Examiners’ commentaries – May 2018

LWM80 Corporate governance and compliance

Comments on specific questions

Module A: Governance – legal and regulatory
framework
Question 1

Westhill Co. has recently undertaken a board effectiveness

review and, as a result, the CEO, Henry Bishop, is questioning
the effectiveness of the independent non-executive directors
(NEDs). Henry is concerned that many of the NEDs do not have
specific industry experience and may not understand the full
scope of the company’s current operations. Henry has
approached you for assistance. Advise Henry on the benefits of
having NEDs on Westhill’s board and some of the limitations
that NEDs face.

The response to this question can be found in Section 4.4 of the Study Guide.
The key points to note are that:

• Independent directors are less likely to be entrenched in office,

because their work on the board is only part-time and rarely the
principal source of their income.

• They have no incentive to allow the company’s executive officers to

behave in an incompetent or unmotivated way, and so are more likely
to insist on good job performance.

• Not being employed by the company, independent directors are

(presumably) less concerned with offending the company’s
management.

• Independent directors are compensated for their work, but only on a

part-time basis and, consequently, their conflict of interest over the
matter of compensation is less salient than in the case of executive
directors.

Candidates should have also cited some of the key authorities advocating the
use of independent directors (e.g., the Cadbury Report, the OECD Principles
of Corporate Governance, the UK Corporate Governance Code, etc.).

The limitations of independent directors are enumerated in a bullet-point list

at the end of Section 4.4 of the Study Guide.

Most candidates provided very good responses to this question.

 Corporate governance and compliance

Question 2

You act as a corporate governance consultant. Edward Bruce,

the CEO of Diagon Retail Ltd has informed you that Diagon is
considering an initial public offering (IPO) and would like to
improve its corporate governance. As part of this exercise,
Edward would like to propose to the company’s board that they
set up board committees. Advise Bruce on the purpose and
responsibilities of the board committees typically formed by
listed companies.

This was quite a straightforward question, the answer to which can be found
in Section 4.6 of the Study Guide.

Candidates should have described the purpose and responsibilities of the (i)
audit committee, (ii) the risk committee, (iii) the nomination committee
(which should have mentioned the issues surrounding the nomination of the
nomination committee members themselves) and (iv) the compensation
committee. A good answer would have also mentioned some of the
skepticism surrounding the effectiveness of compensation committees.

Most candidates provided very good responses to this question.

Module B: Compliance

Question 1

Critically discuss:

(i) the principles set out by the General Data Protection

Regulation (the “GDPR”) that should be followed by
organisations when processing personal data; and

(ii) rights and remedies that the GDPR gives to individuals

whose personal data is processed.

Very few candidates opted for this question.

(i) The key points to note are that the GDPR (Article 5(1)) requires that
personal data be:

(a) processed lawfully, fairly and in a transparent manner in

relation to individuals;

(b) collected for specified, explicit and legitimate purposes and not
further processed in a manner that is incompatible with those
purposes;

(c) adequate, relevant and limited to what is necessary in relation to

the purposes for which they are processed;

(d) accurate and, where necessary, kept up to date;

(e) kept in a form which permits identification of data subjects for

no longer than is necessary for the purposes for which the
personal data are processed; and

(f) processed in a manner that ensures appropriate security of the

personal data, including protection against unauthorised or

2
 Examiners’ commentaries – May 2018

unlawful processing and against accidental loss, destruction or

damage, using appropriate technical or organisational measures.

These principles can be summarised as: (i) lawfulness, fairness and

transparency; (ii) purpose limitation, (iii) data minimisation, (iv) accuracy,
(v) storage limitation and (vi) integrity and confidentiality.

(ii) The GDPR The GDPR provides the following rights for individuals:

(a) The right to be informed

(b) The right of access

(c) The right to rectification

(d) The right to erasure

(e) The right to restrict processing

(f) The right to data portability

(g) The right to object

(h) Rights in relation to automated decision making and profiling.

Candidates should have provided a brief explanation of each of these rights.

Very few mentioned all of these rights, however, and most forgot to mention
the right to restrict processing, the right to rectification and rights in relation
to automated decision making and profiling.

Question 2

You are a compliance manager at Tele5, a telecommunications

company. This morning you received an e-mail from Alisson,
suggesting that her colleague, Jane, has been receiving bribes
from the consultants that Jane hires to work on her projects.
Jane is a telecommunications analyst, whose work often
requires the engagement of consultants to conduct market
research. During the past two years, Jane has consistently
engaged only one consultancy firm - TeleData, which Alisson
alleges belongs to Jane’s sister. Alisson has sent you evidence
that appears to corroborate this. She has also sent you a print-
out, which she says she accidentally picked up from the printer,
and which evidences a GBP 1,000 wire transfer from TeleData to
Jane’s bank account.

(i) What factors will inform your decision on whether to

launch a formal investigation on the matter?

(ii) What factors will you need to consider in deciding

whether to conduct an investigation using internal or external
resources?

(iii) What types of issues should you consider when carrying

out such internal investigation?

Questions (i) and (ii) are very straightforward, and their answers can be
found in Section 5.4 of the Study Guide. The types of issues that should be
considered when carrying out such internal investigation can be found in the

3
 Corporate governance and compliance

materials referenced in Section 5.5 of the Study Guide (particularly the K&L
Gates memo). In particular, answers should have mentioned the following:

• The need to specifically identify the scope and purpose of the

investigation.

• The need to preserve relevant documents immediately after an

investigation is initiated.

• Making sure to maintain the privilege in order not to have some of the
company’s most sensitive information, including the findings and
report of the investigation, in the hands of regulators, litigation
opponents, and even competitors.

• Establishing reporting lines of authority and supervision if outside

counsel is involved.

• Taking steps to ensure that the relevant documents are preserved,

segregated and collected.

• Ensuring that interviews are carefully structured (e.g., starting off by

asking relatively open-ended questions of witnesses without direct use
of documents, in order to determine what the witness is able to
remember independently; memorialising the interviews in writing and
ensuring that they are privileged, etc.).

• Paying attention to structuring the investigation report carefully,

bearing in mind the likely uses of the report (e.g., by law enforcement,
regulators or private litigants).

Very few candidates identified these factors, which points to the importance
of reading the essential reading materials, and not just the Study Guide.

Module C: Bribery and corruption, money laundering

and terror financing

Question 1

Critically discuss the following aspects of the Money Laundering,

Terrorist Financing and Transfer of Funds (Information on the
Payer) Regulations:

(i) definition of the ‘relevant person’;

(ii) key elements of the policies, controls and procedures that

a company is required to maintain; and

(iii) factors that a company should consider in assessing

whether the enhanced or simplified due diligence measures
should be applied.

Very few candidates opted for this question.

(i) The ‘relevant person’ definition can be found in Regulation 8 (credit

institutions, financial institutions, auditors, insolvency practitioners,
external accountants and tax advisors, independent legal professionals,
trust or company service providers, estate agents, high value dealers
and casinos).

4
 Examiners’ commentaries – May 2018

(ii) These elements can be found in Regulations 19–24, and are

summarised in Section 3.3 of the Study Guide.

(iii) Regulation 33(6) lists a number of factors, including (a) customer risk
factors; (b) product, service, transaction or delivery channel risk
factors; and (c) geographical risk factors that might indicate that there
is a high risk of money laundering or terrorist financing involved, and
that therefore an enhanced due diligence may be appropriate.
Regulation 37(3) lists a number of analogous factors that would suggest that
a simplified due diligence can be conducted.

Question 2

Critically discuss the following aspects of the Foreign Corrupt

Practices Act:

(i) definition of a ‘foreign official’;

(ii) liability for third party payments; and

(iii) permissible payments.

Most candidates opted for this question. However, the examiners were a bit
disappointed with the quality of responses, given that the answers to all of
the questions could be found in the Study Guide.

In particular, very few candidates provided a correct definition of a ‘foreign

official’, which is in Section 2.2.3 of the Study Guide. Notably, this definition
does not encompass candidates for foreign political office, although the FCPA
does apply to corrupt payments made to them. Given that the question asks
candidates to ‘critically discuss’ the definition, candidates should have also
analysed the DOJ/SEC Resource Guide’s interpretation of this term and
provided their view on whether this definition is sufficiently broad (or
narrow).

Liability for third party payments is described in Section 2.2.4 of the Study
Guide, and permissible payments in Section 2.2.5. Permissible payments, in
particular, allow for some critical analysis, given that they are unique to the
US anti-bribery regime and are not part of, for example, the UK Bribery Act.
Most candidates provided a good critical analysis of permissible payments.

5
 Corporate governance and compliance

Module D: Regulated industries – compliance and risk

management in the financial sector
Question 1

Critically discuss corporate governance and risk management

measures that companies should put in place in order to avoid
the kind of governance failures that have contributed to the
recent financial crisis.

Most candidates opted for this question, the answer to which can be found in
the second part of Section 2.3 of the Study Guide. The key measures to
mention and analyse were the following:

• an experienced and independent chief risk officer leading the risk

management function;

• board’s intimate involvement in the risk strategy;

• board’s familiarity with the appropriate material risks, which have

been brought to their attention promptly;

• appropriate level of expertise on the board;

• appropriate degree of board engagement; and

• integration of risk as a core component of any performance measure.

Most candidates provided very good responses to this question.

Question 2

Critically discuss the European Banking Authority Guidelines on

the security of internet payments and whether, in your opinion,
the UK’s non-compliance with the Guidelines is likely to make
the UK more vulnerable to fraud.

Not many candidates opted for this question, the answer to which can be
found in Section 4.3 of the Study Guide and the accompanying reading
materials. A good response should have not only identified the key elements
of the Guidelines, enumerated in the bullet points in Section 4.3 of the Study
Guide, but also provided a critical analysis of the effectiveness of such
measures and the impact that the UK FCA’s non-compliance with them might
have on the UK’s payment service providers.