What Every Board Should Learn Before the Regulator Acts

now

 

Regulatory action often dominates headlines. Licenses are revoked, sanctions imposed, and institutions are publicly scrutinized. In the aftermath, attention naturally turns to the regulator’s decision, the legal consequences, and the immediate impact on customers and investors. Yet these events raise a more fundamental question: what happened long before the regulator intervened?

A recent action by the Central Bank of Nigeria (CBN), resulting in the revocation of the licenses of several microfinance banks, serves as a timely reminder that regulatory intervention is seldom the beginning of organisational failure.

More often, it represents the final stage of governance deficiencies that have remained unaddressed for months or even years. For directors, the lesson is unmistakable. The most effective boards do not wait for regulatory scrutiny before asking difficult questions; they cultivate governance practices that prevent such scrutiny from becoming necessary.

At the heart of this discussion lies an important distinction between corporate governance and regulatory compliance. These concepts are closely related, but they are not synonymous. Compliance concerns adherence to laws, regulations, and supervisory requirements. Governance, however, extends much further. It encompasses the systems, values, leadership, accountability, and oversight that shape how an organisation is directed and controlled.

An organisation may comply with regulatory requirements and still suffer from weak governance. Conversely, organisations with strong governance cultures are generally better positioned to sustain compliance because ethical conduct and sound decision-making are embedded in their operations.

This distinction explains why boards should never regard compliance as an item to be ticked off at the end of a meeting agenda. Compliance is largely a consequence of effective governance. Where governance is weak, regulatory breaches become symptoms rather than isolated incidents.

The OECD Principles of Corporate Governance recognise the board as the cornerstone of effective governance. Directors are expected to exercise objective judgement, oversee risk, ensure accountability, safeguard stakeholder interests, and promote long-term sustainability. These responsibilities cannot be delegated entirely to management. While executives manage the business, directors govern it. The difference is significant.

Unfortunately, some boards gradually drift into a posture of passive oversight. Board papers are received but not rigorously interrogated. Assurances from management are accepted without sufficient challenge. Audit reports are acknowledged but not thoroughly examined.

 Risk registers become routine documents rather than instruments for strategic oversight. Such practices may appear harmless individually, yet together they create an environment where governance weaknesses can flourish unnoticed.

Peter Drucker once observed that “Management is doing things right; leadership is doing the right things.” The same principle applies to boards. Their responsibility is not merely to monitor operational performance but to ensure that the organisation remains ethically sound, strategically resilient, and institutionally accountable.

One of the greatest threats to effective governance is complacency. Success can create a false sense of security, encouraging boards to assume that existing systems are adequate simply because serious problems have not yet emerged. However, governance failures rarely appear without warning. They are usually preceded by indicators that attentive boards should recognise.

Persistent weaknesses in internal controls, delayed regulatory filings, recurring audit findings, deteriorating financial performance, increasing operational risk, excessive executive dominance, inadequate succession planning, and declining organisational culture are seldom isolated events. They are warning signals demanding board attention. When these issues are repeatedly overlooked or normalised, governance ceases to be proactive and becomes reactive.

The UK Corporate Governance Code consistently emphasises the importance of independent judgement, effective board evaluation, and sound internal control systems. These principles are not procedural formalities; they exist because history has repeatedly demonstrated the consequences of their absence.

Weak governance carries consequences extending far beyond regulatory sanctions. Financial losses are often the most visible outcome, but they are rarely the most damaging. Reputational harm can erode public confidence built over decades. Investors may withdraw support, employees lose morale, customers seek alternatives, and strategic opportunities disappear. Directors themselves may face reputational damage, legal exposure, or disqualification from future appointments. Ultimately, governance failures diminish institutional legitimacy, which is considerably more difficult to restore than financial performance.

For this reason, boards should regularly ask themselves questions that extend beyond statutory compliance. Are we receiving sufficient information to exercise informed judgement? Are management reports presenting risks honestly or merely highlighting successes? Is our organisational culture encouraging openness and accountability? Are emerging risks being discussed before they become crises? Most importantly, would the board be confident if a regulator examined its governance practices today?

These questions demand more than procedural responses. They require directors who are intellectually curious, professionally skeptical, and committed to continuous improvement. Board effectiveness depends not only on technical competence but also on culture, independence, diversity of thought, and collective responsibility.

Several practical lessons emerge from recent regulatory developments. First, governance should be viewed as a strategic asset rather than a compliance obligation. Organisations with mature governance structures are generally more resilient because they identify and address weaknesses before they escalate.

Secondly, enterprise risk management deserves sustained board attention. Risk oversight should not be confined to financial exposures alone. Cybersecurity, operational resilience, reputational threats, technological disruption, regulatory developments, and organisational culture all require careful consideration within the boardroom.

Thirdly, boards should invest in their own effectiveness. Regular board evaluations, continuous director education, succession planning, and periodic reviews of committee structures are essential components of sound governance. Effective boards understand that learning is not optional; it is part of their fiduciary responsibility.

Finally, directors must remember that governance is ultimately about stewardship. Institutions exist to create sustainable value for shareholders while serving employees, customers, regulators, and society. Boards therefore have an obligation to think beyond quarterly results and immediate operational pressures. Their decisions shape institutional resilience long after individual directors have completed their tenure.

Regulators will continue to perform their statutory responsibilities, as they should. Their interventions protect markets, preserve public confidence, and uphold financial stability. However, no board should regard regulatory action as its primary governance mechanism. By the time a regulator intervenes, opportunities for early correction may already have been lost.

The most effective boards understand that governance is not measured by how skillfully they respond to a crisis after it emerges. It is measured by the discipline, foresight, and judgement they demonstrate long before external intervention becomes necessary. The strongest institutions are rarely those that recover most effectively from regulatory action; they are those whose governance standards make such intervention unlikely in the first place.

The enduring lesson is therefore simple yet profound: the best boards do not govern because the regulator is watching; they govern because stewardship demands nothing less.

Prepared by:

Research Unit

Department of Advocacy and Stakeholder Engagement

Chartered Institute of Directors Nigeria (CIoDN)

What do you think?
Read More

More Related News

LEADERSHIP WITHOUT OVERREACH: THE IMPERATIVE OF ROLE CLARITY IN CORPORATE GOVERNANCE

LEADERSHIP OVERSIGHT AND BOARD ACCOUNTABILITY:

Aligning Governance with Sustainability: Insights from Nigeria’s Regulatory Landscape

 

Regulatory action often dominates headlines. Licenses are revoked, sanctions imposed, and institutions are publicly scrutinized. In the aftermath, attention naturally turns to the regulator’s decision, the legal consequences, and the immediate impact on customers and investors. Yet these events raise a more fundamental question: what happened long before the regulator intervened?

A recent action by the Central Bank of Nigeria (CBN), resulting in the revocation of the licenses of several microfinance banks, serves as a timely reminder that regulatory intervention is seldom the beginning of organisational failure.

More often, it represents the final stage of governance deficiencies that have remained unaddressed for months or even years. For directors, the lesson is unmistakable. The most effective boards do not wait for regulatory scrutiny before asking difficult questions; they cultivate governance practices that prevent such scrutiny from becoming necessary.

At the heart of this discussion lies an important distinction between corporate governance and regulatory compliance. These concepts are closely related, but they are not synonymous. Compliance concerns adherence to laws, regulations, and supervisory requirements. Governance, however, extends much further. It encompasses the systems, values, leadership, accountability, and oversight that shape how an organisation is directed and controlled.

An organisation may comply with regulatory requirements and still suffer from weak governance. Conversely, organisations with strong governance cultures are generally better positioned to sustain compliance because ethical conduct and sound decision-making are embedded in their operations.

This distinction explains why boards should never regard compliance as an item to be ticked off at the end of a meeting agenda. Compliance is largely a consequence of effective governance. Where governance is weak, regulatory breaches become symptoms rather than isolated incidents.

The OECD Principles of Corporate Governance recognise the board as the cornerstone of effective governance. Directors are expected to exercise objective judgement, oversee risk, ensure accountability, safeguard stakeholder interests, and promote long-term sustainability. These responsibilities cannot be delegated entirely to management. While executives manage the business, directors govern it. The difference is significant.

Unfortunately, some boards gradually drift into a posture of passive oversight. Board papers are received but not rigorously interrogated. Assurances from management are accepted without sufficient challenge. Audit reports are acknowledged but not thoroughly examined.

 Risk registers become routine documents rather than instruments for strategic oversight. Such practices may appear harmless individually, yet together they create an environment where governance weaknesses can flourish unnoticed.

Peter Drucker once observed that “Management is doing things right; leadership is doing the right things.” The same principle applies to boards. Their responsibility is not merely to monitor operational performance but to ensure that the organisation remains ethically sound, strategically resilient, and institutionally accountable.

One of the greatest threats to effective governance is complacency. Success can create a false sense of security, encouraging boards to assume that existing systems are adequate simply because serious problems have not yet emerged. However, governance failures rarely appear without warning. They are usually preceded by indicators that attentive boards should recognise.

Persistent weaknesses in internal controls, delayed regulatory filings, recurring audit findings, deteriorating financial performance, increasing operational risk, excessive executive dominance, inadequate succession planning, and declining organisational culture are seldom isolated events. They are warning signals demanding board attention. When these issues are repeatedly overlooked or normalised, governance ceases to be proactive and becomes reactive.

The UK Corporate Governance Code consistently emphasises the importance of independent judgement, effective board evaluation, and sound internal control systems. These principles are not procedural formalities; they exist because history has repeatedly demonstrated the consequences of their absence.

Weak governance carries consequences extending far beyond regulatory sanctions. Financial losses are often the most visible outcome, but they are rarely the most damaging. Reputational harm can erode public confidence built over decades. Investors may withdraw support, employees lose morale, customers seek alternatives, and strategic opportunities disappear. Directors themselves may face reputational damage, legal exposure, or disqualification from future appointments. Ultimately, governance failures diminish institutional legitimacy, which is considerably more difficult to restore than financial performance.

For this reason, boards should regularly ask themselves questions that extend beyond statutory compliance. Are we receiving sufficient information to exercise informed judgement? Are management reports presenting risks honestly or merely highlighting successes? Is our organisational culture encouraging openness and accountability? Are emerging risks being discussed before they become crises? Most importantly, would the board be confident if a regulator examined its governance practices today?

These questions demand more than procedural responses. They require directors who are intellectually curious, professionally skeptical, and committed to continuous improvement. Board effectiveness depends not only on technical competence but also on culture, independence, diversity of thought, and collective responsibility.

Several practical lessons emerge from recent regulatory developments. First, governance should be viewed as a strategic asset rather than a compliance obligation. Organisations with mature governance structures are generally more resilient because they identify and address weaknesses before they escalate.

Secondly, enterprise risk management deserves sustained board attention. Risk oversight should not be confined to financial exposures alone. Cybersecurity, operational resilience, reputational threats, technological disruption, regulatory developments, and organisational culture all require careful consideration within the boardroom.

Thirdly, boards should invest in their own effectiveness. Regular board evaluations, continuous director education, succession planning, and periodic reviews of committee structures are essential components of sound governance. Effective boards understand that learning is not optional; it is part of their fiduciary responsibility.

Finally, directors must remember that governance is ultimately about stewardship. Institutions exist to create sustainable value for shareholders while serving employees, customers, regulators, and society. Boards therefore have an obligation to think beyond quarterly results and immediate operational pressures. Their decisions shape institutional resilience long after individual directors have completed their tenure.

Regulators will continue to perform their statutory responsibilities, as they should. Their interventions protect markets, preserve public confidence, and uphold financial stability. However, no board should regard regulatory action as its primary governance mechanism. By the time a regulator intervenes, opportunities for early correction may already have been lost.

The most effective boards understand that governance is not measured by how skillfully they respond to a crisis after it emerges. It is measured by the discipline, foresight, and judgement they demonstrate long before external intervention becomes necessary. The strongest institutions are rarely those that recover most effectively from regulatory action; they are those whose governance standards make such intervention unlikely in the first place.

The enduring lesson is therefore simple yet profound: the best boards do not govern because the regulator is watching; they govern because stewardship demands nothing less.

Prepared by:

Research Unit

Department of Advocacy and Stakeholder Engagement

Chartered Institute of Directors Nigeria (CIoDN)