Investors' confidence was crushed when glaring lapses at leading companies came to the fore over the past couple of years. Be it allegations of quid pro quo against Chanda Kochhar, former managing director and chief executive officer of India's largest private lender ICICI Bank; or the alleged role of management at Punjab & Maharashtra Co-operative (PMC) Bank and Punjab National Bank who colluded to defraud the bank of thousands of crores; or allegations of fund diversion against Jet Airways that led to the closure of the airline; or the massive ₹90,000 crore debt crisis at IL&FS that got the economy to a standstill: The weak code of ethics and lapses in governance is the elephant in the room.

What can India Inc do to address the loopholes in the corporate governance framework? Is there a way to ensure the code of ethics is followed in spirit? How should the board deal with such governance failures and bring the wrongdoers to task? Fortune India caught up with Manpreet Singh Ahuja, partner & leader - Risk Assurance Services. PwC India, to find some of these answers.

In an interview, Ahuja says, "There is a need to focus on building a strong culture; people at the top need to walk the talk on building a strong sense of purpose and values within the organization." He adds that the onus is on the board to promptly investigate allegations of misconduct against the CEO and undertake proactive steps to address the issue and protect the interests of stakeholders. "Allocate budget to crisis management, have a crisis management plan and test it. The board should plan to roll out a strong resilience governance framework," Ahuja advises. "Blockchain is a powerful tool for stakeholder engagement, a much-desired aspect for corporate governance," he adds. Edited excerpts:

We have seen some grave corporate governance failures in recent times across leading banks, NBFCs, and airlines. How did such serious lapses go undetected for years?

The main reason has been the lack of effective corporate governance. There is a difference in having a corporate governance framework on paper and a strong intent in its effective implementation in both letter and spirit. There is also a lack of strategy as the primary focus in Board oversight. Boards need to look beyond the quarterly numbers and ask challenging questions on the long-term strategy of the company. Strategy in today’s VUCA (volatility, uncertainty, complexity and ambiguity) world is too risky and complex to be ignored.

Over the years what have you found to be the biggest reason for failures in governance at domestic companies?

The biggest reason for failures in governance at domestic companies has been; too much interference by dominant promoter shareholders making the board cosmetic or just ceremonial for compliance; Independent directors not acting independently; Excessive focus on short term results; The absence of a strong culture or tone at the top.

Misreporting information to investors, and misappropriation of company funds seems to be a rampant problem. How can India Inc. counter these challenges to protect stakeholders?

The implementation of a strong and effective corporate governance framework is the best way forward. Adoption of best practices in corporate governance, strengthening the effectiveness of the audit committee and transformation of the finance function. There is a need to focus on building a strong culture; people at the top need to walk the talk on building a strong sense of purpose and values within the organization. The board of directors needs to be more effective in the discharge of its fiduciary responsibilities.

Quality of governance is generally perceived to be relatively poor in India. What are companies doing to correct the perception and incorporate safety mechanisms to alert stakeholders to the first signs of trouble?

There is a gap between the perception and the practice of corporate governance in India. Leading corporates have laid down a strong corporate governance framework which is aligned with their company values, vision and principles. The framework is supported by a well-designed governance operating model and corporate governance policies and guidelines. Board evaluation is carried out by independent consultants and board composition is taken seriously. Corporates are also working on the effectiveness of the whistleblower policy.

Manipulation of stock prices, insider trading is currently fairly difficult to detect and prove? What kind of risk management tools can companies, and regulators use?

While SEBI already has access to call data records, it has decided to send a proposal to the government to seek power to intercept calls and electronic communications. In a few cases, SEBI has also used Facebook to establish a connection between insiders. To assist in identifying the source of leaks, listed companies are now required to have internal controls for identifying inside information and maintain lists of employees and other persons with whom such information is shared. Listed companies are required to intimate the persons receiving UPSI, of their obligations towards preventing the misuse of such information for insider trading, by way of an advance notice. The latest amendments require boards of listed companies to put additional policies in place, including a policy for determining what constitutes legitimate purpose, a whistle-blower policy for reporting leaks of unpublished price sensitive information (UPSI) and an inquiry policy for determining the source of leaks.

We have particularly noted alarming instances arising from liquidity issues, tech failure, and operational disruptions. How would you say the nature of the corporate crisis has evolved over time?

The corporate crisis has evolved over a period. Earlier the nature of corporate crisis was more operational in nature like operational breakdown, supply chain issues or various forms of product failure, which is now gradually moving towards tech related crisis like technology failures and/or incidents of cybercrime, leadership or ethical misconduct, including fraud, corruption, and corporate malfeasance. According to the PwC Global Crisis Survey of 2,084 respondents in 2019; the top 3 most disruptive crisis in India are: 1. Technology disruption/failures (14%) , 2. Financial/liquidity related (13%), 3. Legal/regulatory-related (10%). What needs to be noted is that the most disruptive crises aren’t necessarily the most newsworthy. Nearly seven in ten (69%) leaders have experienced at least one corporate crisis in the last five years—with the average number of crises experienced being three. Boards are increasingly taking action in getting prepared for when a crisis hits.

What is the most common form of crisis seen in domestic companies, and who is responsible for managing the crisis? Is it wiser for the company to seek outside help?

Who’s responsible for crisis management? Everyone and no one. When it comes to pinpointing who “owns” the crisis, it is complicated. Interestingly, everyone from board members and CEOs to legal to risk to IT claim responsibility for a variety of crisis roles—preparedness, response, recovery, enterprise risk management (ERM), communications. This tells us that most senior executives want to be involved in helping their companies prepare for and respond to crisis, which is a positive sign. Yes, it is wiser for the companies to seek help of firms that specialize in crisis management services.

What about cases of ethical misconduct, because very often companies try to hush allegations and influence investigations?

The instances of ethical misconduct could be CEOs lying to the board, undisclosed criminal records, objectionable personal behaviour, inappropriate use of corporate funds, etc. Companies with a strong code of conduct have zero tolerance to unethical conduct. When the CEO engages in misconduct, the board has an obligation to investigate the matter, take proactive steps to ensure that it is properly dealt with, and, most importantly, ensure that corporate reputation, culture, and long-term performance are not damaged.

In 2018, more CEOs (globally) were ousted due to ethical lapses than company financial performance or struggles with a company’s board, according to a new study from PwC. It is the first time in its 19-year history that the study has found that most CEOs were dismissed because of ethical issues.

Whistleblowers often help blow the lid off unscrupulous malpractices. What's the responsibility of the board in such circumstances to ensure a fair investigation into the allegations? Is it appropriate for the board to back the management without knowledge of the findings of the probe?

The board should exercise its independent judgment to ask for an inquiry on whistleblower claims if it sees prima facie substance in the allegations. This is an area where the judgment of the board and management is material. Judgment should be exercised in a prudent and independent manner, without any influence or bias. According to PwC’s 2019 Annual Corporate Director’s Survey (global), 43% of directors surveyed say that one of the actions they have taken is of enhancement of the whistleblower programs.

As more and more family-owned businesses transform and integrate professionals to manage the company, how can technology ensure prompt response to red flags and safeguard the interests of stakeholders?

There is a strong need for the identification of red flags promptly as, by the time the issue is discovered, the repercussions and impact can be huge. Strong governance controls through data analytics and emerging technologies like artificial intelligence (AI), robotic process automation (RPA), Blockchain and machine learning (ML) can ensure the same. Blockchain is a powerful tool for stakeholder engagement, a much-desired aspect for corporate governance. Blockchain accounting systems will significantly reduce the need for traditional auditing and hence audit firms will have to redefine their roles.

How evolved are Indian companies to handle crisis, governance, and risk management failures? What more needs to be done in this area?

Indian companies are evolving. At times we can see that there is more of a knee-jerk reaction to such failures in the absence of a strong resilience governance framework. Companies can also think of having a chief crisis officer/leader who has a clear mandate and authority to develop a crisis management program that governs every aspect of preparedness, response and communication. Allocate budget to crisis management, have a crisis management plan and test it. The board should plan to roll out a strong resilience governance framework.

Follow us on Facebook, Twitter & YouTube to never miss an update from Fortune India. To buy a copy, visit Amazon.