4 Big Issues That Will Keep UK Board Members Busy in 2019

As 2018 has drawn to a close, we can look back on a turbulent year for corporate governance in the UK. We’ve witnessed large-scale corporate failures and continuing disruption across traditional business sectors from retail to banking as established brands compete with disruptive digital-first competitors. This has taken place against a backdrop of increasing complexity in the regulatory landscape. The introduction of new regulations and codes has significantly raised awareness of the important role that corporate governance, reporting and compliance play in guiding successful, stable and ethical organisations. While Board members enjoy a welcome break over the holiday season, they will be aware that 2019, just like 2018, will offer challenges and opportunities in equal measure — with a considerable dose of uncertainty thrown in.

Here are 4 big issues that will keep UK Boards members busy in the coming year:

1. Data Privacy Comes of Age as the GDPR Beds In

The year 2018 saw the biggest change to privacy legislation in a generation with the implementation of the General Data Protection Regulation (GDPR).

After all the pre-implementation hype, 2019 will be the year when we really start to see GDPR in action. The first fines and sanctions issued under the new regime are imminent, and their nature and severity will give Board members an important insight into the way that the regulation will be interpreted by the Information Commissioner’s Office (ICO).

Fines notwithstanding, the public communication campaign around the introduction of the regulation was highly effective. It increased public awareness of individuals’ right to data privacy. The result has been a marked increase in the number of complaints to the ICO — complaints in the first three months following GDPR implementation rose by 160% compared with the previous year.

The increased compliance and reputational risks related to data privacy make it an ongoing issue for Board members. They need to ensure that data privacy is built into the DNA of their organisation and that robust plans are in place to manage the legal, reputational and financial consequences of a breach.

2. Board Members and Cybersecurity – A Strategic Risk 

While data breaches can take many forms, the ones that grab the headlines are the massive cybersecurity incidents that result in vast numbers of customer details being exposed by cybercriminals. The Marriott Hotels hack is only the latest and it definitely won’t be the last high-profile mega-breach. The cyber threat risk continues to escalate, with recent research indicating that 92% of UK businesses have suffered a cybersecurity breach of some kind in the past year. Concerningly, 44% of those businesses reported that they had been breached multiple times.

This puts cybersecurity high on the Board agenda as both a strategic and an operational risk. Realistically, it’s now a case of when, not if, an organisation is breached, and it’s not just data that is being targeted. Experts are reporting a concerning rise in the number of destructive cyberattacks that are targeted at wreaking maximum damage on victims’ networks, causing system outages and disrupting operations.

That means preparation is not just advisable, it’s essential. Board members need to be running cybersecurity incident simulation exercises and rehearsing response protocols to deal with the aftermath of a major attack.

When it comes to setting a culture of cybersecurity awareness, Board members can lead by example, ensuring that all its operations and communications are secure. The issue of senior personnel using private email addresses for confidential communications was thrown into the spotlight again recently by Ivanka Trump’s White House indiscretion, and it remains a common problem. To protect the organisation’s most sensitive information, companies should be offering Board directors, especially NEDs, a secure platform through which to fulfil their duties.

3. New Era Dawns for Compliance and Governance Reporting

While GDPR garnered the lion’s share of headlines in 2018, it certainly wasn’t the only change on the horizon. The year 2019 will see the implementation of several regulations aimed at improving transparency and restoring public trust in large corporations:

The Financial Reporting Council’s revised UK Corporate Governance Code applies from 1^st January 2019 and “puts the relationships between companies, shareholders and stakeholders at the heart of long-term sustainable growth in the UK economy”. The code requires organisations to build trust with stakeholders, engaging, in particular, with company employees. It strongly emphasises the role of the Board in driving culture change and transparency. Board members will need to review and evolve their approach across areas such as succession planning, remuneration, culture-setting and stakeholder engagement to ensure that they are meeting the principles of the new code.

A further development for 2019 is the implementation of the Wates Corporate Governance Code for Large Private Companies. This will require companies with more than 2,000 employees and/or a turnover of more than £200 million and a balance sheet of £2 billion to report against the code’s principles. Like the new Corporate Governance code, these principles are designed to promote greater transparency and accountability in UK business.

Later in the year, the UK’s 47,000 FCA-regulated organisations will need to comply with the Senior Managers and Certification Regime (SM&CR). The SM&CR was developed in response to the banking crisis and fundamentally alters the relationship between the FCA and its regulated organisations. It’s designed to prevent responsibility gaps arising in financial companies by improving individual accountability. At the same time, it devolves responsibility for the wider certification of employees who carry out regulated activities to the organisation itself.

Managing a regulatory change of this magnitude will require a great deal of preparation, process development and corporate governance activity. Company Secretaries, legal departments and HR teams need to assess the compliance and operational requirements well ahead of the implementation deadline, because they will have a major impact. The annual burden of certifying employees as fit and proper persons and tracking their compliance history is likely to prove significant. Organisations will need to ensure they have appropriate tracking and management technology in place to give a global view of compliance status.

4. Volatility and Resilience – Being Prepared for the Unknown

It’s unlikely that any “2019 predictions” articles will go to press without mentioning Brexit. The UK’s relationship with the EU is likely to be the defining issue for 2019 and beyond. But while the issue of Brexit is very present right now, it is symptomatic of the wider global climate of volatility and uncertainty that is now the norm.

Being prepared to respond to the unexpected is a key part of the modern Board’s responsibilities.

In a climate in which most traditional industries are caught between competing with disruptive digital newcomers and trying to roll out their own digital transformation programmes, Directors must be engaged and proactive. Board members must assess their composition and ensure that they have the right mix of skills and experience to handle disruption and uncertainty, together with the vision to see opportunities among the chaos. Communication between board members, and between the Board members and stakeholders, must be transparent, demonstrating a commitment to accountability and strong governance.

The keynote for 2019 will be the development of the resilient organisation, one that can absorb the stresses that today’s environment creates. Volatility and uncertainty represent the new normal as we see an escalating pace of innovation and disruption, co-piloted with regulation to safeguard stakeholders.

An important cornerstone of that resilience will be sound corporate governance that steers companies in the right direction as they negotiate turbulent waters. Board members are in for a challenging year.