On the 2022 board agenda On the 2022 board agenda On the 2022 board agenda

As the UAE focuses on reopening and companies reposition for the future, it is increasingly clear that resilience – of strategy, the organization, and operating muscle – is proving to be the great differentiator of the pandemic era. From pivoting to “remote everything” and focusing on workforce well-being to deepening digital engagement with customers and recalibrating supply chains, the ability to quickly adapt to dramatic disruption has defined the survivors and thrivers.

The unprecedented events of the past two years have clearly put corporate governance processes, including board oversight, to the test. Demand for action on environmental, social and governance (ESG) performance, including climate risk; increased cybersecurity risk (including ransomware attacks); economic and supply chain challenges; a fast-changing regulatory landscape; and other factors impacting the global risk environment will continue to challenge even those boards which are at the top of their game.

In short, boards are at a pivotal moment. As one director recently observed, the need for “today’s boards to help their company reimagine, rethink, and reset is probably a once-in-a-generation opportunity.”

Drawing on insight from our interactions with directors and business leaders, we highlight the following eight areas here for boards to keep in mind as they consider and carry out their 2022 agendas:

1. Deepen the board’s engagement in strategy and in envisioning the future

There are three things to action:

• Given the volatile and fluid business environment ahead, take time to reassess the board’s engagement in strategy. Issues to deal with include: managing remote workforces, digital transformation and other accelerating megatrends, building more resilient supply chains and strengthening connections with customers whose behavior, preferences and expectations are changing.
• Review the alignment of corporate purpose, culture, values, and strategy
• Identify specific practices to drive quality boardroom discussions about strategy and the future

A fundamental question is whether boardroom conversations are, in fact, meaningful, two-way discussions between management and the board about forward-looking issues. There’s a need to challenge assumptions and consider scenarios (likely and unlikely) versus reviewing historical, compliance-related information which, while essential, can crowd-out valuable agenda time.

Effective engagement in strategy discussions (which investors expect) increasingly calls for a collaborative mindset. How can the board help management think through the implications of pressing and potentially existential strategic questions and decisions? And is management helping to set the context, providing meaningful materials to the board to prepare directors for those critical conversations and maximize the board’s contribution?

In our discussions with experienced directors over the past year, a number of elements and practices were highlighted that may be helpful:

• Encourage management to revisit the strategic planning process.
  • Is the process adequate considering the speed and impact of megatrends – and does it capture the risks and potential disruptions on the horizon?
  • Does the process challenge the validity of key assumptions that the company’s strategy and business model are based on?
  • Is it an iterative process – with milestones and opportunities to recalibrate – and does it bring in perspectives from throughout the organization?
• Develop a vivid picture of the future. This is never an easy undertaking, and it is particularly challenging today, given the level of uncertainty and transformational changes underway.
  • Where are the company’s industry and competition (both industry competitors and those in adjacent industries) headed?
  • What might the business look and feel like in two, five or ten years? Make time for the board to have meaningful “what-if” discussions in a focused and urgent way – including devoting time to less-likely scenarios (without getting overly theoretical). Risks and scenarios related to climate, ESG, human capital, and supply chain should be front and center.
• Make resilience part of the strategy discussion. Resilience is not only the ability to bounce back when something goes wrong. It’s also the ability to stand back up with viable strategic options for staying competitive and on the offensive.
• Understand the value of the board’s lens. Management is immersed in running the business, looking around the corner and staying competitive – as they should be. Board members are likely picking up broader perspectives and signals from their activities – and may be seeing and hearing things differently from management.

2. ESG, climate risk, and diversity, equality and inclusion (DEI)

Companies expect regulatory and investor focus on climate change, DEI topics, and other ESG issues to continue in 2022. How companies address these risks is fundamental to the business and critical to their long-term sustainability and value creation. In fact, the attention to climate change as a financial risk has become more urgent as the possibility to prevent more dire long-term consequences rapidly decreases. The physical impact of climate change–including the frequency and severity of floods, wildfires, rising sea levels, and droughts–is also adding urgency to the issue.

Companies work in conjunction with countries, regulators, and other stakeholders to reduce reliance on carbon and the impact on the climate. As they do so, they face transition risks–defined by the task force on climate-related financial disclosures (TCFD) as risks associated with the transition to a lower-carbon economy. According to the TCFD, the most common transition risks relate to policy, tax, legal actions, technology changes, market responses and reputational considerations. The challenge for boards is to ensure that these transition risks–together with other climate change risks–are properly addressed by management.

Monitoring the rapidly changing climate change regulatory developments is critical as policy makers globally increase the demand on companies to take action. In the UAE, the following initiatives were designed, in some or large part, to contribute to a long-term plan for a sustainable future:

• The recent COP26 summit (October-November 2021) brought parties together to accelerate action towards the goals of the Paris Agreement and the UN Framework Convention on Climate Change. Cop28 (2023) will be hosted in Abu Dhabi.
• EXPO 2020 Dubai has brought the UAE to the forefront of countries advocating for a sustainable future. Its sustainability policy engages the global community to take collective action to address sustainability challenges.
• UAE Vision 2021 is in alignment with the UAE Green Agenda 2015-2030, the Dubai Plan 2021, Paris Agreement (COP21) and the 17 UN Sustainable Development Goals (SDGs).
• Abu Dhabi Vision 2030 aims to build a sustainable and diversified economy, while improving accessibility and providing higher-value opportunities. The Abu Dhabi Global Market (ADGM) has also set up the Zayed Sustainability Prize Initiative. The prize is inspired by Sheikh Zayed’s vision of “uplifting vulnerable communities across the world through technology and sustainable solutions.”
• The Dubai Financial Market (DFM) updated its Shari’a standards to cater to the growing interest in sustainability. The standards cover the issuance of green instruments such as green sukuk, shares and green investment funds.

From a regulatory perspective, the UAE’s Securities and Commodities Authority (SCA) actively supports the achievements of the national sustainability agenda. The SCA has mandated all public joint stock companies listed in the country to disclose a sustainability report. This goes in line with Article (76) of the Chairman of Authority’s Board of Directors’ Decision no. (3/Chairman) of 2020 concerning the Approval of Joint Stock Companies Governance Guide. The SCA has also published the Securities and Commodities Authority Master Plan for Sustainable Capital Markets covering the key pillars required for companies to meet their ESG objectives.

The growing regulatory focus on ESG

All the signs point to steadily growing ESG-focus from shareholders and regulators. Several fundamental questions should be front-and-center in boardroom conversations, like determining which ESG issues are of strategic significance. Boards should then assess how the company is embedding them into core business activities (strategy, operations, risk management, incentives and corporate culture) to drive long-term performance.

Oversight of these risks and opportunities is a significant challenge involving the full board and potentially multiple board committees. For example, elements of climate, ESG, and DEI monitoring likely reside with the audit and remuneration committees. Other committees–like an ESG or sustainability committee–may also have responsibilities. Overlap is to be expected as well, but this puts a premium on information sharing, communication and coordination among committees. It also requires that committees have the expertise to oversee the issues delegated to them.

3. Engage proactively with stakeholders

Given the intense stakeholder focus on climate risk, ESG and DEI–particularly in the context of long-term value creation–engagement with stakeholders should be a priority. Institutional investors and other stakeholders are increasingly holding boards accountable for companies’ performance. They are continuing to demand greater transparency and direct engagement with independent directors on big-picture issues like strategy and ESG. Indeed, transparency, authenticity and trust are not only important to investors, but to employees, customers, suppliers, and communities who are holding companies and boards to account.

To best understand the views of its key stakeholders, the board should request periodic updates from management on the effectiveness of the company’s engagement activities:

• Does the company understand and engage with the priorities of its largest shareholders and key stakeholders?
• Are the right people engaging with these stakeholders and how is the investor relations (IR) role changing (if at all)?
• What is the board’s position on meeting with investors and stakeholders? Which independent directors should be involved?

In short: Is the company providing investors and other stakeholders with a clear, current picture of its performance, challenges, and long-term vision?

Strategy, executive remuneration, management performance, climate risk, ESG initiatives, human capital management, and board composition and performance will remain on investors’ radar during the 2022 AGM season. Investors and stakeholders may also focus on the strategies that address economic and geopolitical uncertainties shaping the business and risk environment in 2022.

4. Prioritizing talent, human capital management and CEO succession

The pandemic during 2020-2021 further highlighted the strategic importance of human capital management (HCM) issues. These include employee and supply chain health and safety issues that are critical to the company’s performance and reputation.

Institutional investors have been increasingly vocal about the importance of human capital and talent development programs and their link to strategy. For example, calling for more engaged board oversight and enhanced disclosure of HCM-related metrics.

In 2022, we can expect continued scrutiny of how companies are adjusting their talent development strategies. The challenges of finding, developing and retaining talent amid a labor constrained market have created a war for talent:

• Does the board have an understanding of the company’s talent strategy and its alignment with the broader strategy and forecast needs for the short and long-term?
• Which roles throughout the organization are mission critical, and what are the challenges keeping those roles filled with engaged employees?
• Which talent categories are in short supply and how will the company successfully compete for these talents?
• Does the talent strategy reflect a commitment to DEI at all levels?

More broadly: millennials and younger employees are increasingly choosing employers in alignment with their own values. As they join the workforce in large numbers, talent pools become globally diverse. Is the company positioned to attract, develop and retain top talent at all levels?

Crucial to all of this is having the right CEO in place to drive culture and strategy, navigate risk and create long-term value for the enterprise. The board should ensure that the company is prepared for a CEO change on an emergency or permanent basis. CEO succession planning is a dynamic and ongoing process. The board should therefore always be focused on developing a pipeline of potential CEO candidates, as well as all other C-suite positions.

How robust are the board’s succession planning processes and activities? Is the nomination committee reviewing the plans at least once per year but likely more often in these uncertain times? Are succession plans in place for other key executives? How does the board get to know the high-potential leaders two or three levels below the C-suite – especially in a work- from-home environment when office visits and board - executive in person meetings may not be feasible?

5. Approach cybersecurity and data privacy holistically as data governance

Companies have made rapid shifts during the pandemic to keep their businesses up and running. They have introduced remote work arrangements and supply-chain adjustments, and increased reliance on online platforms. These have been a boon to organized crime and hacktivists. Cyberattacks of all types proliferated globally during the pandemic, highlighting the far-reaching implications for supply chains and operations, as well as the ongoing cybersecurity challenges.

The UAE however has fortified its defenses against cyberattack across various fronts. A new federal data protection law no. 45 of 2021 regarding the Protection of Personal Data (PDPL) has been enacted to elevate its data handling and protection standards as per international best practices. Similarly, ADGM has enacted its new Data Protection regulations 2021 which is closely aligned to the European Union’s data protection regime under the General Data Protection Regulation (GDPR). The Dubai International Financial Center (DIFC) has also published guidance to help businesses to comply with the DIFC Data Protection Law.

Most recently, Abu Dhabi Digital Authority (ADDA), Etisalat and Trend Micro have announced the launch of Cyber Eye. This is an initiative designed to strengthen the Abu Dhabi government entities’ cybersecurity capabilities. This initiative shall employ novel technology and systems to identify cyber threats in real-time and take effective and proactive actions to mitigate risks and increase protection.

While regulatory stringency is vital, the responsibilities on individual boards with regards to cybersecurity measures remain crucial. Globally, boards have made strides in monitoring management’s cybersecurity effectiveness:

• Greater IT expertise on the board and relevant committees
• Company-specific dashboard reporting to show critical risks
• More robust conversations with management

Despite these efforts, they are still striving to manage the acceleration of digital strategies, remote work and hybrid work models, and the increased regulatory scrutiny of data privacy. The growing sophistication of cyber attackers also points to the cybersecurity challenge ahead.

Data governance overlaps with cybersecurity, but it’s broader. Data governance includes compliance with industry-specific privacy laws and regulations. It also consists of privacy laws and regulations that govern how personal data – from customers, employees or vendors – is processed, stored, collected and used. Data governance also includes the company’s policies and protocols regarding data ethics. In particular, managing the tension between how the company may use customer data in a legally permissible way and customer expectations as to how their data will be used. Managing this tension poses significant reputation and trust risks for companies and represents a critical challenge for leadership.

In order to oversee cybersecurity and data governance more holistically:

• Insist on a robust data governance framework that makes clear how and what data is being collected, stored, managed, and used, and who makes decisions regarding these issues.
• Clarify which business leaders are responsible for data governance across the enterprise – including the roles of the chief information officer, chief information security officer, and chief compliance officer.
• Reassess how the board – through its committee structure – assigns and coordinates oversight responsibility for both the company’s cybersecurity and data governance frameworks, including privacy, ethics, and hygiene.

6. Reassess the company’s crisis prevention and readiness efforts

The severity of crises that companies have faced in recent years looms large, with crisis prevention and readiness now becoming more prominently in boardroom conversations. Crisis prevention goes hand-in-hand with good risk management. They identify and anticipate risks, as well as provide a system of reporting and controls to mitigate the impact of such risk events.

We’re clearly seeing an increased focus by boards on cultural and key operational risks across the extended global organization. For example, supply chain and outsourcing risks, information technology and data security risks. Periodically reassessing the clarity and appropriateness of risk oversight responsibilities among the board’s committees helps companies address the following questions:

• Does the company understand its critical operational risks, including “mission critical” company and industry risks?
• What has changed in the operating environment?
• Has the company experienced any control failures, and if so, what were the root causes?
• Is management sensitive to early warning signs regarding safety, product quality and compliance?
• Is the company’s crisis response plan robust and ready to go? Is the plan actively tested and updated as needed?
• Does it consider the loss of critical infrastructure such as telecommunications networks, financial systems, transportation and water and energy supplies?
• Are there communications protocols to keep the board apprised of events and the company’s response?

Additionally, companies should ensure that the audit committee’s agenda is not overloaded, as well as encourage good communication and coordination, as certain risks may touch multiple committees. Management should also weigh a broad spectrum of what-if scenarios – from supply chains and the financial health of vendors to geopolitical risks, natural disasters, terrorist acts and cyber threats. Even the best-prepared companies will experience a crisis, but companies that respond quickly and effectively – with a robust communication strategy – tend to weather crises better.

A final, important reminder from the Covid-19 experience... While management should keep the board apprised throughout a crisis, the board should prioritize the information requests to ensure that it will not unduly add to management’s workload and potentially distract the CEO and management team from mission-critical activities.

7. Help set the tone and closely monitor the culture of the organization

The events of 2020-2021 have increased the risk of ethics and compliance failures. Fraud risk due to employee financial hardship and the pressure on management to meet financial targets were major contributors to this issue. Which is why organizations should closely monitor their culture and the tone at the top with a sharp focus on behavior and yellow flags:

• Ensuring senior management is sensitive to human resource issues, particularly the pressures on employees, employee health, safety and well-being, productivity, engagement and morale
• Normalizing work-from-home arrangements
• Making it safe for people to do the right thing

Given the critical role that corporate culture plays in driving performance and reputation, boards are also taking a proactive approach to understanding, shaping, and assessing corporate culture:

• Focusing on the tone set by senior management, as well as zero tolerance for conduct that is inconsistent with the company’s values and ethical standards. This includes any “code of silence” around such conduct.
• Being sensitive to early warning signs, verifying that the company has robust reporting mechanisms such as whistle-blowers, and ensuring that employees are not afraid to use them
• Identifying trends and closely monitoring the reporting systems to understand how claims are addressed and resolved. If the company has a sizeable workforce and few or no claims, the board should dig deeper.
• Understanding the company’s actual culture–the unwritten rules versus the values employees are supposed to adhere to
• Using all the tools available to monitor the culture and see it in action. This involves surveys, internal audits, hotlines, social media, virtual town halls, as well as walking the floors and visiting facilities.
• Recognizing that the tone at the top is easier to gauge than the mood in the middle and the buzz at the bottom
• Making sure that incentive structures align with culture and strategy and encourage the right behavior. This allows the board to gain visibility into the middle and bottom levels of the organization.
• Looking out for discussions that lack independence or contrarian voices
• Focusing on the results, as well as the behavior driving results

8. Think strategically about talent and diversity in the boardroom

Boards, investors, regulators and other stakeholders are increasingly focusing on the alignment of board composition with the company’s strategy front-and-center.

Indeed, the increased level of investor engagement on this issue highlights investor frustration over the relatively slow pace of change in boardrooms. It also points to the central challenge with board composition: a changing business and risk landscape. A proactive approach to board-building and board diversity of skills, experience, thinking and gender allows companies to:

• Addressing competitive threats
• Mitigate business model disruption, technological innovation and digital changes
• Tackle climate, ESG and cyber risk
• Manage global volatility

The Securities and Commodities Authority also emphasizes the need for diversity in board composition. Specifically, Article 9 of the Chairman of Authority’s Board of Directors’ Decision no. (3/Chairman) of 2020 concerning approval of Joint Stock Companies Governance Guide. It states that the representation of women on the boards of listed companies should not be less than one director. Similarly, the Central Bank of the UAE (CBUAE)’s Corporate Governance Regulations requires that women represent at least 20% of candidates considered for board membership.

The CBUAE has also signed a Memorandum of Understanding with Aurora50–a social enterprise focusing on achieving gender-balanced boardrooms in the UAE. This partnership aims to enhance and accelerate gender diversity in public and private sector boardrooms. This is done through knowledge exchange, supporting the skill development and building a strong pipeline of female talent.

Board composition, diversity and renewal should therefore remain a key area of board focus in 2022. It is used for communicating with stakeholders, enhancing the disclosure of the company’s annual report, and most fundamentally, positioning the board strategically for the future.