Risk & Compliance

Walking the Beat

Audit committees in Europe are treading a fine line between U.S. and home-country law, and facing pressure from investors, governance watchdogs, an...
Tony McAuleySeptember 22, 2003

Skandia, the Swedish insurer and one of Europe’s oldest publicly listed companies, does not have a U.S. stock listing, nor bonds that trade there, and it ceased trading in the U.S. last year after the sale of American Skandia to Prudential for about $1 billion. Yet, the SKr75 billion (E8 billion) company this year decided to beef up its audit committee to a level that complies with the U.S.’s new Sarbanes-Oxley Act.

“It seemed an obvious thing to be doing following all the recent events, particularly in America,” says Jan Erik Back, Skandia’s CFO. The company made the changes for a number of reasons, not least because its new CEO, Leif Victorin, wanted “a greater level of comfort” when he took the job earlier this year. Remaining competitive within its sector was also a big factor, says Back. “It’s part of a trend in financial services to be more sophisticated, part of the risk management you have to do.”

Throughout Europe, companies like Skandia are having to reconsider their oversight arrangements, as audit committees become the focal point of the sweeping changes to corporate governance on both sides of the Atlantic. In the wake of Enron and other recent spectacular corporate failures, both the U.S. and European authorities have mandated that audit committees, often seen in the past as a glorified rubber-stamp for financial results, are the chief guardians of a company’s financial integrity. These committees have been handed the central responsibility for ensuring there are adequate internal audit regimes; for hiring, monitoring and compensating external auditors, and ensuring their independence; for ensuring there are procedures to allow “whistleblowers” to come forward; and much else besides.

The U.S. and Europe (at both the EU and national levels) have set broadly similar criteria for audit committees, but there is one crucial difference: in the U.S. it’s the law, whereas Europe is taking a non-statutory, “comply or explain” route.

This has created a murky situation in Europe. About 500 European companies — those with stocks or bonds trading in the U.S. — must comply with U.S. law or they will lose access to capital markets there. Executives could even face fines or jail terms for serious breaches. For some companies, just a little tinkering is required to bring their audit committees into line. Others, however, must walk a fine line between the U.S. and home-country law, as has been the case in Germany.

Even for those European companies that do not have to comply with “Sarbox,” pressure for fully independent audit committees and other key oversight measures is coming from a number of directions, such as investor interest groups, local governance watchdogs, new governance rating agencies, and even from top management.

Warning Signals

In Skandia’s case, up until a few months ago its audit committee consisted of its chairman and one other board executive, falling short of the number of independents required by new European guidelines, as well as the U.S. law. At least one governance rating agency had raised a “red flag” on the issue of its audit committee. (Governance watchdogs and rating agencies have borrowed the nautical “raising a red flag,” to indicate areas where corporate practices come up short.) Skandia’s audit committee is now made up of three independent, non-executive directors, at least one of whom has a high level of financial expertise, as called for in the EU guidelines and Sarbox. New committee chairman is Bjorn Bjornsson, a director of several large Swedish investment companies. He is joined by Claes Reuterskiold, a director of Swedish holding company Industri-Varden, and Boel Flodgren, vice chancellor of Lund University and a business law expert.

Skandia is still the exception in Sweden, where only 12 of the country’s 27 largest listed companies surveyed this year by Heidrick & Struggles, an executive search firm, have audit committees. The practice varies widely in Europe. Heidrick & Struggles’ latest biennial review of board practices at Europe’s 300 largest companies showed that while every one of the 50 UK companies surveyed had an audit committee, in Germany less than half the surveyed companies had one. But overall, the number of committees is increasing — 80 percent of all the surveyed companies had audit committees in 2003, up from 66 percent in 2001 and 56 percent in 1999.

“We expect further growth of the percentage of companies with audit committees and a higher degree of convergence in the European practice,” says Andrei Stepanov, a London-based co-author of the Heidrick & Struggles survey. “Largest listed companies will continue to lead the way in the proliferation of best practice, not least because they have the highest proportion of common international institutional shareholders who will be pushing for similar standards of corporate governance in all the countries where they invest.”

Law Abiding

Meantime, the most pressing concern for European companies with U.S. listings is to comply with the U.S. law. It’s been a moving target this year as the Securities and Exchange Commission continues to consider lobbying from non-U.S. interests. Wayne Kirk, a San Francisco-based lawyer at Thelen Reid & Priest, monitors the requirements of Sarbox as it applies to non-U.S. companies. He notes that the SEC has made a raft of concessions for non-U.S. companies listed in America, including extending the deadline for companies to have a fully independent audit committee in place by a year, to July 31, 2005.

Also, as is the case in Germany, if a domestic law requires a supervisory board or audit committee to have non-management members who would not be viewed as independent under Sarbox (such as workers’ representatives), it may have them, so long as they are not executive officers. A few other exemptions exist, but while the EU continues to negotiate with the U.S., Kirk says, “I still believe the most significant Sarbanes-Oxley rules will apply.” He adds, “Most people think that the rules regarding annual evaluation of internal controls [which falls under the audit committee remit] is going to be the most difficult and costly part of all of this.”

Corporate Europe’s reaction has been measured so far. Graeme Pitkelthy, chief accountant of Unilever, the E49 billion Anglo-Dutch consumer goods giant, echoes many in Europe when he says, “There is a sense that companies globally are suffering for failures in the U.S.” But he adds that Unilever accepts that, as a company with a New York Stock Exchange listing and 25 percent of its sales in America, it must abide by that country’s rules. Unilever plans to be fully compliant with Sarbox.

Like many British companies, Unilever’s major governance overhaul dates back to the early 1990s, after new national guidelines were rolled out in the wake of various corporate scandals. But it still has needed to make changes to meet Sarbox.

The firm’s latest review of its audit policies and procedures began in late 2001 — initiated before Enron’s collapse, Pitkelthy says. The audit committee decided to re-appoint PricewaterhouseCoopers as the firm’s auditor at the end of 2002, but it declared that PwC would no longer be eligible to tender for consulting work. (Though Pitkelthy insists that PwC now “rather enjoys the clarity it sets out for them as auditors,” PwC cannot be too pleased with their fees from Unilever in 2002 dropping by £29 million — about E41 million — to £34 million, after its non-audit work was axed.)

In order to comply with the minimum Sarbox requirements, Unilever’s audit committee, headed by Hilmar Kopper, chairman of Deutsche Bank’s supervisory board, also recently agreed to increase the number of times it meets every year from three to four.

But there’s still a need for vigilance. PIRC, a UK corporate governance watchdog, “red-flagged” Unilever’s audit committee, noting that one member, Claudio Gonzalez, had received a E13,000 fee from the firm for advisory services in Latin America in 2002. Sarbox requires that audit committee members receive no fees other than that those received as board directors.

Think Local

The complexity of meeting Sarbox has been particularly testing for German companies with U.S. listings. As Stepanov of Heidrick & Struggles says, “Corporate governance development in Germany has been characterized by different and partially competing trends,” even before taking into account the Sarbox rules.

A German company with more than 20,000 employees must, by law, have a supervisory board of 20 members — half elected by shareholders and half elected by employees based in Germany — to oversee its management board. If it has an audit committee, it too must give workers’ representatives equal membership.

A year ago, the Cromme Commission, set up by the German government mainly to deal with international criticism of German companies’ opacity, published a voluntary corporate governance code, the final revised version of which came out this spring and is now known as the German Corporate Governance Code. It formally takes effect in 2004 and is divided into two parts — “recommendations,” which companies must adopt or formally explain why they do not; and “suggestions,” which companies can follow or not. The code gives a “recommendation” that companies set up an audit committee. There is also a “suggestion” that the chairman of the audit committee should not be a former member of senior management. According to Christian Köning, a spokesman of the Cromme Commission, the expectation is that investors will question companies when they fail to comply with recommendations and suggestions.

Meanwhile, the SEC, while conceding that workers’ representatives can serve on audit committees, still mandates that committee members must meet its other independence criteria, which include not accepting any compensation other than as a director (except for fixed retirement payments, provided they are in no way performance linked).

Navigating these rules is no simple task. Consider BASF, Germany’s E32 billion chemicals giant, which is listed on various German exchanges and the NYSE. It set up its first audit committee in July, appointing Max Dietrich Kley, former CFO and more recently deputy chairman of BASF’s executive board, as its chairman. Other members are: Karlheinz Messmer, plant manager of BASF’s Ludwigshafen site; Jürgen Walter, member of the central board of executive directors of the Mining, Chemical and Energy Industries Union (IG BCE); and Helmut Werner, former chairman of Mercedes-Benz and now managing director of his own consulting company.

The company said the committee was set up to meet the requirements of both Sarbox and the German governance code, but there remain gray areas. The appointment of Kley as chairman ignores the German code’s “suggestion” that former executives be barred from that role. Also, under Sarbox, both Kley and Messmer must not receive any compensation that could be deemed as contingent on the company’s performance, such as share options or bonuses.

Jennifer Moore-Braun, a BASF legal affairs spokesperson, says the company had reviewed the legal situation carefully and deemed that the company is in compliance with both the German code and U.S. law.

The European Commission, in publishing its own voluntary guidelines for minimum corporate governance and audit oversight standards in May, groused that the U.S. law “creates a series of problems due to its outreach effects on European companies and auditors.”

Cumbersome and Costly?

Some European companies have, indeed, become so exasperated with what they see as a cumbersome and costly U.S. capital market system, that they feel that complying is not worth the effort. Perhaps in a sign of things to come, the New York Stock Exchange lost further market share to its main international rival, the London Stock Exchange from 2000 through 2002. During the period, trading in foreign-listed shares on the NYSE dropped by 38 percent to $702 billion; in London the drop was a more modest 21 percent to $2.1 trillion, according to the International Federation of Stock Exchanges.

One company that changed its view about the benefit of a New York listing was Reckitt Benckiser, the £3.5 billion Anglo-Dutch-German maker of consumer goods, created by a merger in 1999. Prior to the merger, Benckiser NV was listed on both the Amsterdam and New York stock exchanges, but afterwards it dropped the NYSE listing. Now Reckitt Benckiser is listed only on the London Stock Exchange.

Between 25 percent and 30 percent of Reckitt Benckiser’s shareholders are based in the U.S. and, according to Tom Corran, senior vice president in charge of investor relations, 90 percent of those shareholders tell the company that a U.S. stock listing is not necessary.

“Every year we review the situation and our shareholders consistently tell us not to bother,” Corran says. “There are significant costs to list, and to maintain all of the additional filings and so on.” When Benckiser was listed there, less than 1 percent of its share turnover was in New York. “It’s just not worth it,” says Corran.

In any case, Reckitt Benckiser has enough trouble to deal with at home in the new governance environment. Earlier this year the company came in for criticism from investor watchdogs after a botched share sale by members of the Reimann family, who controlled about 24 percent of the company at the start of the year. Its shares tumbled 22 percent and two UK watchdog groups, the National Association of Pension Funds and PIRC, criticized the company over executive remuneration and other governance issues.

On the audit committee, PIRC called into question the independence of two audit committee members: Hans van der Wielen was deemed not independent as he’d exercised Reckitt share options during 2002, while Dieter Meuderscheid fell into the same category as he was appointed by Joh. A. Benckiser, the founding family’s investment vehicle.

Corran blasts the culture that encourages this increased level of activism, even the voluntary “comply or explain” system in the UK, as it doesn’t allow for the circumstances of individual companies. “The UK corporate governance world is crazy. It has a box-ticking code that doesn’t take into account real-world situations. It is perfectly sensible to have on the board representatives of major shareholders.”

As it happens, Meuderscheid left the board and the audit committee after the company’s annual general meeting in May and the Reimanns’ board representation dropped to one from two because of the reduction in their holding in the company.

For individual audit committee members, it’s a whole new ball game. “One of the issues we run into more than ever before is that committees are overwhelmed with information,” says Dan Konigsburg, European director of Standard & Poor’s corporate governance services in London, one of several new governance rating services to open for business in the past year or so. “It’s the opposite problem to what we had two years ago.” Recently, he recalls, S&P rated £1.7 billion insurer Friends Provident, and “we heard from several directors on the audit committee that the finance department and the CFO were giving them too much information… We are seeing this in a number of companies.”

Pumping Up

He adds that as audit committees proliferate in Europe, their members are getting more assertive. “We’re seeing a lot of newly empowered audit committees, what we refer to as audit committees ‘on steroids,’” he says.

Indeed, as audit committees become a governance focal point, the relationship between finance chiefs and external auditors is changing. In the past, says Roger Davis, head of professional affairs for Europe at PwC in London, “[external] auditors would have seen the finance director or CFO as their main client. Now that has shifted to the audit committee.”

That’s something CFOs such as Skandia’s Back are willing to live with, as is the extra work required of companies to operate within new governance parameters. As far as he’s concerned, the pressure for tighter audit committee arrangements has been, on balance, a good thing. “Sure, there were some costs attached. But they were not particularly onerous and compared to really big projects, like converting to the euro or [international accounting standards], it’s peanuts.”

He adds, “There are a lot of positive things, as it clarifies a lot of the roles and responsibilities… It gives what the consultants would call a ‘line of sight.’”

Fraud’s Silver Lining

At a recent breakfast seminar in London, some 80 of the UK’s business elite sat attentively during a briefing on a topic that would have received scant attention just a few years ago. The topic? Forensics. More specifically, the seminar’s participants — who were there to fulfill their expanding duties as audit committee members — were learning about the latest forensic techniques used to detect accounting fraud and irregularities in financial reporting.

Set up by KPMG’s forensics unit, the “Audit Committee Club” has been meeting regularly over the past year and is one of a host of such groups launched across Europe by the Big Four accounting firms and a number of consultancies to help executives address the daunting array of new governance duties.

One of the case studies that forensics experts have been keen to discuss lately involves a court case that pitted Motorola of the U.S. and Finland’s Nokia against Telsim, Turkey’s second largest mobile operator, which is controlled by the wealthy Uzan family. The experts say it provides a perfect example of why audit committees need to be more proactive than they have been about stopping fraud.

In late July, a New York court found that Telsim “had perpetrated massive fraud,” by diverting loans from the plaintiffs to buy jets, apartments and other extravagant goodies for their personal use. The case’s judge ordered the defendants to pay Motorola $4.2 billion (E3.8 billion). But few expect that the money will ever be recovered.

Meanwhile, there have been a total of seven shareholder lawsuits brought against Motorola’s former CFO Carl Koenemann, alleging that he misrepresented the nature of the Telsim deals.

Members of audit committees, especially at companies affected by the U.S.’s Sarbanes-Oxley Act, are acutely aware that they could be facing similar legal action if their own system of controls lets their stakeholders down. According to Adam Bates, head of KPMG’s European forensics practice, “Some audit committees are feeling quite vulnerable. What we have seen in the last couple of months is clients asking to review and benchmark fraud-detecting systems against competitors.”

Chris Lemar, a partner in the forensics practice of PricewaterhouseCoopers, agrees with Bates and adds, “The thing that is really focusing minds is the way the [stricter U.S. regulations governing audit committee oversight are] finding their way into European companies.”

But for the big accounting firms, crime pays. At KPMG, for example, Bates says fraud investigations and prevention has been driving its forensics business in Europe, with double-digit growth pushing annual revenue up to E100m a year.

Getting Your Act Together

Section 301 of the Sarbanes-Oxley Act requires the U.S.’s stock exchanges to prohibit a company from listing a security if it does not have an audit committee that upholds minimum standards, including:

Audit committees. Companies must set up audit committees and provide them with funding to cover members’ salaries and fees for independent auditors and other external advisers that the committee deems necessary to allow them to fulfill their duties. (Foreign private issuers have until July 31, 2005, to comply with this rule.)

Accounting complaints. An audit committee must establish “whistle-blower” procedures.

Independence. Every member of an audit committee must meet “independence” criteria, including not receiving compensation other than as a director and not being an “affiliated person” through a shareholding (though some concessions have been made, including allowing worker representatives). An audit committee must also disclose the “financial expertise” of at least one member, which includes education and experience as a public accountant, auditor or other similar role, and an ability to oversee the preparation, auditing and evaluation of financial statements.

Auditor oversight. An audit committee must be “directly responsible” for appointing, compensating, and retaining a company’s independent auditor. It also must approve audits and any permitted non-audit work in writing.

Required reports. The auditor report must be sent to the audit committee “on a timely basis” that explains all critical accounting policies and practices, any alternative accounting treatments and the reasons for using them, and other material written communication between the auditor and the firm’s management.

Code of ethics. An audit committee can be given the responsibility for ensuring that the CEO and CFO comply with the company’s code of ethics.

Required CEO/CFO reports to the audit committee. Both must certify the accounts, alerting the committee to any deficiency in internal controls or fraud.

Legal reports. Company lawyers must report any breach of law to the audit committee.

Source: Memorandum by U.S.-based Weil, Gotshal & Manges