Exercise robust governance, risk management and compliance
04 IMPROVE SELL
Exercise robust governance, risk management and compliance
- All employees, suppliers and contractors must comply with our Code of Ethics, conducting business with integrity and in a responsible, ethical and sustainable manner.
Sound business ethics and integrity are core to the Group’s values and are fundamental for the success of our strategy. Melrose is a UK premium listed company with strong, established financial and non-financial controls that are continually assessed, tested and reviewed.
This robust framework is overseen by the Melrose Board and supported by an independent internal audit function, regular public disclosure and financial reporting, external audits, public accountability and conformance with leading benchmarks set by the UK Corporate Governance Code (the “Code”). It is also supported by investor requests and direct engagement with them and corporate governance and proxy advisors, and extensive engagement with the Group’s wider stakeholder base to ensure that best market practice is being implemented.
Melrose Board and Committees
The Board consists of four executive Directors, six Non-executive Directors (inclusive of the Senior Independent Director) and the Non-executive Chairman. Together, the Board brings a combination of skills, experience and knowledge to the Board that is complementary to the activities of the Company, and the Board is satisfied that there is sufficient challenge by the Non-executive Directors of executive management in meetings of the Board, and that no individual or small group of individuals dominates its decision-making. Biographies of the Directors can be found on our Board of Directors page.
The roles of each of the Chairman, the Executive Vice-Chairman and the Chief Executive of the Company are, and will remain, separate in accordance with the Code and Board policy.
The Chairman, with the assistance of the Executive Vice-Chairman, is responsible for leadership of the Board. The Chairman sets the Board agenda and ensures that adequate time is given to the discussion of issues in order to facilitate constructive discussions with effective contributions from the Non-executive Directors, particularly on those issues of a strategic nature. The Chairman, with the support of the Company Secretary, also facilitates constructive Board relations by providing accurate and clear information in a timely manner. Responsibility for ensuring effective communications are made to shareholders rests with the Chairman, the Executive Vice-Chairman and the three other executive Directors.
The Chief Executive is responsible for strategic direction and decisions involving the day-to-day management of the Company.
Alongside the Board, the Company has an Audit Committee, a Nomination Committee and a Remuneration Committee.
The Board has an overarching corporate governance framework to ensure continued alignment of the Board and Committee members’ roles and division of responsibilities with the Code, Melrose’s top-down Board and senior management risk oversight, and the business units’ bottom-up risk management responsibilities. Each member of the Board is provided with a copy of the Company’s corporate governance framework, which they review, discuss and update periodically.
Each of the Committees has its own written terms of reference. The Company Secretary supports the Committees in updating these terms of reference in order to comply with the Code and other good corporate practice. The terms of reference are continuously reviewed, although they are more formally reviewed on an annual basis in the Committee meetings. The terms of reference are available on our Committees pages.
Ethics and Compliance
Melrose Board and Committees
The Company’s Non-executive Directors are encouraged to, and do, scrutinise the performance of the executive Directors in all areas, including on strategy, risks and financial information, through their roles on the Company’s Committees, at the Board’s scheduled meetings and business review sessions, and on an ad-hoc basis. The Non-executive Directors come from a diverse range of backgrounds and as such are able to draw on their own specialist knowledge to give necessary guidance and advice, and to hold management to account.
In accordance with the provisions of the Code, consideration has been given to the independence of all Non-executive Directors. The Board considers all of the Non-executive Directors to be independent.
Upon Mr Justin Dowley’s appointment to the role of Chairman he was considered independent, and has strong shareholder support for his current tenure to 2023, which was extended in 2020 with the support of shareholders, in order to facilitate succession planning arrangements and the development of a diverse Board, as well as to provide certainty and stability through the pandemic. Ms Liz Hewitt is the appointed Senior Independent Director, and acts as an intermediary for the other Directors and shareholders. She will be succeeded in this role by Mr David Lis upon her retirement in May 2022. In accordance with the Code requirements, at least half of the Board, excluding the Chairman, comprises Non-executive Directors determined by the Board to be independent. The number of independent Directors on the Board also increased during 2021 with the appointments of Mrs Heather Lawrence and Ms Victoria Jarman as independent Non-executive Directors in June 2021.
The Non-executive Directors are not entitled to any cash bonus or shares under the 2020 Employee Share Plan, nor do they receive taxable benefits or pension contributions.
Succession planning continued to be an area of focus for Melrose in 2021. The Nomination Committee and the Board considered the leadership needs of the Group, present and future, together with the skills, experience and diversity needed from its Directors going forward. We recognise that succession planning is an ongoing process and is critical to maintaining an effective and high-quality Board.
Succession planning is coordinated via the Nomination Committee, which consists of Non-executive Directors only, in conjunction with the Board, and includes all Directors and senior management. It was a core focus in 2021 and as explained on page 89 of our 2021 Annual Report, the Board and shareholders approved the extension of Mr Dowley’s Chairmanship tenure in order to aid effective succession planning.
Succession planning arrangements for the Board as a whole were reviewed by the Nomination Committee and the Board. This included reviewing the skills set, tenure, diversity and independence of those already on the Board, and reviewing the Melrose senior management team, including the career planning and talent management programmes in operation for them. In each case this was to allow the Nomination Committee to ensure that the right balance of skills, experience and diversity were reflected and being developed.
Given the strength of Melrose’s decentralised operating structure in achieving the Group’s strategic objectives, the Nomination Committee does not have direct involvement in the succession planning arrangements of the divisions. However, the Nomination Committee has access to the divisional executive teams through the business review cycle.
The Code requires that FTSE 350 companies undertake an externally facilitated Board and Committee evaluation once every three years. The last external Melrose Board and Committee review was in 2020, for which the Company engaged Lintstock Ltd. The Company will again be conducting an external evaluation in 2023.
Whilst the Company is not required to undertake another externally facilitated Board and Committee evaluation until 2023, during 2021 the Company continued its ongoing internal review of the Board and each Committee, both internally within each of those bodies and with the Chairman of the Board and Chairman of each Committee respectively. As in prior years, the Company also conducted an evaluation of the Chairman of the Board’s performance. These evaluations were conducted and facilitated by the completion of questionnaires, and discussions at the applicable Board and Committee meetings, with follow-up actions taking place as relevant. Directors were also given the option for meetings to be scheduled with the Chairman of the Board or the Chairman of the relevant Committee about any relevant matters that they wished to raise as part of the ongoing review.
A range of topics were discussed as part of the evaluation including the mix of the Board, diversity of gender, race and thought, succession planning oversight, risk management and internal controls, strategic oversight, understanding of the views and requirements of key stakeholders, and the integration of sustainability into the Group’s strategy and operations.
Through presentations and regular meetings between the executive Directors, analysts and institutional shareholders, including those following the announcements of the Company’s annual and interim results and trading updates, the Company seeks to build on a mutual understanding of objectives with its shareholders and other stakeholders. During 2021, in addition to the usual disclosure rounds following the release of annual and interim results, the Company continued its programme of engagement with key investors and corporate governance bodies in respect of specific material topics, as well as open-agenda discussions between key shareholders and members of the Board. Engagement with key shareholders, proxy advisors, employee bodies, ratings agencies (including sustainability ratings agencies) and other governance bodies remains a central part of the Company’s approach to stakeholder engagement and governance.
Code of Ethics and Group compliance policies
The high standards of financial and nonfinancial controls, and strong governance backed by internal and, where required, external review of financial and non-financial compliance, are enforced throughout the Group. Directors, officers, employees, and contractors throughout the Group, whether permanent or temporary, and in respect of any entities over which Melrose has effective control, must comply with Melrose’s Code of Ethics and Group compliance policies, which reflect current best practice and strong corporate citizenship. Each business is required to communicate and embed the Code of Ethics and Group compliance policies within their operations and activities to ensure that they conduct business with integrity and in a responsible, ethical and sustainable manner.
The Code of Ethics and Group compliance policies, which can be found on our policies page, have been approved by the Board and include policies covering best practice with respect to anti-bribery and corruption, anti-money laundering, anti-facilitation of tax evasion, competition, conflict minerals, trade compliance, data privacy, whistleblowing, treasury and financial controls, anti-slavery and human trafficking, document retention, joint ventures, diversity and inclusion, environmental, and human rights.
During 2021, Melrose implemented new Environmental and Human Rights policies, and the Company also updated the Melrose Code of Ethics in light of key regulatory and legal developments and to align it with the new policies. The new policies and updated Melrose Code of Ethics have been fully implemented across all business units, and they (as well as all other Group compliance policies) continue to be monitored to ensure their effectiveness for the Group.
Implementation of the Code of Ethics and Group compliance policies is supported by risk assessments, audits and reviews and annual compliance certifications. Melrose strongly believes that policies and procedures are only as effective as the people who implement them. To that end, all of the above measures are backed by investment, resources and training.
Read more about our policies
Ethics and Compliance
We take a zero-tolerance approach to bribery, corruption and other unethical or illegal practices, and are committed to acting professionally, fairly and with integrity in all business dealings and relationships, within all jurisdictions in which we and our businesses operate. Melrose requires its businesses to adopt high governance standards, to ensure that the Group conducts business responsibly, sustainably, and in the pursuit of long-term success for the collective benefit of stakeholders. This is outlined in our AntiBribery and Corruption policy, which is implemented and administered throughout the Group, and available on our policies page. During 2021, no employees were disciplined or dismissed due to non-compliance with the Anti-Bribery and Corruption policy.
In line with our Anti-Bribery and Corruption policy noted above, Melrose prohibits party political donations. We also recognise that from time to time our Group may comprise businesses that engage in policy debate and advocacy activities on subjects of legitimate concern to their respective industries and key stakeholders, including their staff and the communities in which they operate.
Melrose runs a Group-wide whistleblowing platform, which is overseen by the Audit Committee and supported by the Melrose senior management team, and ultimately reported to the Board. The platform is monitored by the businesses’ legal, compliance and HR functions, with support from the Melrose senior management team. All employees have access to a multi-lingual online portal, together with local hotline numbers that are available 24/7, in order to raise concerns, confidentially and anonymously, about possible wrong-doing in any aspect of their business, including financial and non-financial matters.
The businesses take a number of actions to raise employees’ awareness of the whistleblowing platform, using online and offline media as appropriate. Employees who come forward with a genuine concern are treated with respect and dignity and do not face retaliation. During 2021, 103 whistleblowing cases were recorded through the platform (2020: 120)(1). This highlights the effectiveness of awareness campaigns together with the trust placed by employees in the whistleblowing programme. Each case is investigated confidentially by the business with appropriate response measures taken. Whistleblowing cases are regularly reported to the Audit Committee and ultimately to the Board.
(1) These figures exclude any whistleblowing cases received by businesses that were no longer part of the Group as at 31 December 2021
As set out in the Melrose Anti-Slavery and Human Trafficking policy, the Group has a zero-tolerance approach to any form of modern slavery. In accordance with the Modern Slavery Act 2015, Melrose publishes its own Modern Slavery Statement, which is approved by the Board annually and can be found on our website. Under Melrose’s decentralised Group structure, each business is responsible (where applicable) for publishing their own Modern Slavery Statement in accordance with the requirements under the Modern Slavery Act 2015, with support provided by Melrose where needed. This approach ensures that those senior managers closest to the business operations devise appropriate measures to ensure slavery is not present within their supply chains.
Melrose drives its businesses to implement employee training with respect to anti-slavery and human trafficking, to ensure that employees understand the risks and are prepared to take the required action if they suspect that modern slavery is happening internally or within the supply chain.
We are committed to acting in an ethical manner with integrity and transparency in all business dealings, and to create effective systems and controls across the Group to safeguard against adverse human rights impacts. The Group has a strong culture of ethics, which encompasses key human rights considerations and is set out in our Human Rights policy. The Group supports the principles set out in the UN Declaration of Human Rights.
Our businesses also implement effective and proportionate measures to identify, assess and mitigate potential labour and human rights abuses across their operations and supply chains. These include training, anti-slavery and human trafficking policies, employee handbooks and business-specific policies. All business-specific policies are reviewed locally within each business in order to ensure compliance with local laws and standards as a minimum.
There have been no violations reported on human rights by our businesses in 2021 or in the previous two years.
Melrose is committed to paying taxes that are due, complying with all applicable laws, and engaging with all applicable tax authorities in an open and cooperative manner. The Group does not engage in aggressive tax planning. The Group’s tax strategy is reviewed, discussed and approved by the Board annually. The Audit Committee periodically reviews the Group’s tax affairs and risks.
The Group has adopted a policy in respect of the prevention of the facilitation of tax evasion which has been implemented by the businesses, along with guidance on undertaking risk assessments and training to employees in relevant roles.
The Group does not reside in countries considered as partially compliant or noncompliant according to the OECD tax transparency report, or in any countries blacklisted by the EU, for the purposes of tax avoidance and/or harmful tax practices, per the latest lists released as at 31 December 2021.
Risk and internal controls
A key responsibility of the Board and Melrose senior management team is to safeguard and increase the value of the businesses and assets of the Group for the benefit of its shareholders. Achievement of their objectives requires the development of policies and appropriate internal control frameworks to ensure that the Group’s resources are managed properly and that any key risks are identified and mitigated where possible.
The Board is ultimately responsible for the development of the Group’s overall risk management policies and system of internal control frameworks and for reviewing their respective effectiveness, while the role of the Melrose senior management team is to implement these policies and frameworks across the Group’s business operations. The Directors recognise that the systems and processes established by the Board are designed to manage, rather than eliminate, the risk of failing to achieve business objectives and cannot provide absolute assurance against material financial misstatement or loss.
The Board is committed to satisfying the internal control guidance for Directors set out in the FRC’s Guidance on Risk Management, Internal Control and Related Financial and Business Reporting. In accordance with this guidance, the Board assumes ultimate responsibility for risk management and internal controls, including determining the nature and extent of the principal risks it is willing to take to achieve its strategic objectives (its “risk appetite”) and ensuring an appropriate culture has been embedded throughout the organisation. The risk management and internal control system is complemented by ongoing monitoring and review, to ensure that the Company is able to adapt to an evolving risk environment.
Internal financial controls and reporting
The Group has a comprehensive system for assessing the effectiveness of the Group’s internal controls, including strategic business planning and regular monitoring and reporting of financial performance. A detailed annual budget is prepared by senior management and thereafter is reviewed and formally adopted by the Board.
The budget and other targets are regularly updated via a rolling forecast process and regular business review meetings are held with the involvement of senior management to assess performance. The results of these reviews are in turn reported to, and discussed by, the Board at each meeting. The Group engages BM Howarth as internal auditor with additional support, as required, from Ernst & Young. A total of 42 sites across the Group were assessed by BM Howarth and Ernst & Young during 2021.
As was common across most large, geographically dispersed companies, COVID-19 disruption continued to present a number of challenges and limitations throughout the year due to restricted international travel and extended periods of remote working for many site-based finance teams. Further details about the additional assurance measures that were taken to mitigate the impact of COVID-19 disruption on internal controls during 2021 can be found in the Audit Committee report on pages 94 to 98 of our 2021 Annual Report.
The Directors can report that based on the sites visited and reviewed in 2021, there has been progress across the Group following the 2021 internal audit programme and that the majority of the recommendations presented in the internal audit report have been or are in the process of being implemented.
The Audit Committee also monitors the effectiveness of the internal control process implemented across the Group through a review of the key findings presented by the external and internal auditors. Management is responsible for ensuring that the Audit Committee’s recommendations in respect of internal controls and risk management are implemented.
Protecting information security and data privacy
Melrose strongly respects privacy and seeks to minimise the amount of personal data that it collects, as well as ensuring the robust and sufficiently segregated storage of any data that is held. Information security and cyber threats are an increasing priority across all industries globally, and like many businesses, Melrose recognises that the Group must be protected from potential exposures in this area, particularly in light of its scale, reach, complexity and public-facing nature, as well as the potential sensitivity of data held in relation to civil aerospace technology and controlled defence contracts
Ethics and compliance
Protecting information security and data privacy
The Melrose senior management team continues to work with the businesses’ executive teams and external cyber security risk consultants to track the Group’s exposure to cyber security risk and, to ensure appropriate compliance with the GDPR, mitigation measures are in place for the Group.
Melrose has deployed its information security strategy and risk-based governance framework to all businesses within the Group, which follows the UK Government’s recommendations on cyber security. This strategy has enabled risk profiling and mitigation plans to be developed for each business to mitigate and reduce their exposure to cyber risk in a manner that is adequate for their level of sophistication. This ensures clarity and consistency in the assessment of IT and cyber security matters across our diverse and decentralised Group. The progress of each business is measured against the information security strategy and is monitored on a quarterly basis.
The Board, supported by the Melrose senior management team, oversees the Group’s cyber security risk profile and, in line with our decentralised model, each business is required to protect their business and personal information, ensuring safe and appropriate usage of their IT systems and processes by their employees.
To mitigate the impact of external cyberattacks, the Melrose senior management team works with the executive teams of each business and external cyber security risk consultants to review each business’s cyber risk profile to monitor and drive continuous improvement actions. The results of this ongoing review programme are reported to the Board on a quarterly basis.
Through a hosted, externally auditable self-assessment process, each business is reviewed and reports on their compliance in key areas of cyber management incorporating disaster recovery processes and business continuity plans, cyber incident response plans, applications and database management including access controls testing, appropriate security products, policies and procedures, confirmation of appropriate change management processes for all businesscritical systems, IT inventory listings including all classified data to meet compliance with legal and regulatory requirements, monitoring and logging of all cyber incidents, physical environment access controls and network security, regular security training, and management of third party access control.
The businesses regularly perform internal and external testing of their perimeter defences through penetration testing, ensuring appropriate threat monitoring systems are in place. All of our businesses follow and work towards national and international business accreditations in varying aspects of cyber management where applicable and relevant to their business activities, including the UK’s National Cyber Security Strategy (“NCSS”), ISO 27001, and industry-specific NIST in the defence sector and TISAX in the automotive sector.
As part of Melrose’s overall information security strategy, IT security awareness training was provided by all businesses in 2021.