Corporate governance is the system by which companies and other organizations are directed, monitored and encouraged, involving the relationship between partners, board of directors, board of executive officers, supervisory and control bodies and stakeholders.
Good Corporate Governance practices translate basic principles into objective recommendations, aligning interests with the purpose of preserving and optimizing the long-term economic value of the organization, facilitating its access to resources and contributing to the quality of the organization’s management, longevity and very common.
In summary, Corporate Governance is the sum of corporate practices that aim to sustain the activities of the organization at all levels, in order to add value to its capital and mitigate risks.
Knowing and / or revisiting the best practices of Governance, realizing an integrated vision with Risk Management and Compliance is fundamental to ensure both good Corporate Governance and to inhibit and treat deviations and illegal acts committed through the structures of organizations.
Briefly, the expression “Corporate Governance” gained momentum in Brazil around 30 years ago, with the foundation in 1995 of the Brazilian Institute of Corporate Governance (initially called the Brazilian Institute of Management Boards), publishing its first version of the Brazilian Code of Best Corporate Governance Practices Corporate in 1999 (now in its 5th edition), following the example of the OECD, which in the same year published its first version of the G20 Principles of Corporate Governance and the OECD.
Such publications assist decision makers in assessing and improving the legal, regulatory and institutional framework for Corporate Governance, as well as providing guidance to stock exchanges, investors, companies and others with a role in the process of developing good governance of companies. Furthermore, they seek to stimulate the conscious and effective use of governance instruments, focusing on the essence of good practices, explaining the importance of business ethics.
Corporate Governance is based on four principles:
(i) Transparency, such as the desire to provide interested parties with information that is of interest to them;
(ii) Equity, such as fair treatment of all partners and other stakeholders;
(iii) Corporate Responsibility, such as the demand for sustainability; and
(iv) Accountability, such as the liability of agents.
Corporate Governance started focused solely on the corporate and investor relations aspects of a company. However, its four pillars have been extended to other specific areas of companies, such as Information Technology and is also a basis for issues related to Risk Management, Compliance and Ethical Channels.
In the Brazilian legislative and regulatory scenario, when dealing with corporate aspects, in addition to the Brazilian Civil Code itself, Brazilian Corporate Law, 6,404/76, should be observed, since it establishes, for example:
(i) Article 109, item III, that the right of supervision constitutes an essential right of the shareholder;
(ii) in its article 133, companies are obliged to make available to their shareholders, annually, some documents that reflect their operations (management report, financial statements and independent auditors’ and audit committee opinions); and
(iii) in article 294, that companies with shareholders’ equity exceeding R $ 1,000,000.00 must publish their financial statements.
As good Corporate Governance practices, the rules of the Brazilian Securities and Exchange Commission (CVM), for listed companies, are pointed out, without prejudice to the drafting of internal regulations, shareholders’ agreement, creation of committees, such as auditing committee, with emphasis on the creation of a governance secretariat in order to improve the system of controls adopted by the company, all in accordance with current legislation.
Another example of the importance of the Brazilian market for good Corporate Governance practices is the creation by B3 (Brazil Stock Exchange) of the listing segments with differentiated levels of Corporate Governance – Novo Mercado, N2, N1 and Bovespa Mais- and Sustainability indexes – Corporate Governance Index (IGC), Corporate Sustainability Index (ISE) and Efficient Carbon Index (ICO2).
In turn, CVM regulates the effectiveness of the fundamental principles of Corporate Governance, for example:
(i) with CVM Instruction 555, which provides for the disclosure of acts of constitution, administration, operation and disclosure of investment funds;
(ii) with CVM Instruction 476, which provides for public offerings of securities distributed with restricted efforts;
(iii) with CVM Instruction 578, which provides for the constitution, operation and administration of the Investment Funds, which establishes Corporate Governance rules to be followed, such as establishing a unified term of up to two years for the entire Board of Directors, where available.
By exercising the oversight and control role of good governance practices, we have internal and external control bodies, the latter composed of companies specifically contracted to do so.
Controls are all policies and procedures adopted by organizations to mitigate risk and improve internal processes, focusing on continuous prevention, review and updating, to protect the assets and reputation of the company, provide adequate information, generate reliability, operational effectiveness and adherence to
applicable laws and regulations.
There are several types of controls:
(i) prevention of undesired results and reduction of the possibility of occurrence and rapid detection (supplier registration, limits of limits, limits of physical access);
(ii) detectives in relation to the facts that have already occurred;
(iii) corrective of the effects of an undesirable fact and the causes of the risk detected;
(iv) directives or guidelines in order to provoke or encourage the occurrence of desirable facts; and
(v) compensatory control weaknesses in key areas.
In this sense, Compliance standards and procedures are an essential part of good Corporate Governance. From the English verb “to comply”, which means to comply, to execute, to satisfy, to adhere to, to conform to something or according to something, such as to comply with the laws and regulations, to comply with the Code of Conduct, in accordance with the Specific Policies of the Organization, conform to the standards of Image Protection and Business Integrity.
The regulations that involve Compliance also aim to ensure that the company and its members commit do not acts of corruption, which are widely regulated by Brazilian legislation:
(i) articles 312 to 337-D of the Criminal Code dealing with crimes against public administration;
(ii) in Law 9.613 / 98 – Money Laundering Crime Prevention;
(iii) in Law 12.850 / 13 – Organized Crime;
(iv) Law 4.717 / 65 – Popular Action; and
(v) in Law 12486/13 – Anti-Bribery Law.
The Anti-Bribery Law, a regulatory framework in the fight against acts of impropriety, has brought a series of changes and / or improvements that have impacted on good governance practices including, but not limited to, the objective accountability of the legal entity; individual accountability of executives and managers; extension of objective accountability to the economic group; high fines that can reach R$60.0000.000,00; publication of the condemnatory decision in mass circulation and internet media and, as an attenuation of punishments, the existence of an effective compliance program.
As success factors for a compliance program and consequently strengthening good Corporate Governance practices, we can cite the top down culture, the ability and willingness to control external events, understanding the existence of vulnerabilities, adequate internal controls, monitoring, awareness and training.
Compliance with the principle of the integrity of Corporate Governance gives companies the alignment with their strategic objectives; the adequacy to the external and internal legal and regulatory environment; standards of ethics, conduct, sustainability and transparency; control culture aligned with the organization’s vision, mission and values; mapped and controlled risks; policies and procedures; protection from loss, fraud and abuse; anticipation and response to crisis situations; trained employees; protection to the executive board; valorization and protection of the brand, the image and the reputation towards the stakeholders; greater competitiveness and attractiveness of the business; appropriate practices with customers, products and services.
In addition to Corporate Governance applied to corporate and regulatory aspects, anti-bribery and compliance, the adoption of technologies and the intensive use of the Internet by companies made it necessary to apply the concepts of Corporate Governance to Information Security, which we will call Governance in IT (Information Technology), which consists of a set of rules, methodologies and practices, but applied to the technology scenario of the company.
Implementing risk management plans for technology adoption requires the involvement of boards of directors and executives for approval. However, sometimes the board members do not have the necessary expertise, and there is a need for the figure of IT Governance.
Among the norms that regulate IT governance is ABNT NBR ISO/IEC 27014: 2013, elaborated by the Brazilian Committee on Computers and Data Processing, which provides guidance on concepts and principles for information security governance, through which organizations can evaluate, direct, monitor and communicate activities related to information security within the organization.
This standard deals with the desired results for efficient IT Governance:
(i) visibility of top management on the information security situation;
(ii) agile approach to decision making on information risks;
(iii) efficient and effective investments in information security; and
(iv) compliance with external requirements (legal, regulatory or contractual).
Published in 2018 and in the vacatio legis period, with effect from February 2020, the General Law on Data Protection – Law 13709/2018 – provides for the protection of personal data and requires strict control over the personal data that the companies store, determining in its articles 50 and following the Rules of Good Practices and Governance.
It also requires the LGPD to create new positions, such as the Data Protection Officer, and provides that the controller may implement a privacy governance program that, at a minimum:
(i) demonstrates the controller’s commitment to adopt internal processes and policies that ensure the compliance, in a comprehensive manner, with standards and good practices regarding the protection of personal data;
(ii) it is applicable to the whole set of personal data under its control, regardless of the way in which it was collected;
(iii) is adapted to the structure, scale and volume of its operations and to the sensitivity of the data processed;
(iv) establish adequate policies and safeguards based on a process of systematic evaluation of impacts and risks to privacy;
(v) has the purpose of establishing a relationship of trust with the holder, by means of a transparent action and that assures mechanisms of participation of the holder;
(vi) integrate its overall governance structure and establish and implement internal and external oversight mechanisms;
(vii) has incident response and remediation plans; and
(viii) is constantly updated based on information obtained from continuous monitoring and periodic evaluations.
We have that Corporate Governance systems have evolved over time, and are real living and dynamic systems, as they adapt and transform as the characteristics of the markets change, not only the Brazilian market, but also the legislation and market regulators recognize good Corporate Governance practices as an essential ingredient for companies´ success.
In addition, not only publicly traded companies see advantages from the application of good Corporate Governance practices. There is a whole movement of companies of reduced size in the sense of adopting good practices of governance to achieve the sustainability and sustainability of the business, with a view to the organization of all its sectors and areas.
In other words, the Brazilian market sees Corporate Governance as something capable of helping companies resist the passage of time and cross generations with the same health and with the same good momentum, which led them to be constituted.
Transparency, fairness, social responsibility and accountability are principles of Corporate Governance, but can be applied, without contraindication, in any sort of relationship: business, political and even personal.
Brazil also recognizes this holistic dimension of Corporate Governance, which takes the form of a behavioral and educational example not only of companies but of the main raw material common to all of them: the human being; endowed with flaws, ambition and aggressiveness, but that inserted in a transparent, sound and accountable environment is capable of surprising results, functioning as propelling agents and socioeconomic transformers.
We have evolved and are building in Brazil, through the dissemination and assimilation of good Corporate Governance practices, healthier and safer environments for doing business in the country, as well as professionals who are better able and able to face the challenges of everyday business in an environment globally integrated and digitized.
Good Corporate Governance practices translate into reliability, which creates credibility for companies, ensuring healthier and safer business environments in the country, as well as professionals who are better able and able to meet the challenges and ensure reputation and compliance.
Author: Renata Assalim Fernandes – Coordenadora das Áreas de Contratos e de Compliance do escritório De Vivo, Castro, Cunha, Ricca e Whitaker Advogados.
De Vivo, Castro, Cunha, Ricca e Whitaker Advogados