JOINT COMMITTEE ON ECONOMIC REGULATORY AFFAIRS debate -
Wednesday, 12 May 2010

We meet to discuss the findings of the Grant Thornton report on corporate governance review 2010 which examines the extent to which companies quoted on the main market of the Irish Stock Exchange comply with the compliance framework, the combined code on corporate governance. I welcome Mr. Paul Raleigh, Ms Sinead Donovan, Mr. Cian Blackwell.

Before we being, I draw the attention of witnesses to the fact that members of the committee have absolute privilege but this same privilege does not apply to witnesses appearing before the committee. Members are reminded of the long-standing parliamentary practice that members should not comment on, criticise or make charges against a person outside the House or an official by name or in such a way as to make him or her identifiable.

I invite Mr. Raleigh to make his presentation.

I will introduce my partners and colleagues. Ms Sinéad Donovan is a partner and heads up our public interest audit practice. Mr. Cian Blackwell is a partner in business risk services.

We thank the committee for its invitation to appear before it. The most recent Grant Thornton corporate governance review was published in March of this year. This is the fourth year we have published the review, which assesses the level of compliance of companies on the Irish Stock Exchange's main securities market with their compliance framework, the combined code on corporate governance.

The methodology of the report has not changed significantly in those four years. In the first two years of publication, the report received little attention outside of those with a pre-existing interest in the topic. Not surprising, however, in 2009, the third year of publication, the report received significant media and public attention.

Absolutely. It was mentioned in the Dáil and quoted in numerous articles in the national press. Some, if not many of the responses were unfavourable, suggesting that we were being too critical of governance standards. Our report contained a number of recommendations, including the suggestion that the key provisions of the existing governance framework should be incorporated into legislation, a suggestion that was subsequently incorporated into the renewed programme for Government.

In 2010, the latest edition of the report echoed and expanded upon our recommendations for 2009, and I will explain these recommendations in more detail shortly. A number of our key points from the most recent reviews have been echoed by the Financial Regulator in statements and in consultation paper CP41 on corporate governance requirements for credit institutions and insurance undertakings. These points include: those in relation to the balance and independence of boards; the role of the chairman and the clear separation between chair and chief executive; limits on the number of directorships which directors can hold in listed or regulated entities; more active involvement by boards in the risk management process; and the need to balance principles-based and rules-based regulation.

I will describe the scope and methodology of the review. The report covers companies listed on the main securities market of the Irish Stock Exchange at the time of their most recent annual report. This includes not only many of the largest companies in the State, but several companies with significant State shareholdings, including Aer Lingus, AIB, Bank of Ireland and Anglo Irish Bank, which was still listed on the ISE as of the most recent annual report available.

The regulatory framework for these companies is — aside from the Companies Acts which apply to all companies — the combined code on corporate governance issued by the Financial Reporting Council in the UK. Listed companies are required, under the ISE's listing rules, to make a statement as to whether they comply with the combined code and, if not, to explain which provisions they do not comply with. Sanctions for non-compliance with the code extend to censure of companies or directors and suspension or de-listing of shares, which is rare — in fact, I am not sure it has ever happened in an Irish context.

Corporate governance is not just a theoretical framework for how companies should ideally be run. It is a series of practical mechanisms, operating at board and management level, which aim to ensure that the shareholders, stakeholders and others with a vested interest in the performance of a company gain assurance that their interests are protected. For companies on the Irish Stock Exchange, these stakeholders include taxpayers, the State, the Government, those with pension funds, and institutional investors — in other words, virtually every citizen in the country. Consequently, the review covers a wide range of governance topics — directors and board composition, independence, sub-committees and so on. The review assesses the extent to which companies disclose compliance with important provisions of the code related to these topics.

One of the key findings in the 2010 report was that the number of companies reporting that they are fully compliant with the combined code has fallen. In the first two years of our review, around one third of companies claimed to be fully compliant. Last year, the number of companies claiming full compliance increased to around 50%; in 2010, the number dropped back down to 36%. This finding, predictably, received the most media attention. Although it may be interpreted as indicating that companies are now less compliant, an alternative explanation — that companies are being more transparent about their levels of compliance — seems more plausible.

We can say that, by and large, companies comply with the vast majority of the code's provisions. In fact, a report commissioned by the ISE and the Irish Association of Investment Managers reported "a high level of compliance by Irish listed companies with the code during the 2008 financial year". Considering all the individual compliance requirements across all companies, it is correct to say that a majority of compliance requirements are met. Nonetheless, it is still the case that only a minority of companies, by their own assessment, manage to comply with all requirements. Although the code is designed to allow companies to comply or explain, this was intended to allow companies to either comply with the exact requirement of the code or explain how they have implemented a governance mechanism better suited to meeting the needs of the company and its shareholders. The "explain" option was never intended to allow companies to opt out of complying.

Exacerbating this situation is what is arguably a failing in the code and the compliance framework for listed companies, in that there is no clear distinction between minor and major compliance requirements. Clearly, a company that is virtually compliant except for some minor disclosure items is in a different camp from a company that is 95% compliant but chooses not to have an independent board, or does not properly disclose how it manages risks in the business. Our research shows that some of the areas in which companies are not compliant are significant, such as not having an internal audit function or having issues with board independence.

With regard to independence, 23% of companies did not have a majority of independent non-executive directors for the full financial year. Added to this, many companies made it difficult to determine which directors were independent. In general, the quality of disclosures in Irish listed companies — and, to be fair, those in many other jurisdictions — could be significantly improved. Other principal findings from our review include the following: some 36% of companies did not disclose the terms and conditions of appointment of non-executive directors; one third of companies did not disclose appropriate evaluation of their chairmen's performance; 28% of companies did not disclose a clear division of responsibilities between chairman and chief executive; and more than half of companies did not state that any member of their audit committee had recent and relevant financial experience.

Based on these findings, we published recommendations. One of the key statements in this regard is that regardless of the regulatory framework, it is clear that it is the behaviour of boards — and, in particular, their leaders — that ultimately determines the corporate governance culture of a company.

Our review includes significant editorial sections highlighting the implications of the findings and incorporating our recommendations for change to improve governance among Irish companies. These recommendations fall into a number of areas, the first of which is the quality, structure and organisation of boards. A fundamental requirement of good governance is to have a board that is diverse but cohesive, balanced, and sufficiently independent, and which performs at an optimum level to ensure that the interests of the company and shareholders are protected. This requires a board that has a sufficient number of genuinely independent non-executive directors and sufficient skills and expertise to ensure that conflicts of interest between shareholders and management are properly managed. The results of our survey indicate that there is room for improvement in the levels of independence on boards of Irish listed companies, and that the level of essential skills — such as "recent and relevant financial experience", as required by the code — is either not sufficient or needs much better disclosure.

The requirement for a majority of independent members on the board should be mandatory, and regulators should have an active role in ensuring that boards contain members who possess all the required skills, particularly in the case of banks and other financial institutions. The oft-stated assertion that there are not enough appropriately qualified directors in the Irish market should be challenged, not least because the increasing exposure of Irish companies to international markets means that Irish companies should seriously consider the level of international representation on their boards.

The critical role of chairman is clearly defined in the guidance, and entirely distinct from that of the chief executive or any other director. The chairman is, according to the combined code, "responsible for leadership of the board, ensuring its effectiveness [in] all aspects of its role, and setting its agenda". This goes much further than the common misconception of the role, in which the chairman is responsible for little more than chairing board meetings. The chairman of a well-governed board should bear ultimate responsibility for the structure, composition, balance, organisation, and resourcing of the board, and for ensuring that it is effective in balancing the interests of the shareholders with the — often conflicting — interests of the executive management of the company. Given that a strong chair is vital to a successful board, the requirement to clearly separate the roles of chair and chief executive, so that they are occupied by different people with clearly distinct responsibilities and terms of reference, is essential for listed and regulated companies and should be mandatory.

Much of the regulatory framework is, as I mentioned previously, optional on a "comply or explain" basis. The suggestion that much of it should be made mandatory has gained acceptance in many quarters. However, overall there is not a lack of regulation in Ireland; if anything, there is a lack of compliance with regulation and a lack of enforcement and sanctions. There are now clear indications that there is an appetite for change and for increased enforcement; this is to be welcomed. In addition, there are multiple regulators involved in the regulation of listed entities in Ireland. Although this is not in itself a problem, it increases the need for clarity in the roles of the regulators and the expectations of how they will enforce compliance and sanction non-compliance.

Risk management and internal control are vital management-level governance mechanisms that should provide assurance that an organisation's strategic objectives are being met and its stakeholders' interests protected. Our report highlights the lack of detail in annual reports with regard to risk management and internal control. Events of the past two years have indicated that these processes are not adequately understood at board level. The Financial Regulator's consultation paper has suggested a requirement that boards set the risk appetite for the institution and monitor adherence to this. In the US, legislation requires that boards disclose significant details about their company's risks and controls, and certify that these controls are operating effectively. Ultimately however, regardless of the legislative requirements it is essential that boards understand the risks faced by their companies, and ensure they are properly disclosed.

In particular, the apparently prevalent use of standardised disclosure text, where the wording of the disclosures varies little year-on-year or even across companies seems to indicate that companies are more concerned about "checking-off" compliance requirements than providing detailed, relevant information to shareholders and other users of annual reports and this practice should be challenged.

The foreword to our 2009 report noted that "failure to meet the expectations of the global markets will ultimately destroy the trust of international investors in Irish listed companies". Our 2010 report reinforced this point and noted that "we need to be a leader in the development and enforcement of standards both in listed companies and public interest bodies such as state companies". It is clear from reading the international press that governance scandals in Ireland, coupled with the severe downturn in our economy, have caused our reputation in international markets to suffer. The role of the Legislature in addressing this should, we believe, lie in strengthening our regulatory environment to ensure that Ireland not only catches up with other jurisdictions in the EU and further afield, but moves ahead. This can only be done by putting in place the governance mechanisms that achieve this goal without damaging our companies' competitiveness in international markets, and putting in place a regulatory framework focused on monitoring compliance and enforcing it with strong and effective sanctions.

The combined code on corporate governance is due to be renamed later this year as the "UK Corporate Governance Code" highlighting the fact that Ireland, exceptionally in the EU, lacks its own specific corporate governance code for listed companies. This is a unique opportunity for Ireland to establish our own corporate governance framework, and establish the country as a standard bearer for international corporate governance, for the ultimate benefit of shareholders and the economy.

I welcome Mr. Raleigh and his colleagues and congratulate them on the report and its presentation. It is succinct and its language is clear and unambiguous. Very often in our game we have to wade through vast amounts of documentation so it is good to see a report that is clear in what it seeks to do without any ambiguity.

I believe the last paragraph of the submission probably sums up the culture that exists in this country. Do I understand there are plenty of codes — a vast quantum of code — which one can follow and buy into but are not necessarily backed up by a legislative framework in regard to corporate governance in this country?

In the first paragraph on page 3 of the report Mr. Raleigh states:

We believe this situation gives rise to the lack of a clear unified framework for companies to follow, potentially overlapping lines of responsibility among regulators and the perception of potential conflicts of interest. The Stock Exchange, for example, is currently being asked to market the exchange, retaining existing companies and attracting new companies to its list, while also being required to monitor and ensure compliance with the combined code.

Therefore the combined code exists. It seems to me that the culture of compliance as it pertains to the vast bulk of companies seems to be quite strong but there still is a lag. Do we need a more august body of legislation to ensure 100% compliance, bringing about a sea change in the culture and a change in the perception abroad of Irish companies?

I will take the first question and will ask Mr. Cian Blackwell to take the second question. Regarding the combined code, we mentioned in the report that there is no distinction between significant issues such as, for example, where the posts of chief executive and chairman are filled by one person. Who does what, if that is the case? The evidence to date would suggest that people may not like this but very little happens about it. Therefore, one of the things we called for is, not over-legislation but the taking of some key provisions such as that of separation of the roles of chief executive and chairman and legislating clearly so that those rules are made mandatory. I hope that addresses Deputy Sherlock's second question.

I call on Mr. Blackwell to answer about the number of codes and how that is dealt with.

The distinction is often made between principles-based and rules-based frameworks, as the Deputy will be aware. Our framework is very much principles based. The Financial Regulator made the point that we need to move beyond the whole principles and rules issue and adopt an appropriate balance between the two. There are some things that can never be legislated for and so there must be principles to cover them. Whichever regulator is associated with these needs to step in and ensure those principles are adhered to. There is a strong need to boost the legislative provisions, as Mr. Raleigh mentioned.

The Deputy mentioned multiple regulators and quoted from our report in that regard. There is no inherent problem in having multiple regulators as long as the scope of what each one does is clear and as long as the regulations that exist are monitored, compliance with them is monitored and enforcement takes place if there is non-compliance. That is critical.

That is very clear. In regard to the public interest entities — the first time I have heard them referred to in that way is in the blurb — we might look at page 23 of the report on audit committees, in particular, on Anglo Irish Bank. I do not know if the delegates have looked at Anglo. I believe there is a reference to it as being covered. It was nationalised at the time so I am not 100% clear whether it came under the ambit of the report. We had a member of the audit committee of Anglo before this committee at one stage——

Internal audit. I just want to get a sense of the distinctions between competences. If recommendations for passing particular loans are made, for example, and the internal audit committee declares the loan represents a risk to the overall entity should there be clear rules about legislating for that or is some degree of flexibility needed? The loan might be passed up the line with the board subsequently agreeing to its being slipped through because it needs to go through.

What struck me when we were examining the culture within Anglo was that there was a fluidity across all competences, from chief executive down. Although it is only one company there may be a perception that this culture pervades many other companies, especially in the banking sector. Should there be clear, legislated-for rules or some code for cases where there is an inherent risk, where an internal audit committee says there is a risk to the overall entity if a particular loan is passed or a certain decision is made, even when officials feel they are acting in good faith?

I shall ask Ms Donovan to come in on this topic. The issue of risk is highlighted in the report. It is the job of the board to assess the appetite for risk. We stated there is a need, therefore, for the board to disclose in its annual statements the level of risk it is taking and what it is doing to ensure the risk is being managed. There is a contrast with the USA in this regard which may address the concerns of the committee. In the USA, the SEC, the Securities and Exchange Commission, requires a company to do far more work in respect of risk assessment. I call Ms Donovan to make a comment in this regard.

From a regulatory framework this is probably the area on which to focus. In the USA, boards are required to authorise that risk is appropriate to their companies and that the controls they have put among those risks are operating effectively. On top of this, the auditors review those controls and sign off on whether those controls are effective. I am not professing that this would catch everything but it is an added layer that could give comfort to shareholders and the public. In Ireland at the moment it is the responsibility of the board to ensure the risk matches the level within a company, but no one is attesting to that and no one has been asked to attest to that.

I refer to page 4 of the delegation's submission which states, "The often-stated assertion that there is not enough appropriately qualified directors in the Irish market should be challenged, not least because the increasing exposure of Irish companies to international markets means that Irish companies should seriously consider the level of international representation on their boards". What does the delegation mean by that?

If I could use what has been quoted, there are too few people on too many boards. That is the criticism. There is simply too small a pool of people filling the roles of independent non-executive directors on boards in this country at the moment. This in itself causes or multiplies the risk of independence and such issues. One defence of this position has been that, as a small island, we do not have the necessary pool of talent. We were surprised by that argument and given the fact that most Irish companies of any size are predominately internationally based, we believe it would make very good sense to use international expertise, if those companies believe the expertise is not here in this country. If the sole requirement to fill a position is the competence of the director, then we challenge the claim about the lack of numbers. However, if the criteria are competence and connections, then it becomes somewhat more difficult.

It is pertinent to make that statement in this hallowed institution. The culture in this country is very much about connectivity, inter-relationships, who one is and who one represents and I am unsure how one could legislate for that. I imagine it is rather difficult to put in place a rules-based structure because it is very subjective.

The regulator has remarked on the possibility of having minimum competence and legislating for restricting the numbers of directorships a person could hold. Shareholders and their interest groups should be more vocal and active in this regard and in making their views known about the competence and the level of independence on boards.

I welcome Mr. Raleigh, Ms Donovan and Mr. Blackwell. I refer to the compliance framework and the combined code on corporate governance. My interpretation is the delegation believes there should be a specific legislative basis for this in Ireland as in the UK. At present, listed companies in Ireland come under the Irish Stock Exchange combined code. However, the delegation seeks something on a legislative basis in Ireland effectively incorporating that. Is that correct?

If we wish to be a standard bearer we may need to look past Europe. The US is criticised for the SEC approach which some deem to be too onerous. However, there is an opportunity for us now to take the best of what is in the UK and continental Europe and the best of what is in the USA and try and frame something which is best in class but which is also designed to meet the requirements of the Irish economy and Irish companies.

Internationally, the combined code is seen as one of the better examples of a governance code and it is widely used as the inspiration for governance codes. For example, the Hong Kong code was largely based on it. We should not throw away the combined code, which contains several very useful points. However, the point we are making is that we should tailor it and add some of the points referred to by the Financial Regulator in its consultation paper and various other points as necessary. There should be a consultation process for that. As Mr. Raleigh stated, putting part of it on a legislative footing with the remainder as a principles-based code is essential.

The delegation will appreciate that the banks have been a significant feature in our consideration of this area. I note from the delegation's report that the four banks listed were covered. There is reference to the boards and their independence and to the defined role of the chairman and the chief executive and the differentiation between these two roles. There is also reference to the remuneration committee, audit committees, denomination committees and the use of the AGMs and so forth. Based on the review of the banking sector in particular, does the delegation believe that in many cases the board simply rubber stamped decisions of senior management and that there was not enough of an independent overview by the chairman and the members of the board?

Before the committee met, I took a cursory look at the corporate governance statements of the four banks, namely, AIB, Bank of Ireland, Anglo Irish Bank and Permanent TSB. They all appear to state that they have complied with the combined code on corporate governance and that they met all criteria.

I refer to the case of Anglo Irish Bank and its remuneration committee. The combined code states that membership of the remuneration committee should be made up of at least two independent non-directors and that in addition the company chairman may also be a member of but not chair that committee if he or she is independent and appointed as chairman of the board. However, upon examination of the remuneration committee membership at 30 September, I find Seán FitzPatrick who had been the former chief executive of Anglo Irish Bank and was the chairman. I expect he would not have been regarded as independent when appointed chairman of Anglo Irish Bank. Will the delegation provide a comment in this regard? How could one sign off on corporate governance requirements under the combined code when the remuneration committee does not appear to comply.

Ms Donovan referred to internal controls. I note that for audit requirements in Ireland, the auditor is not required to consider whether board statements should cover all risks and controls. Do I understand correctly that this is not the case in the USA and that companies there are required to examine that area? Would the delegation prefer if this area were tightened up and protection was afforded in this area? Does the delegation believe there should be proper rotation of the independent directors? Should there be a maximum period for the term of office of the CEO of a financial institution or the chair of a board? The report is very practical.

I know from where the delegation is coming. It has given us a framework in terms of corporate governance which I understand will take key elements that are required to be put into legislation and in, essence, would be the principles. There would then be a code from the point of view of corporate governance which is there, in an Irish context, to examine an Irish situation. I ask the delegation to deal with those points.

I ask the delegation to address the issues of the remuneration committee of Anglo Irish Bank, internal control and risk, in terms of the board, and how improvements could be made to ensure the board takes more control. Does it believe that there was not enough probity on the part of the boards of the four banks quoted on the Stock Exchange which the delegation covered and in many cases they were rubber-stamping the decisions of management?

I will deal with the issue of rubber-stamping. A good analogy is to consider the board and management in terms of an hourglass, where the board is at the top and the management underneath, with some critical points of connection. The main point of connection between the board, which should set the tone and risk appetite for a company and monitor the situation to make sure management are staying within the rules, is the chairman and chief executive. If something blocks that channel and the information is not moving up to the board, the board has no way of assessing whether the risk appetite which it has dictated is being met. In that respect, there are some structural issues which one needs to have right. One needs to have a structure which allows information to go up. One also needs a board which understands the risks, not just in an Irish context. If one examines some of the corporate failures globally, it is clear that directors of very large companies, such as Lehman Brothers and others, did not understand the risks.

There is a structural issue and an issue about making sure one has the competence at board level to understand the risks. There is no clear answer on whether the boards understood what they were doing or what they rubber-stamped. One has to ask if something was wrong in the structure of how the information flows. If the chief executive and chairman are not independent, one is less likely to get the information moving up to the people who have to make the decisions. It is critical and that is why we have homed in on that point and the role of the independent chairperson. It is a complicated question. If the pitch was set out in such a way that they could never have understood, it is more likely to leave one with a wrong decision, as is the case if one does not have the competence on the board, another issue which we have addressed. I have not answered the Deputy's question directly but I have informed him of two things that if one does not have right, one will be unlikely to get the right answer.

The nature of the "comply or explain" basis for the compliance code is frequently not particularly clear. It was originally intended, we understand, to encourage companies to comply or describe how they put in place a governance mechanism which is as least as good or better to make sure that the governance objectives are still met. There seems to be evidence in many cases that companies are using the procedure to comply or not to comply and as long as they disclose that in the annual report, nothing happens. That is a misinterpretation of the objectives of the compliance code. There are examples of such companies — the Deputy referred to Anglo Irish Bank which has not been strictly compliant with certain provisions of the code — and that is disclosed or implied in the annual report.

Has anything ever happened? It was a disaster. The former CEO and the current chairman were on the remuneration committee. The CEO was also on the nominations and successions committee. In effect, it was a one man band. One person controlled every angle. The corporate governance statement and the auditor's report refers to it. Yet, it strikes me that the "comply or explain" procedure has no teeth. It makes no sense and makes a joke of the system.

In terms of statutory accounts, we have to find a mechanism whereby the ordinary person can go into a set of accounts and dig. Should something of this nature be put on a statutory and legislative basis for Ireland to deal with remuneration committee, audit committee, boards and nominations committees? Is there a case for shareholders having an entitlement, under company law, to bring a board of directors before an EGM and make it easier for them to call an EGM on specific issues? At the current time they require 75%.

How can one develop a mechanism whereby we have a functioning market-led system while not having the former CEO, Mr. Seán FitzPatrick, and the current chairman on the remuneration committee and the nomination and succession committee? It is the nub of the situation in Ireland. What do we do?

The issue is that investors are meant to do the job of the regulator. If one is not complying and explaining the situation very well, something is wrong if people still want to invest on one's company. If one is not going to have rules, one would hope that people investing in the company do the scrutiny. That also seems to have failed. There is a question mark over it. Many investors are large companies, which is another issue.

With due respect, many small investors were in Bank of Ireland, AIB, Irish Life & Permanent and Anglo Irish Bank. They were deemed to be gilt-edged. The combined code on corporate governance is fine, but it is slightly aspirational. If the banks are able to word their corporate statements cleverly, they can explain rather than comply. How do we reach a situation in which there is a large amount of compliance and a small amount of explaining?

One of the Deputy's questions was on the difference between internal controls in the US and Ireland. I will answer that in two steps, as it addresses some of Mr. Raleigh's points.

In the US, the CEO must sign a representation letter to the Securities and Exchange Commission to state that all the risk controls in the company are operating effectively.

The CEO and certain key members of management, such as the CFO. The difference is that it is specified in legislation. That is why we see pictures of those people being led away in handcuffs if they do it wrong.

In addition, the auditors, under the Sarbanes-Oxley Act 2002, must examine the level of controls and sign off an attestation statement that those are operating effectively——

If the logic and culture of a business is proper and right, it is not such a burden for it to have to go through the proper routes. Under the principles-based approach, it was assumed that principles-based people were operating the companies across the board. That was the case not only in Ireland but in other places. The principles-based system is an ethical thing, and if a business does not have ethics, it needs to have rules. A proper combination is needed, and in Ireland we did not have enough rules. How big a problem is that?

I totally agree that Ireland must produce its own set of rules, and go a step above everyone else. Our reputation is damaged. One way to deal with that is to have our own rules, but we have to show clearly that they are better, and set a higher standard than what is out there.

How big is the problem? Some of the percentages the delegates have shown us are quite high, although I admit I have not read the Grant Thornton report, so I am not aware of how serious that is. The report states that 56% of non-executive directors do not have relevant financial experience. That is extremely high. Do they have other experiences that make them right for that company?

It should be, and it should not be difficult to do that. We have produced in the report a simple framework that clearly indicates how companies could disclose, for example, the level of independence of their directors.

There is a debate on process. A good process allows for and protects good communication. If one does not put in good process, one is unlikely to get a good result. One lesson we should learn from all this is the importance of good process. Jurisdictions in which good process has been followed, such as Canada, do not have the same level of problems.

With due respect, regarding regulation, Canada imposed much higher capital ratio requirements for banks. It was far more prudent.

In the US, people involved in the banking scandal have been brought to account. How many of those people were prosecuted in relation to the level of risk that was taken under the requirements of the US stock exchange? There was far more of an onus of accountability on the officers in financial institutions than there is here. I ask Ms Donovan to expand on that.

I do not know the exact numbers, but there is a legislative requirement in the United States that the CFO, for example, signs off the declaration that all controls are made. If he or she is seen to be incorrect in making that statement, there is the ability to press charges. That is why, as I said, we see the pictures of people being led away in handcuffs. That is not always the reason, but that is one of the sanctions that exists. That is the key difference between Ireland and the US at present. It comes down to a debate on the principles-based approach versus the rules-based approach, on which Mr. Raleigh commented.

On the issue of the principles-based and rules-based approaches, it has become apparent that we need to make some changes to our approach. That has been examined and discussed in Ireland for a number of years, but nothing was happening. I think I am right in saying that. Prior to any of the scandals, the issue was being considered, more by the accountancy bodies than anyone else, but there were no moves to do anything about it.

In Ireland's case, bringing in more rules will not alone solve the fundamental problem of the way in which business is done. We need more guidance on principles and what we expect from people who operate companies in Ireland. We need to decide whether that is a job for legislation or for other bodies to deal with, and whether it needs to be done.

One would imagine that the principles we expect from a company should be basic common sense, but in the current situation we might have to make those clearer. If people are not disclosing the basic stuff, there is something wrong.

Are the investors watching the situation? Do they not demand more disclosure? I am surprised that people will invest money in companies that are not disclosing information and are completely wrong. We should ask who is making decisions about investing people's money. They are not doing their job, regardless of any rules or regulations.

If people invest their money in insurance companies and pensions companies, and they in turn invest it in other areas, there is a responsibility to invest it properly. There seems to be a cosy relationship in some cases.

How do the figures for compliance with the code and so on, and the quite high percentages that I have noted, compare with other countries such the UK that operate on a principles-based rather than a rules-based approach? Are we on the same level? Does Grant Thornton have those comparisons?

Regarding the ratio of compliance to explanation, I understand the delegates' interpretation that the code on corporate governance means a company would try to go above rather than below the level of compliance. However, I believe most companies would read it as meaning they should explain why they cannot achieve that level. We need to fix that. There is nothing to guide companies towards interpreting the code to mean they should do better on compliance. The investors might ask them to do better, but it is not written down anywhere. It is the other way round — it is assumed that companies just need to explain why they could not meet all the requirements.

The report states that some non-executive directors do not have the relevant financial experience. They do not always need that, but we want them to have experience in the area of business in which the company operates. Mr. Raleigh said earlier that a lot of companies appointed non-executive directors for their contacts. I know the delegates were not referring to political contacts but to access to other markets or people to bring business to the company. The non-executive director is meant to be in place for the shareholder to watch and see that things are done right. Are non-executive directors being used to that end? Is the logic behind appointing them completely wrong, or is it wrong only in some cases? I presume the non-executive director is a person in whom the shareholders are meant to have faith and trust to do the right thing on their behalf. Is there something wrong with the way in which they are appointed?

I understand the audit committees were investigated. I presume such committees are mainly made up of non-executive directors? Has this been the case, or is there a problem in that regard?

My colleague dealt with the remuneration commitments made by one company. What is the position in the majority of companies examined? That is a key issue. Is it fair to say many companies have nice written corporate statements but that they are not enforcing them in practice? Is that common? If a statement runs to three or four pages, frequently something is wrong. Is that just a problem here, or is it a common one? Do we have to change mindsets? The delegates have said the results show there is room for improvement. Are they being nice and is there room for a good deal of improvement? How serious is the issue?

As a committee, as most of my colleagues have said, we can probably take on board the final point made. We will have to take drastic action to change our reputation. The presentation has been very useful in focusing minds on the issue.

A significant amount of investments are made by international pension funds. When investors look at Ireland, it is important that they have confidence that it is a safe place in which to invest. It is critical that we get this right, as the last thing we want is for international investors to turn off the switch and not to look at Ireland at all. I, therefore, suggest investors will play a more active role.

The second question was related to the situation of other countries and our levels of compliance. Perhaps Mr. Cian Blackwell will respond to it.

Our colleagues in Grant Thornton in the United Kingdom produce a similar report based on the FTSE 350 and the listed companies and many of the same questions are being asked. It is the same compliance framework — the combined code — that is being used. They found that in a number of areas the levels of compliance were higher. For example, at around 50%, the number of companies which claim compliance with the combined code is higher here where the figure is 36%. It is not a stellar performance by any means but it is still somewhat higher than the figure here. Many of the more detailed results are about the same — some are higher, while some are lower.

Research was carried out by the Association of British Insurers a couple of years ago which showed a strong correlation between share price and good corporate governance. That is useful research. There are some very clear data linking good corporate governance practices with long-term share values.

On the issue of financial expertise, probably one of the most quoted requirements in the combined code is recent and relevant financial experience. Our finding is that only 44% of companies disclosed which person on the audit committee had the required experience and expertise. That does not necessarily mean that there were not people with expertise but that the company was not disclosing the information. The Deputy is correct in saying that more than this is required on a board. However, that is all the combined code requires, but for a board to operate properly and meet the requirements of shareholders and the company, there should be a balance of skills. That is absolutely essential. The role of a non-executive director is to protect shareholders' interests. That is the reason the combined code requires not just a majority of non-executive directors but that independent non-executive directors protect shareholders' interests.

There are companies which do not have the required majority of independent non-executive directors. To make matters a little worse, to find out which companies provide for the right level of independence, one needs to look through many pages of annual reports to find the information.

The Deputy mentioned the provision of guidance for companies. That is a good point. We say in our report that in many cases there is a need for more guidance for companies. There are a number of suggestions on how companies could improve the information they give to shareholders and their disclosures. That is what this is all about — giving the right level of information to shareholders in order that they can make informed investment decisions and that the people who have a vested interest in this — taxpayers and anyone with a pension fund — can get the information they need.

Effectively, there is a weakness in the system. Would there be merit in relaxing the requirement in order that shareholders could call an EGM in respect of actions taken on the part of the board in the case of a shareholding of less than 75%? Am I correct in saying that in the United Kingdom there is more latitude? How would this be viewed? If a proper job was being done, there would be no need to call an EGM and if one was called, effectively, it would be a form of control and one should have nothing to worry about. The company structure comprises the chairman, the chief executive officer, the board and the audit committee. Looking at the banking system in Ireland, the cost to the taxpayer is horrendous. Equally, many small investors in the banks have lost their life savings and pension funds. It has been said when one invests in the stock market, one takes a risk. However, many elderly people invested their pension funds in the banks. Is there a need for reform, therefore, in the way boards can be held accountable to shareholders?

The point the Deputy O'Donnell made is very valid. If the company is being run well, there is nothing to fear from lowering the threshold. It is not something we have examined in detail. On the other hand one cannot leave oneself open to having spurious claims given the cost. Essentially it is a very good point. In trying to come up with something that is better, anything that can improve the level of communication should be done. It is clear that non-professional investors did not understand the risk of where their money was invested. Anything that will bring clarity and better understanding so that people are prepared to take or not take the risk is worth considering.