By Mak Yuen Teen

On March 3, 2020, Tee International Limited (TIL) released a 13-page Executive Summary of the External Investigator’s Report on the questionable transactions involving its controlling shareholder and former Group Chief Executive (GCE) and Managing Director (MD), Phua Chian Kin (PCK). The investigation was undertaken by PricewaterhouseCoopers Risk Advisory Services (PwC).

The PwC investigation was commissioned following the company’s announcement on September 4, 2019 that it had identified unexplained remittances of monies involving PCK, two key subsidiaries of TIL – Trans Equatorial Engineering Pte Ltd (Trans) and PBT Engineering Pte Ltd (PBT) – and Oscar Investment Pte Ltd, a British Virgin Islands-incorporated company which is wholly and beneficially-owned by PCK.

The transactions investigated by PwC occurred between July 19, 2018 and August 29, 2019. During that period, the board was chaired by 81-year old independent director (ID) Bertie Cheng Shao Shiong (Cheng), and comprised three other IDs and three executive directors (EDs) – PCK, his brother Phua Boon Kin (PBK) who was Deputy MD, and Ms Saw Chin Choo (Saw).

Mr Cheng was appointed to the board as an ID in March 2001, so had served for more than 17 years at the time of the questionable transactions. One of the other IDs, Aric Loh Siang Kee, who is a member of the audit committee and remuneration committee, was a former audit partner of Deloitte & Touche LLP. He was appointed in August 2014. Deloitte & Touche is the external auditor for TIL. The company’s corporate governance report states that Mr Loh ceased being an audit partner of Deloitte in 2013. The company disclosed that this complies with the Guideline 12.9 of the 2012 Singapore Code of Corporate Governance – but only just. The 2012 Code recommended a one-year cooling-off period for a former partner or director of the audit firm to join a client’s audit committee (AC). The 2018 Code now recommends a two-year cooling off period.

Less than three months after the announcement of the questionable transactions and the appointment of PwC to undertake the investigation, Mr Cheng retired at the company’s November 2019 AGM after deciding not to offer himself for re-election.

In early March 2020, it was announced that the Commercial Affairs Department (CAD) is looking into these transactions while SGX Regco is also reviewing the PwC report for potential breaches of the listing rules.

The discovery of the questionable transactions was not the first time that TIL was in the news for alleged legal breaches. In April 2012, Mr Cheng and PCK were reported to be under investigation by the CAD for possible market rigging between July 2008 and March 2009, although nothing further was heard about that investigation.

The executive committee

Based on the 2018 annual report, TIL had the usual three committees recommended by the Code of Corporate Governance – AC, remuneration committee (RC) and nominating committee (NC) – with the former two committees made up entirely of IDs and the latter comprising two IDs (including the chair) and an ED, PCK. They met or exceeded the recommendations in the Code.

TIL also had an executive committee (EXCO) which was chaired by PCK, with two other IDs as members, and the other two EDs attending by invitation.

EXCOs are quite popular among listed companies here. The Practice Guidance issued with the 2018 Code states: “If the Board chooses to form an Executive Committee (EXCO) and delegate certain matters for the EXCO to decide, it is responsible for understanding the EXCO’s discussions and endorsing the EXCO’s decisions”. In fact, I would go further and urge companies to carefully consider the governance risks associated with having an EXCO. While the PwC report sheds no light on whether the EXCO played a role in the questionable transactions, an EXCO could result in over-delegation of board responsibilities or over-interference in operations, and boards ought to seriously consider whether it is needed.

While anecdotal, companies such as Singapore Post and Swiber which got into trouble had EXCOs in place. I have questioned some companies at AGMs about the establishment and composition of their EXCOs, such as SingPost at its 2015 AGM before it unraveled in a corporate governance scandal. Following the scandal, SingPost dissolved its EXCO.

Sometimes, companies create EXCOs because they have an unwieldy board but TIL has a seven-member board. In fact, a few years ago, I attended an AGM chaired by the same chairman as TIL which also had a seven-member board, and asked why they needed to have an EXCO. The answer I received was unconvincing.

Internal control and risk management

Like many other companies, especially smaller ones, there were also fundamental flaws in TIL’s internal control and risk management. The 2018 annual report states: “The Company has appointed Protiviti Pte. Ltd. (the “IA”) to provide internal audit services within the Group for selected audits which are not audited internally by the Group’s Business Control and Risk Management (“BCR”). The IA and BCR have unrestricted access to all the Company’s documents, including access to the AC. Their primary line of reporting is to the Chairman of the AC.”

In a previous article on internal audit (IA) (Mak Yuen Teen, Zhu Zinan and Chew Yi Hong, Many SGX-Listed Firms Not Getting Internal Audit Right, Business Times, August 15, 2019), we had pointed out that the lack of independence of the IA function is a common weakness. In TIL’s case, the BCR as a second line of defence lacks the functional independence to provide independent assurance, which forms part of the basis for the board’s and AC’s opinion about the adequacy and effectiveness of the internal control and risk management system.

The PwC report casts doubt over the independence and resourcing of the IA function, and the accuracy of the company’s disclosures about it. It said: “We also note that prior to October 2018, the internal audit plan was prepared by the former Business Control & Risk Unit Manager and a Finance Business Manager, who functionally reported to the Head of Infrastructure and the CFO respectively instead of directly reporting to the AC chairperson. Given that the Finance Business Manager performs the role of internal audit and risk management in the Company in addition to her responsibilities within the finance function, the internal audit function is not independent and it also appears that the function may not be adequately resourced”.

One has to question why the AC and board allowed such a situation to persist, and whether the company’s disclosures in its annual reports gave an accurate picture of the IA function.

The PwC report identified a number of possible breaches which may warrant further investigation and enforcement action against not only PCK and key management who were directly involved in the transactions, but also other directors with regards to their oversight responsibilities.

More needs to be done

To the board’s credit, it has released two updates on March 5 and March 15, following the release of the executive summary on March 3, outlining actions it has taken for those directly involved in the questionable transactions and the measures it has implemented to improve its internal controls and corporate governance.

However, questions remain as to whether these measures are enough.

In February 2020, it had announced the appointment a new ID, and all the three main committees, including the NC, now only include IDs. However, it did not mention anything about the EXCO in its announcement and whether it has been dissolved.

Following the cessation of PCK as GCE and MD, his brother PBK was appointed as interim GCE. However, aside from being PCK’s brother and part of the board and key management during the period of the questionable transactions, PBK was and remains a director of both PBT and Trans, the two key TIL’s subsidiaries that were directly involved in those transactions. Saw, the other ED, was and remains a director of PBT. Under such circumstances, their involvement in the affairs of the company ought to be minimised, if it is not feasible to have them step aside while the regulatory investigations are in progress.

At such times, the case for an interim EXCO made up of IDs to steer the company could be made – it is one of those times that I would support having an EXCO as an interim measure. IDs need to stand up and be counted at this time, not bail out immediately or take a hands-off approach. In this regard, it is disappointing that the former Chairman stayed for far longer than he should have as an ID, then left as quickly as he did when the questionable transactions came to light. Of course, directors remain accountable even if they have left.

A blurred three lines of defence

It is also unclear that the company “gets it” in terms of improving its internal control and risk management. In its update on March 15, the company said that the Board has “engaged another separate team from the Internal Auditors [Protiviti] to assist in developing enhancements to the Company’s policies and procedures” and that it has outsourced the group’s Enterprise Risk Management (ERM) function to the internal auditors. This may once again raise concerns about the independence of the IA as the same outsourced firm seems to be involved in the first two lines of defence while providing independent assurance as the third line.

Protiviti, as the IA, may be intruding into the first line of defence responsibilities.  This is because the updating and ongoing enhancement of policies and procedures is actually the responsibility of the first line of defence management.  The IA’s role is to review the adequacy of the internal controls (including policies and procedures) and test their effectiveness.  If IA helps to develop or enhance those policies and procedures, then they will end up “self-auditing”.

While IA service providers may provide both IA services and ERM services, the ERM service should not go much beyond assisting the client in its risk assessment to derive the top risks in the company, from which IA then develops its annual audit plan which is aligned with these key risks.  Smaller companies may rely on the IA service provider to do this due to the lack of resources and risk management expertise.  However, risk management does not just stop at risk identification or risk assessment.  A risk management function is also responsible for the ongoing oversight of risks in the organisation which is a second line of defence.  IA should not be involved in this role and it may also raise the question as to whether an outsourced ERM function will result in risk management not being integrated into the business and its strategies.

TIL and the outsourced service provider may argue that there are different teams involved and Chinese walls, but conflicts of interests can get past walls.

If TIL truly wants to regain investor confidence and improve its internal controls and corporate governance, it needs to consider doing more than what it has proposed.