On 4th March 2016, the Capital Markets Authority (CMA) published the Code of Corporate
Governance for Issuers of Securities to the Public, 2015 (the “Code”). The Code replaced the
Guidelines on Corporate Governance Practices by Public Listed Companies in Kenya of 2002. It
draws companies’ attention to six main corporate governance areas, namely: Board Operations
and Control; Rights of Shareholders; Stakeholder Relations; Ethics and Social Responsibility;
Accountability, Risk Management and Internal Control; and Transparency and Disclosure. For
each area, the Code sets out principles, recommendations and guidelines to be adopted.
This Article highlights key issues arising from it.
1. Who does the Code apply to?
The Code provides that it was issued for “Issuers of Securities to the Public” while the Gazette
Notice by which it was published indicates that the Code is “for application by both listed and
unlisted public companies in Kenya.” An “issuer” in relation to any securities as a person by
whom securities have been issued or are to be issued. This includes a company or other legal
entity that offers securities to the public or a section of it in Kenya, whether or not the person’s
securities are or have applied to be listed on the securities exchange. As such, all listed
companies are mandatorily required to apply the Code while other public companies are
encouraged to adopt it.
2. By when should the Code be implemented?
Companies are encouraged to implement the Code immediately but not later than 4th March
2017 – which is one year after its publication in the Gazette. The company must take steps to
apply the Code. It must be clear on what steps have been or are being taken. Where it has not
implemented the Code fully, there is an obligation for it to inform CMA of the extent not
applied yet, reasons for it, demonstrate that necessary steps are underway, and state what
timeline the company has to apply the Code fully. This approach is a departure from the
previous Guidelines which gave companies the option of merely stating that they have not
complied.
3. What are the key requirements of the Code?
The resounding theme under Board Operations and Control is to obligate the company to:
document the policies and processes; make them transparent, publicize them and review them
periodically; and have clear distribution of roles. The requirements in this regard are the widest
and most detailed. Companies will therefore do well to sufficiently interrogate their Board
Operations and Control set-up in light of the Code’s requirements.
Under Stakeholder Relations, the company is required to: identify the company’s stakeholders,
deliberately plan the engagements, and set out dispute resolution mechanisms. On the other
hand, the focus on Ethics and Social Responsibility is that the company sets a culture, standards
and policies, and develops programs and activities, and to be mindful not only of its financial
performance but also stakeholder interests, the society and the environment.
On Accountability, Risk Management and Internal Control, the Code requires the company to
have a structure to independently verify and safeguard the integrity of the financial reporting
process and an effective internal control system. Last but not least, under Transparency and
Disclosure, the Code sets out disclosures that must be made, the documents or platforms
through which the disclosures must be made, and how often those disclosures are to be made.
4. Who is responsible for ensuring that the Code is implemented?
The Code places this responsibility on the Board. Their overarching role is to formulate policies,
procedures and guidelines that facilitate all directors, CEOs and management are fully aware of
the Code’s requirements and that they make decisions in accordance to prudent corporate
governance practices. Further, the Board is required to identify all applicable laws, regulations
and standards that the company must comply with. These include: national and county
legislation and regulations, the Code, CMA and other authorities’ relevant Circulars and
Guidelines, regional and international treaties and standards.
5. How will the company’s level of compliance with the Law be determined?
As a way of ensuring that companies comply with all laws applicable to them, the Code places a
duty on the Board to:
a) Ensure that a Governance Audit is carried out at least once a year, by a competent and
recognized professional accredited by the ICPSK;
b) Organize for an legal and compliance audit to be carried out internally every year; and
c) Organize for an external legal and compliance audit to be carried out by a legal professional
at least once every 2 years.
Conclusion
Public companies in Kenya, whether listed or not, have to respond to the Code by making
deliberate steps to apply it such as developing tools to examine and track its legal compliance.
Each must interrogate its legal compliance status and make specific actionable points to move
towards compliance. This, in effect, is intended to boost market confidence and sustainability of
entities operating in the Capital markets in Kenya. Private companies too, though not netted by
the Code are encouraged to continually move towards having sound corporate governance
practices – after all today’s private company might become tomorrow’s publicly listed one.