There is no substitute for a culture of integrity in organizations. Compliance alone with the law is not enough. History shows that those who make a practice of skating close to the edge always wind up going over the line. A higher bar of ethics performance is necessary. That bar needs to be set and monitored in the boardroom.  ~J. Richard Finlay writing in The Globe and Mail.

Sound governance is not some abstract ideal or utopian pipe dream. Nor does it occur by accident or through sudden outbreaks of altruism. It happens when leaders lead with integrity, when directors actually direct and when stakeholders demand the highest level of ethics and accountability.  ~ J. Richard Finlay in testimony before the Standing Committee on Banking, Commerce and the Economy, Senate of Canada.

The Finlay Centre for Corporate & Public Governance is the longest continuously cited voice on modern governance standards. Our work over the course of four decades helped to build the new paradigm of ethics and accountability by which many corporations and public institutions are judged today.

The Finlay Centre was founded by J. Richard Finlay, one of the world’s most prescient voices for sound boardroom practices, sanity in CEO pay and the ethical responsibilities of trusted leaders. He coined the term stakeholder capitalism in the 1980s.

We pioneered the attributes of environmental responsibility, social purposefulness and successful governance decades before the arrival of ESG. Today we are trying to rebuild the trust that many dubious ESG practices have shattered. 


We were the first to predict seismic boardroom flashpoints and downfalls and played key roles in regulatory milestones and reforms.

We’re working to advance the agenda of the new boardroom and public institution of today: diversity at the table; ethics that shine through a culture of integrity; the next chapter in stakeholder capitalism; and leadership that stands as an unrelenting champion for all stakeholders.

Our landmark work in creating what we called a culture of integrity and the ethical practices of trusted organizations has been praised, recognized and replicated around the world.


Our rich institutional memory, combined with a record of innovative thinking for tomorrow’s challenges, provide umatached resources to corporate and public sector players.

Trust is the asset that is unseen until it is shattered.  When crisis hits, we know a thing or two about how to rebuild trust— especially in turbulent times.

We’re still one of the world’s most recognized voices on CEO pay and the role of boards as compensation credibility gatekeepers. Somebody has to be.

outrage 12.jpg

Once again, privacy, or the breach of it, is in the news. Millions of customers of retail chain TJX in Canada and the United States have had their financial information and credit card numbers exposed to hackers. In Canada, Talvest Mutual Funds, a division of CIBC, one of that country’s largest banks, said a backup computer file had disappeared with the personal financial information of half a million customers. It happened late last month, but was only revealed to the public this week.

CIBC has had similar problems before, with records of customers repeatedly being faxed to a dump site in West Virginia and the bank refusing to take action to stop it until it became a public relations disaster.

There are many unanswered questions about these recent events, some of which are set out in a statement by The Centre for Corporate & Public Governance. Normally, such occurrences would be sufficient cause for outrage on the part of customers and concerned citizens. But the real story here, as The Centre has stated, is the existence of a culture of complacency, if not outright negligence, in the safeguarding and protection of personal information. Time and again, companies confess breaches in the safeguarding of personal information. Time and again, governments fail to act.

As The Centre notes in its statement, Canada’s privacy watchdog has disappointed many Canadians in the handling of their complaints.

…many individuals are of the view that privacy authorities have displayed an overly casual, and in some circumstances, inept, approach to the enforcement of existing privacy laws, which has compromised their confidence in the current privacy protection regime. The Centre regularly receives complaints from individuals about inadequate and unacceptable treatment by government privacy watchdogs, including the office of the federal privacy commissioner. In a number of cases, complainants were either ignored entirely or received only a perfunctory response after several attempts were made to have issues addressed. In one situation, the federal privacy office took no action and refused even to commence an investigation when senior officials of a Canadian chartered bank could not account for the whereabouts of a letter containing the customer’s personal information that was faxed to them. In other cases, complainants were of the view that the privacy watchdog had a disturbing predisposition to accept the word of the institution it was supposed to be investigating without inquiring into the facts, including at least one situation where a customer had inadvertently been sent electronic files containing the personal information of dozens of employees of a major financial institution.

There is a need, in an increasingly networked age, for a more robust approach on the part of the corporate sector and governments to the protection of individual privacy. The need is urgent. When a major financial institution can become a second offender in failing to protect sensitive information entrusted to it –and some might suggest there have been more episodes at this bank– there is clearly a problem in enforcement.

This most recent breach came to the attention of Canada’s privacy commissioner before Christmas. It is just coming to public attention now. What has she done? Little detail is being provided as to whether the information was protected by encryption and passwords, much less the circumstances surrounding the disappearance of the data. Canada’s privacy commissioner looks like a hapless spectator in yet another CIBC privacy fiasco when she should have been a pit bull on the scene demanding answers and ensuring quick disclosure of the loss.

As The Centre’s statement observes, there is a need for tougher laws that will protect Canadians and punish offenders. It has called on the federal government to initiate that process and on committees of the House of Commons and Senate to hold hearings that will bring forward witnesses from the corporate sector and those who have had their privacy violated and identity stolen. But Canada also needs an aggressive watchdog who will change the culture of complacency over the safeguarding of personal information to one of fear for the consequences if a company fails to protect personal information. It begins by treating individuals who come forward with instances of breaches in their personal information with respect and the seriousness they deserve, not by ignoring them or sloughing them off. And it means having a privacy commissioner who will be a watchdog that bites when repeat offenders are discovered, not a lapdog that squeaks out a press release.

Canada’s top privacy guardian allowed too much time to pass between when these breaches occurred and when they were made public, and too many important questions to go unanswered. In the process, she has lost her leadership role and let down Canadians who depend upon her, which is why the privacy commissioner’s handling of her duties over this most recent fiasco is the Outrage of the Week.