Published and draft legislation - Nigeria

New corporate governance code

Financial Reporting Council

The Nigerian government recently published the latest version of its code of corporate governance, updated from its 2016 code, which we discussed in Progreso 7. The new document, applicable to companies of all sizes and across different industries, aims to create awareness in society of how corporate values and ethical practices impact the integrity of the country's companies.The code adopts a more flexible approach than the previous version and gives greater margin for institutions to establish corporate governance policies that are appropriate to their operations. We highlight the principal amendments introduced in the new code that are different from the 2016 version:

The code adopts a more flexible approach than the previous version and gives greater margin for institutions to establish corporate governance policies that are appropriate to their operations. We highlight the principal amendments introduced in the new code that are different from the 2016 version:

Board of Directors and Chief Operating Officer

The code gives the Board of Directors greater flexibility to take decisions about its members, stipulating that it is the Board's responsibility to decide the composition of the same and to approve transparent processes that guarantee an appropriate balance of knowledge, competences, experience, diversity and independence; these processes should also encourage a suitable balance of executive, non-executive and independent board members.

The duty of non-executive directors to assess the Chair of the Board's performance has been eliminated.

Furthermore, the code establishes that the Chair of the Board may not be appointed as an executive director, CEO or senior manager until 3 years have elapsed since leaving the Chair (in the earlier code the waiting time was 7 years).

With regard to the company's Chief Executive Officer, another change from the 2016 code is that this individual may sit on the board of other institutions, but not on the remuneration, auditing, appointments or corporate governance committees.

Risk & technology committee

The code goes into details on the scope of the risks committee's functions in the area of information technology (IT), stipulating that it must review and recommend, for the Board's approval, the governance framework for IT data (IT strategy and policy, proactive monitoring and management of cyber threats and attacks, risk management as it relates to IT vendors, among others).

Internal and external control

  • Risks - The Board must formally approve a solid framework for managing risks and guaranteeing effective internal control, that will be communicated to all employees in simple, clear language, and integrated into the business' daily operating routine.
  • Internal Audit - Companies will be required to have an internal audit function, headed up by a member of senior management with enough knowledge, experience and objectivity to fulfill these duties. The document also suggests that at least once every 3 years there should be an assessment of this function, to be conducted by an independent expert designated by the Board of Directors.
  • External Audit - The new code does not make a list of specific matters on which external auditors are not allowed to provide services to companies, but it sets out that these may only provide those services that are approved by the Board of Directors, following recommendations from the audit committee. It also recommends that external auditing firms should be hired for a maximum continuous period of 10 years, and that they should not be eligible for reappointment until a further 7 years have elapsed. Finally, it proposes that the auditing partner should be rotated every 5 years.

Apply and explain

Unlike the previous "comply or explain" requirement, the code recommends that institutions should adopt the "apply and explain" approach when implementing and monitoring compliance with the principles in the code. Thus, companies will have to apply the recommendations and give detailed reports on the specific activities carried out to implement them.