One of the fundamental principles of contemporary corporate governance is the overriding requirement for Directors, management and employees to act in the best interests of the Entity at all times. Corporations legislation across the world will impose criminal penalties on those who choose not to act in such a way, or those who do so recklessly.
Often when talking to new or prospective Directors about this theme, compliance with relevant legislation, industry standards or other guidance is frequently introduced. I have written elsewhere on what is, and what is not, effective compliance and the lessons that can be learned from for example the Volkswagen case; three golden reasons why an effective compliance framework should be front of mind for Directors.
Compliance efforts should:
1. Strongly reinforce brand and corporate reputation.
2. Effectively assure the bottom line -protect the company from fines and penalties but also ensure that compliance time, dollars and effort are focused on the things that matter.
3. Consistently fulfil legal obligations and guidance for the company as a whole and the Directors as individuals.
But, what if ensuring compliance with legislation, guidance or court orders risks breaching governance rule 101 of acting in the company's best interests.
That is the dilemma currently facing Apple in light of the FBI's request, now supported by a court order, that the company write software that will unlock the iphone of a dead terrorist.
The details on either side of this debate are both complicated and multi-layered.
On the one hand is the not unreasonable goal of protecting lives and upholding security.
On the other is what Apple calls the fundamental right to privacy of its users.
There have been many column inches and online articles devoted to this conundrum. The debate is not black and white and includes:
- the phone in question is the property of the US government given that the attacker was a government employee
- new code needs to be written to unlock the phone -how will this code be protected from falling into the wrong hands which at a best case scenario, would make Apple's IP obsolete?
- do privacy rights extend to those who wish to do harm?
- will other countries in which Apple operates -say China or Russia -invoke the precedent of the US government and ask Apple to do similar there?
- is there a third way that could be negotiated that would appease both sides?
These and other aspects are well covered in the most recent edition of The Economist - and in its Leader article.
Again, both complicated an multi-layered.
I have read comments from some observers who said that Apple could just have assisted the US government as required but kept it quiet so noone would know. What, then, would be the price of this fact coming out in a future Edward Snowden-like Wikileak?
Damned if you do, damned if you don't?
Imagine if your company was faced with an equivalent scenario: uphold the law, ensure compliance but by that very act, damage the company. Or protect the company's long term interests but by that very act, fail to comply with government wishes.
What would you do?
Does you answer change if you are leading the world's most valuable company?
Or if the government question is the world's biggest superpower?
Can you think of a harder governance choice?
The unscientific straw poll from within my network on 'what you would do if you were in Tim Cook's shoes' came down in favour of Apple's current position. For those who work in technology linked companies, the responses were unanimous.
What was interesting to me was that these tech contacts are not all left-learning, liberal thinkers.
So, what would you do?