the management of the subsidiary, either from unrelated businesses or from head office. This provides the board with directors who are familiar with the strategic direction of the parent yet can be objective about the management of a particular business.
Legal and Tax Considerations for Directors
Legal and tax considerations will also impact board composition where "mind and management" of the board must be located in a particular jurisdiction or where local laws require an external director. Conflicts of interest should also be avoided by not appointing persons who should be reporting to the board, such as the subsidiary's compliance officer, legal counsel or chief financial officer. Finally, a subsidiary that crosses several business lines needs to ensure representation from the different business groups so that information flows and accountability is maintained.
Given the complexity of applicable considerations, it is clear that achieving the right board composition at the subsidiary level can be just as challenging as choosing directors on the parent board. This complexity is multiplied by the number and diversity of subsidiaries within the organization.
Legal Liability for Directors
Once appointed, directors need to consider their liability. A subsidiary could have few assets and yet incur considerable liability for a director. To what extent should the parent company stand behind the directors of subsidiaries, both internal and external, with insurance and indemnities? An indemnity from a subsidiary may be insufficient comfort for a director who will look to the parent for support. To what extent can or should the parent indemnify these directors and how can this be implemented legally? These questions by themselves require considerable analysis and more attention than can be devoted here.
Role of Board
Once the board is created, what is its role? This is not a simple consideration. As noted above, OSFI has indicated that the responsibility of the federally regulated subsidiary board is the same as for the parent. However, this does not mean that the subsidiary board must replicate everything the parent board does, as OSFI also notes. Take compensation as an example. The overall compensation programme for all senior executives of the organization may be reviewed by the parent board, leaving the subsidiary board with little to do in overseeing this particular matter. But how deep does the parent board review go? Does it include all of the executives of the subsidiary board? To what extent should the subsidiary board also be concerned with the compensation of management in the subsidiary? Can it rely on the review of overall compensation policies and programmes performed by the parent board?
Delineating the line between the role of the parent board and its subsidiary boards requires careful thought and clear documentation through the drafting of board mandates and other mechanisms such as unanimous shareholder agreements and delegations of authority. The challenge in this process is determining clearly who is responsible for what and ensuring no gaps in oversight. The subsidiary board also needs to assure itself that if it is not reviewing something, that the parent board is.
A responsibility that subsidiary boards should, however, pay close attention to and where they can provide considerable value is compliance and compliance processes within the subsidiary. Failure to monitor controls at this level, especially for regulated entities, can produce disastrous results.
Governance of Subsidiaries
The governance of subsidiaries can be complicated by conflicts between the parent and its subsidiaries. We would be wrong to believe that in the case of wholly owned subsidiaries, no conflicts exist. Obviously, in the case of partially owned subsidiaries, the interests of minority shareholders must be considered as do the policyholders for life insurance subsidiaries. However, even wholly owned subsidiaries may have conflicts with their parents.
For example, the parent may advise a subsidiary to do something that might be in the best interests of the organization as a whole, but not necessarily in the best interests of the subsidiary itself, like extend loans to other subsidiaries at discounted interest rates. Effectively managing the flow of capital throughout an organization requires a centralized control that may compromise the ability of subsidiary directors to act in the best interests of the corporation on which they serve, a standard legal requirement in most jurisdictions. To what extent should directors defer to the policies and directions of the subsidiary's sole shareholder? To what extent can they legally?
On the other hand, to what extent can or should a parent attempt to control its subsidiaries? From a governance point of view, the parent needs to have rigorous controls in place to effectively oversee the entire organization. The parent board should not just be concerned with the parent company. On the other hand, legal impediments and considerations may impair the ability of the parent to exert that control. For example, subsidiaries are sometimes created to limit liability. To the extent that a parent exerts full control over that subsidiary, courts may arguably pierce the corporate veil and apply enterprise liability thus negating limited liability and the purpose for the subsidiary's creation.
Too Much Control Creates Conflicts for Parent Company
This conflict is even more acute for subsidiaries in foreign jurisdictions where "mind and management" in the local jurisdiction is an important consideration from either a regulatory or tax perspective. While the parent may usually set policies and guidelines for such subsidiaries, it is usually necessary to ensure that the parent is not directing or perceived to be directing the day to day management of the subsidiary. Directors of such subsidiaries must carefully evaluate the extent to which they can defer to the parent company.
Due to this reduced level of control by the parent board, the subsidiary board's responsibility and functioning becomes all the more critical. It may not have been an accident that Barings's failure took place in Singapore. Nor that the losses at Allied Irish Banks, p.l.c. took place in its American subsidiary, Allfirst Financial, Inc. Arguably, more effective board oversight driven by appropriate subsidiary board composition and functioning might have avoided the problems that permitted these failures.
The regulatory environment applicable to a particular subsidiary may also affect the ability of the parent to control the subsidiary. This is particularly true for subsidiaries that manage investments for clients, like registered portfolio managers. Such a subsidiary must ensure that there is a firewall between itself and its parent, not to mention the rest of the organization, to ensure that there is no improper influence exerted on the portfolio manager in its investment decision-making activities.
However, this does not mean that the subsidiary should be totally independent from parental control. Even regulators recognize that parents have an interest in ensuring that administrative functions within the subsidiary are functioning properly. Compliance, accounting, corporate secretarial and similar functions should not be isolated from parental oversight.
A firewall that is too thick (i.e., encompassing all of these activities) could be a contributing factor to governance failure. Parent boards need to feel comfortable that regulatory and governance issues and problems are elevated to the proper levels within the organization.
Conflicts Between Subsidiaries
Conflicts can also arise between subsidiaries. For example, a subsidiary registered as a securities dealer in Canada and performing back office trading activities for a related subsidiary in a so-called "secrecy jurisdiction" may receive a request from Canadian securities regulators for information on a client of the related subsidiary. Failure to produce the information may create legal liability for the directors of the Canadian subsidiary or at the very least a reputational or regulatory risk for the Canadian subsidiary and the parent company. Disclosure of the client information could at the same time create legal liability for the directors of the subsidiary in the "secrecy jurisdiction." Reconciling these types of conflicts can be a difficult legal exercise.
Within any particular financial services organization, subsidiaries will represent a broad variety of activities from inactive to a fully operating, regulated entity and will operate in a multiplicity of jurisdictions with differing legal requirements. Some subsidiaries will not require board meetings and committee structures; others will. Determining the appropriate activities of a particular board, its delegations of authority and general governance structure requires professional corporate secretarial support to the subsidiaries. Further, to ensure consistency across the organization, the central development of policies and procedures for subsidiary corporate governance is critical.
Centralized Governance Oversight
Part of the centralized governance oversight for subsidiaries is their management-from creation to dissolution. An organization that grows organically, without any thought to corporate structure or the necessity for a particular subsidiary, will find itself with an uncontrollable maze of legal entities. Further, permitting legal entities to hang around after their usefulness is not only costly (Royal Bank estimates that it costs $40,000 per annum to carry an inactive subsidiary), it complicates regulatory reporting. Managing the creation and dissolution of subsidiaries for a large multi-national organization is critical to overall corporate governance.
This need to control the creation of new subsidiaries has become even more acute in the post-Enron era. The creation of SPEs to accommodate legitimate financing and investment strategies needs to be controlled and monitored to ensure the organization is not exposing itself to excessive risk. The boards of public companies should be rightfully concerned that the purposes for which these entities are being created fall within acceptable practice and risk tolerance. Many of these SPEs will also qualify as subsidiaries, given the broad definition under the Bank Act, and hence their governance should be incorporated into the organization's overall governance framework.
Governance of Large Multi-National Organizations
Clearly, managing the governance of a large multi-national financial organization can create huge challenges. Creating well articulated policies and guidelines on governance for subsidiaries is an absolute necessity in today's increasingly complex world. Equally important is managing the corporate data related to the organization's subsidiaries, particularly for regulatory purposes.
Regulators are increasingly demanding more and more information. Being able to produce such information quickly and efficiently requires a sophisticated technological solution. Fortunately, recently developed Web-based applications that permit local input of data anywhere in the world into a centralized database promise to address this growing need. However, data out is only good as data in. Effective procedures for data input that ensure data integrity can be challenging to implement, but critically necessary. A sufficiently sophisticated technological solution cannot only manage corporate data, but can also support compliance with governance policies and processes.
As already noted, managing and controlling the governance of an organization is also complicated by the creation of "virtual entities", i.e., business groups or platforms that ignore legal entity boundaries, encompassing numerous subsidiaries and sharing others. An example at RBC is the split of RBC Dominion Securities Inc. between the Capital Markets and Wealth Management platforms, a model that has been followed at other Canadian financial institutions. From a business perspective, such a split makes eminent sense, permitting the organization to focus on the client. However, such a split creates substantive corporate governance issues for the legal entity itself, e.g., board composition and disclosure of strategic plans at the board level become difficult issues.
Virtual Entities
The business platforms themselves (i.e., the "virtual entities") may encompass and share numerous subsidiaries, but operationally may act as one business group centralizing such functions as strategic planning and executive compensation. The virtual entity will normally have a management structure and framework in place. However, an oversight governance framework may be absent-after all, there is no legal requirement for an independent board governing the affairs of a virtual entity-it has no legal form. In effect, the virtual entity will not have a "parent board" at the top of the platform to oversee governance for the whole platform, like the parent board of the organization as a whole would do.
The value of a properly constituted board of a legal entity is the independent oversight that such a mechanism can provide-the key here is on independence. While the virtual entity may have an executive committee at its apex, it's highly unlikely to be constituted with members independent of the virtual entity. Further, it's more likely to be a pure management committee. The lack of an oversight mechanism for virtual entities may create a gap in governance for the organization, especially if considerable reliance is placed on virtual entities to govern the subsidiaries within their ambit.
Oversight Committee for Virtual Entity
One solution might be to transform the executive committee of a virtual entity into an oversight committee with members from outside the virtual entity (e.g., head office and other platforms or virtual entities within the organization). However, the danger here is that such a committee might act inconsistently with the subsidiary directors or worse yet, lull the organization into thinking that it does not need properly functioning subsidiary boards, replacing them with the executive committee oversight. Legally, it is difficult to see how a board of directors could delegate its responsibilities and liabilities to a committee of a virtual entity. While legislation such as the Canada Business Corporations Act (s. 146) effectively permits delegation of directors' duties and liabilities to a sole shareholder, there is no legal mechanism for delegation to non-legal structures.
Further, in a regulated environment, it is highly unlikely that regulators would approve of directors of regulated entities abdicating their responsibilities to an unregulated committee. Subsidiary boards must remain vibrant and effective while accommodating the existence of virtual entities within an organization. Communication and a clear line of authority between virtual entity committees and legal entity boards become critical, creating additional complications in designing a corporate governance framework.
Of course, regulatory change in the financial services industry to a more functional approach would permit financial organizations to restructure along their virtual entity lines thus alleviating the virtual versus legal entity dichotomy. However, given the current and historical difficulties of streamlining and harmonizing securities legislation in Canada, the chances of broader regulatory restructuring to accommodate the current realities of the marketplace are remote to say the least.
Need to Consider Effectiveness of Governance
In sum, parent boards of large multi-national organizations, particularly financial institutions, need to consider the effectiveness of their organization's overall corporate governance framework. Such a framework would ideally encompass the following elements:
- creation of policies applicable to subsidiaries, which address board composition and size, the corporate secretarial function and the qualifications of corporate secretaries, the structure and functioning of subsidiary boards, the role of the boards and their responsibilities, conflicts of interest, the appointment of directors and officers and their indemnification, directors' compensation, "mind and management" issues, etc.;
- processes for handling communication between subsidiaries and virtual entities;
- creation of policies to manage the life cycle of subsidiaries and SPEs, governing their creation and dissolution to ensure tight control over the corporate structure;
- development of materials to assist subsidiary directors in carrying out their functions, such as guidelines and directors' manuals;
- audit processes to ensure compliance with articulated policies;
- a technology solution for managing corporate data and monitoring compliance with governance standards; and
- a "centre of excellence" to support subsidiaries in their governance requirements (ideally within the corporate secretary's department).
Clearly, more questions than answers have been raised in this article. However, equally clear is that subsidiary corporate governance deserves more thought and attention than is currently evident in the media or in academia, especially as regulators may focus more attention on this area.
Wrap-up
Undoubtedly, the lessons over the coming years will continue. Making changes at the parent board level-such as separating the offices of the chairman from those of the president and/or the CEO-are laudable, but cannot lull organizations into complacency toward enterprise governance issues. Overall corporate governance in our increasingly complex organizations is in practice a far more varied and complicated problem than many commentators appreciate, requiring innovative solutions that recognize that parent boards "can't do it all."
Sandra Jorgenson is vice-president and subsidiary governance officer at Royal Bank of Canada.