Exclusive Q&A on Corporate Governance with Mark Innis

What are the main regulators and legislations that apply to corporate governance in your jurisdiction?

The primary law that governs companies is Law No. 40 of 2007 on Limited Liability Companies ("Company Law"), overseen by the Ministry of Law and Human Rights, however it is critical to assess other laws in the relevant sector as Indonesia has a tendency to mandate governance by sector.  For example public companies are governed by Law No. 8 of 1995 on the Capital Markets ("Capital Market Law"), overseen by the Financial Services Authority or Otoritas Jasa Keuangan ("OJK").  Sectoral regulation by government agencies and instrumentalities is more pervasive and in particular banks, insurance and other financial sector companies, public companies, securities company and other capital market companies must also comply with regulations issued by the OJK and listed companies also must comply with the listing rules of the Indonesia Stock Exchange ("IDX"). 

The National Committee on Governance from time to time issues a Code on Good Corporate Governance, which is non-binding in nature; however the committee has not been active recently. 
In addition to the general legislation, other laws and regulations for certain specific sectors (such as banking, insurance, and multi-finance) provide detailed compliance requirements for those sectors, or guidance on good corporate governance.
 
The OJK/IDX regulations and rules are detailed and require audit committees, non-affiliated directors, and independent commissioners, limitation on the number of board positions that any one person can hold and fit and proper tests for shareholders, boards, experts and even expatriates in most of the regulated industries.  The regulations and rules also deal with conflict-of-interest transactions, material transactions and conservative processes for major corporate actions for public companies, and for other regulated companies, such as banks and other financial institutions, the manner and regularity of board meetings, the committees that must be established (risk, investment and audit).
 
The OJK/IFC have issued "The Indonesia Corporate Governance Manual", which consists of 500 pages, and the OJK expects companies regulated by it to comply with the manual.
 
Can you summarise the notable trends relating to strategy formulation, risk oversight, performance evaluation, succession planning and shareholder engagement?
 
With the advent of the ASEAN Economic Community ("AEC") and increasing competition and a market slow down/uncertainties, boards have had to focus on strategy and for many in ASEAN this has establishing operations in other countries. Regulators have also focused on risk oversight whether compliance generally or specifically such as foreign debt hedging and liquidity.  So there has been a substantial shift in the past few years.
Succession planning and talent management are only emerging concerns and in the absence of such planning this has opened the door to third parties to get equity in family owned companies (if which there are many in Asia). On the other hand second and third generation family owned companies are seeking greater engagement with consultants and advisers to formulate strategy, in particular focusing on long term gains.
 
With cyber security currently placed high on the corporate governance agenda, can you outline the different models companies are adopting to mitigate risks?
 
Expenditure on IT systems is not as high as it should non-financial institutions and often off the shelf security is bought or there is a drift to cloud providers.  Key due diligence is required by boards and IT departments on what they are sourcing and getting.
 
In regulated sectors, regulators such as the OJK are stepping in to ensure that there is a higher degree of knowledge and due diligence especially where third party providers are used.   New regulation on data privacy in 2016 is likely to bring the issue to the fore.
 
Boards must know what their systems are, what are their vulnerabilities and update systems as well as ensure there is insurance coverage and plans in place in case of a data breach. Boards should ensure staff training on web security as no matter how good the systems are it is invariably staff usage where the systems can break down.
 
Can you outline the advantages and disadvantages of separating audit and risk committees?
 
While generally it is regulated sectors and public companies that are required to have these committees, for larger companies having such committees can play a valuable role.
 
The audit committee is primarily responsible for ensuring accounting governance, and plays a distinct role from a risk or investment committee. So the audit committee essentially would have oversight of what the investment/risk committee may have done.
 
While an investment/risk committee may slow down decision making, it should ensure that the right decisions are made - e.g. the business team that has spent so long on a deal and would be keen to execute the deal, may not take into account long term market trends.  We experienced this in early 2015 with oil & gas service company deals, and the investment/risk committee wisely pulled the deals.
 
Are you witnessing any trends in investment strategies?
 
In 2016 caution seems to be the game plan, with boards being very careful about debt, restructuring balance sheets and over extending themselves.  So longer term planning seems to be a key investment strategy.  Although this has had a tendency to delay decision making and slow deal making down.
 
Many listed companies are very aware of reputation and there is an increase in corporate social responsibility activities to ensure that the image of the company is improved and does not get tainted.
 
Shareholders' activism is minimal and shareholders investment strategies have less of an influence in Asia in how companies are managed and what strategies a company may adopt.
 
What are the most common governance mistakes that firms make and how can they be avoided?
 
Enforcement in Indonesia is lax given government resources and IT systems (although the latter are getting better).  Consequently regulators rely on whistleblowers, which may be disgruntled employees, joint venture partners or competitors.  As a result local country teams have a tendency to stray too far - whether on general compliance deliberating or through ignorance.  One key area for foreign investors is undertaking activities that are not in compliance with approved business lines ("our competitors do it so why can't we?").  Instituting upfront systems check and balances and fully understanding what can and cannot be legally done is paramount and periodical monitoring and training is essential.  MNCs should be careful that the lack of compliance in emerging markets can result in the biggest headaches and non-compliance issues.
 
In an ideal world what would you like to see implemented or changed?
 
In Asia generally there should be greater enforcement to create a level playing field, as well thought through governance policies.  Good governance policies exist in cities like Hong Kong and Singapore but need to be more coherency throughout Asia.  Coherent and consistent policies, and in certain areas, is one of the goals of the AEC, and there is a semblance starting to occur.  This will result in more common corporate compliance/governance,  allow boards to have easier and more common compliance programs - as certain areas become more streamlined.

Mark Innis is a Foreign Legal Consultant in the Corporate & Securities Practice Group of Hadiputranto, Hadinoto & Partners, member firm of Baker & McKenzie in Indonesia. Mark specialises in mergers and acquisitions as well as advising on international joint ventures, competitive bids and private sales, disposals of private and publicly listed companies, and major mergers and corporate restructurings. Mark's industry focuses are media/telecoms, plantations, insurance and real estate.

He has been consistently ranked as a leading lawyer by the leading legal directories, such as Chambers Asia, Asia Pacific Legal 500, IFLR1000 and AsiaLaw Profiles, for several years. 

Mark can be contacted on +62 21 2960 8618 or by email at mark.innis@bakernet.com