September 18, 2020

More on “Reg FD Gets a ‘Kodak Moment'”

It wasn’t too long ago when Liz blogged about the SEC investigating the circumstances around Eastman Kodak’s announcement of a $765 million government loan. Earlier this week, the company issued a press release with an 88-page report to the special committee of Kodak’s board that was formed to internally investigate those events.

The report was prepared by Akin Gump over the course of what sounds like around-the-clock work spanning 6 weeks, in which it reviewed over 60,000 documents that included data searches of mobile devices, emails and text messages. It concludes that the company, and its officers, directors and senior management didn’t violate securities regulations or other relevant laws, breach their fiduciary duties or violate any of the internal policies or procedures. Even so, the report contains several corporate governance and procedural recommendations.

The report’s Reg FD analysis begins at page 70 and concludes there was no violation – among other reasons, because the early disclosure to the media was inadvertent and followed by the company’s posting of a DFC press release within 24 hours. But when it comes to the process that Kodak followed with respect to the release of information related to the LOI before the official release of the DFC Announcement, the report acknowledges there was room for improvement – and identifies several deficiencies that other companies may want to consider for their own policies & processes. In particular, counsel to the special committee found that there was:

(1) a lack of training for Kodak personnel who were dealing with the media,

(2) a lack of clear policies and procedures regarding processes that must be followed before a press release or media advisory can be revised or circulated to parties outside of Kodak,

(3) a general lack of sensitivity among certain Kodak employees regarding the need to carefully control the release of potentially MNPI regarding Kodak due to its status as a publicly traded company, and

(4) a lack of robust coordination with the legal department regarding outreach to the media leading up to and after the DFC Announcement.

Among other recommendations, the report urges the company to review and update its policies and procedures regarding the release of potentially MNPI and ensure that its public relations department is properly staffed and trained with respect to the appropriate protocols and best practices for handling interactions with the media on behalf of a public company. It also recommends that management ensure that the legal department has sufficient and appropriate resources.

Several media outlets issued stories about the report’s findings – here are a few – FT, CNBC, TheStreet.

Compliance Program Survey: Prioritizing People Issues Can Improve Effectiveness

Back in June, I blogged about NAVEX Global’s benchmarking data for compliance hotlines.  For a more general look at compliance program benchmarking information, Navex issued a 72-page 2020 Definitive Risk & Compliance Benchmark Report based on a survey of over 1,400 risk and compliance professionals.  One of the survey’s takeaways is that many compliance programs could take measures to improve effectiveness by prioritizing people issues.  Here’s some of the survey’s high-level data points:

– How an organization’s senior leaders view its compliance function greatly impacts overall program performance as does the frequency with which compliance officers interact with the board

– Regulatory requirements primarily drive compliance program decisions but for programs looking to get better, emphasis should be on workplace culture, tone from the top and program automation as much or more than meeting legal requirements

– More than half of respondents said that their risk and compliance program periodically reports to the board and 9 out of 10 rated their board engagement as good or excellent

– With respect to training, 74% of organizations are investing in data privacy training and nearly one-half of respondents are planning on providing training on bribery, corruption, fraud and financial integrity in the next 2-3 years

In terms of disappointments, one finding was that although workplace culture is valued – 74% of respondents described ‘improving organizational culture’ as important, the issue ranked last when respondents prioritized their concerns. Along with culture, preventing and detecting retaliation ranked low among compliance program concerns even though it’s a top concern for both regulators and employees and the extent to which employees fear retaliation has consistently been a strong indicator of the health of an organization’s culture. The survey found only 39% of respondents labeled speaking up and fear of retaliation as top concerns and the number of respondents who intend on making retaliation prevention a priority in the coming year fell to 17%.

Questions for Boards to Keep Culture “Front & Center”

With actual time in the office still limited for many, a Deloitte/NACDonline memo reminds us of the importance of company culture as it can help ensure a company is able to respond to disruption while also supporting employees.  Now that it appears not everyone has company culture high on their priority list – and because of its importance generally – the memo says it’s equally important that the board stay on top of culture risk.  The memo suggests boards ask the following questions to help keep company culture “front and center:”

– Do we understand what culture is and why it’s important?  When culture is aligned to business strategy, employees will work to support business goals, which can lead to competitive advantage

– Do we agree that the cultural tone is set from the top?  HR is often charged with employing techniques to gauge culture while the executive team sets the ethical tenor for the company – boards should evaluate their executive team on culture, perhaps linking compensation or making it part of the succession process for executive leadership

– How do we know if our organization has a culture problem?  Directors can perform due diligence on management’s assertions about culture by asking questions and seeking validation through data – they can also ask whether their organization is using emerging techniques to help assess culture, such as risk-sensing technology and behavior analytic tools

– Have we made culture a regular item on our board and committee agendas?  Culture should be part of the board’s general risk oversight process – boards should move away from thinking of culture as a once-and-done exercise

– Lynn Jokela