← Back to all briefings
Governance 6 min read Published Updated Credibility 40/100

Governance Briefing — September 13, 2023

G20 leaders endorsed the revised OECD Principles of Corporate Governance on 13 September 2023, pushing boards to refresh oversight of sustainability, digital risk, and shareholder rights while implementation teams update controls and DSAR processes across global subsidiaries.

Zeph Tech Research Lead

Research lead, Zeph Tech

Timeline plotting source publication cadence sized by credibility.
3 publication timestamps supporting this briefing. Source data (JSON)

Executive briefing: On 13 September 2023, at the New Delhi Summit, G20 leaders endorsed the revised OECD Principles of Corporate Governance, marking the first major update since 2015. The new edition reinforces expectations for board accountability, sustainability disclosures, digital resilience, and shareholder engagement. It adds guidance on climate and social risk oversight, calls for stronger stewardship by institutional investors, and emphasises protections for minority shareholders in complex ownership structures. Multinationals should treat the principles as a global benchmark—regulators from Brazil to the EU reference them when shaping corporate governance codes—and integrate the revisions into board charters, risk frameworks, and DSAR operations.

Key updates to the principles

The 2023 revision introduces six chapters mirroring the prior structure but deepens expectations in several areas:

  • Sustainability and resilience: Boards are urged to embed climate, environmental, and social risks into strategy and reporting, including scenario analysis and supply-chain transparency.
  • Digitalisation: The principles now highlight cybersecurity, data governance, and responsible use of emerging technologies, urging boards to oversee digital transformation and AI adoption.
  • Ownership and control: Enhanced transparency for cross-shareholdings, related-party transactions, and company groups aims to protect minority investors.
  • Institutional investors and stewardship: Asset managers are encouraged to adopt stewardship codes, disclose voting policies, and align engagement with long-term value creation.
  • State-owned enterprises: Clarified expectations for SOEs address level-playing-field concerns and call for independent directors, audit committee effectiveness, and competitive neutrality.

These themes align with global regulatory trends—such as the EU Corporate Sustainability Reporting Directive, India’s Business Responsibility and Sustainability Reporting, and U.S. SEC climate disclosure proposals—making the principles a common reference point for cross-border compliance.

Governance actions for boards

Boards should reassess charters and committee mandates in light of the new principles. Audit and risk committees expand oversight to include cyber resilience, data governance, and DSAR performance metrics. Sustainability committees formalise climate transition planning responsibilities, while nomination committees evaluate director skills in digital transformation and data ethics. Board evaluation processes incorporate questions on DSAR preparedness and stakeholder engagement, ensuring directors understand privacy obligations when reviewing AI or analytics investments.

Companies operating in jurisdictions that align listing rules or governance codes with OECD standards—such as Brazil’s CVM, Japan’s FSA, South Africa’s King Code, and the EU—should anticipate regulatory updates referencing the 2023 edition. Boards may pre-emptively adopt disclosure practices recommended in the principles, including detailed descriptions of risk management systems, material sustainability matters, and shareholder rights mechanisms (cumulative voting, proxy access, virtual meeting safeguards).

Implementation roadmap

Gap assessment: Corporate secretariats lead reviews comparing existing policies against the revised principles. They map board committee responsibilities, risk frameworks, remuneration policies, and investor relations practices to the updated guidance. Special attention is paid to data governance: companies document who oversees privacy, cybersecurity, and DSAR obligations, ensuring accountability spans IT, legal, and business units.

Policy updates: Within 3–6 months, organisations refresh governance documentation: board charters incorporate explicit oversight of digital transformation and sustainability; codes of conduct address data ethics, AI usage, and DSAR commitments; insider trading policies reference new expectations on disclosure timing and transparency. Procurement policies incorporate due diligence expectations for supply chains, aligning with the principles’ focus on stakeholder interests.

Control enhancements: Risk management teams integrate sustainability and digital risk into enterprise risk matrices. They establish key risk indicators for DSAR performance (volume, turnaround time, escalations) alongside cybersecurity metrics (time to patch, incident counts). Internal audit adds assurance engagements testing DSAR controls, third-party management, and ESG reporting accuracy.

Investor relations and stewardship

The revised principles encourage transparent communication with shareholders and stakeholders. Investor relations teams publish stewardship engagement policies outlining how the company interacts with institutional investors on ESG topics, executive pay, and capital allocation. They prepare to discuss DSAR metrics and privacy safeguards during investor meetings, recognising that data governance increasingly influences valuations.

Organisations with dual-class shares or complex ownership structures must clarify control arrangements. Disclosure enhancements include diagrams of ownership chains, explanations of shareholder agreements, and details on related-party transactions. Minority shareholder protections—such as independent board representation, majority-of-minority voting, and dispute resolution mechanisms—are reviewed for alignment with the principles.

DSAR and stakeholder rights

The principles emphasise equitable treatment of shareholders and fair access to information. While DSARs stem from privacy law rather than corporate governance, boards are expected to ensure stakeholder rights more broadly. Companies integrate DSAR performance into governance reporting, demonstrating responsiveness to customers and employees exercising GDPR, CCPA, or other privacy rights. Transparency reports can reference DSAR statistics alongside sustainability and governance disclosures, reinforcing accountability.

Privacy teams coordinate with corporate secretariats to include DSAR topics in annual general meeting materials and sustainability reports. They clarify processes for authenticating requestors, timelines for responses, and remediation steps when DSARs uncover inaccurate records. For listed companies, investor communications highlight how DSAR controls protect brand trust and reduce litigation risk.

Digital governance and cybersecurity

Boards are tasked with overseeing digital risks, including cybersecurity, AI, and data privacy. CISOs present regular updates on threat landscapes, incident response readiness, and security investments. They align reporting with the principles by highlighting governance structures (board-level cyber briefings, cross-functional committees), metrics (mean time to detect/respond), and third-party oversight (supplier risk assessments).

Technology teams formalise AI governance frameworks covering model inventories, bias testing, and transparency. They ensure DSAR systems integrate with AI services—for example, logging automated decision outputs and enabling explanations for data subjects. Data governance councils document lineage for critical datasets and enforce retention policies aligned with DSAR obligations.

Sustainability integration

The 2023 principles call for alignment between corporate strategy and sustainability goals. Finance, ESG, and operational teams collaborate to quantify climate transition plans, emissions targets, and social impact metrics. They integrate DSAR insights into stakeholder analyses—DSAR trends can reveal customer concerns about data usage, informing product design and sustainability messaging.

Companies align sustainability reporting frameworks (GRI, SASB, ESRS) with board oversight, ensuring disclosures on data privacy, cybersecurity, and AI ethics complement environmental and social metrics. Internal audit validates ESG data quality, including DSAR-related statistics shared in sustainability reports.

Global subsidiary coordination

Multinationals harmonise governance practices across subsidiaries. Regional boards receive training on the revised principles, emphasising local regulatory expectations. Shared service centres responsible for DSAR processing align procedures with global standards, ensuring consistent identity verification, escalation, and documentation. Global policies define when DSAR requests handled in one jurisdiction must be reported to group-level committees.

Legal teams monitor national regulators adopting the revised principles. For example, Brazil’s Securities Commission (CVM) announced plans to update its governance code; India’s Ministry of Corporate Affairs references OECD guidance for company law reforms; EU authorities incorporate the principles into sustainable corporate governance debates. Organisations maintain a change log tracking how these reforms impact listing rules, disclosure obligations, and enforcement risks.

Training and culture

Board training programmes focus on sustainability literacy, digital governance, and stakeholder engagement. Directors participate in workshops covering climate scenario analysis, cyber resilience tabletop exercises, and DSAR oversight responsibilities. Executive education cascades to senior management, with modules on responsible AI, data ethics, and investor stewardship.

Employee training emphasises code-of-conduct updates, highlighting obligations to protect personal data, respond to DSARs promptly, and report unethical behaviour. HR integrates governance and privacy topics into onboarding and leadership programmes, reinforcing accountability across the organisation.

Next steps

Within six months, companies should document how they align with each chapter of the revised principles, identifying gaps and assigning remediation owners. They prepare board and shareholder communications summarising actions taken—policy updates, committee enhancements, DSAR performance improvements, and sustainability initiatives. Monitoring teams track further guidance from the OECD’s Corporate Governance Committee, which plans toolkits on sustainability disclosure and digital governance implementation.

By embedding the 2023 OECD principles into governance, implementation, and DSAR operations, organisations demonstrate commitment to long-term value creation, investor confidence, and stakeholder trust.

Timeline plotting source publication cadence sized by credibility.
3 publication timestamps supporting this briefing. Source data (JSON)
Horizontal bar chart of credibility scores per cited source.
Credibility scores for every source cited in this briefing. Source data (JSON)

Related briefings

Curated signals from the same pillar or overlapping topics.

Continue in the Governance pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

  • OECD
  • Corporate governance
  • Sustainability
  • Digital oversight
Back to curated briefings