In late June, the Supreme Court issued two opinions that should be on your radar for “human capital” (and disclosure) risks. In Groff v. DeJoy, the Court held that when it comes to accommodating employees’ religious practices, “an employer must show that the burden of granting an accommodation would result in substantial increased costs in relation to the conduct of its particular business.” In a panel I moderated for the American College of Governance Counsel right after this opinion was issued, Stanford Law’s Joe Grundfest said that this decision could open the floodgates to religious accommodation requests and will heighten risks & complexities for companies.
I’m not going to pretend to be an employment lawyer here – so consider this blog a reminder to consult with the experts. But this Goodwin memo summarizes potential implications so that you – and your board and management team – can issue-spot. Here’s an excerpt:
The Groff Court emphasized that context matters in assessing whether a religious accommodation imposes an “undue hardship” on employers. Before denying requests for religious accommodation, employers must be able to show that the cost to their business of accommodating a religious request would be excessive or unjustifiable. If relying on the burden placed on other employees as the basis of the undue hardship, employers must be able to demonstrate how the accommodation’s impact on other employees would substantially affect the conduct of the business itself. This may be an easy burden to meet when the accommodation would impose health and safety risks to co-workers. It also continues to be satisfied in the Hardison context, that is, where scheduling adjustments cannot be accommodated with collectively bargained seniority rights. However, for scheduling requests to accommodate Sabbath observance or prayer breaks, it will be harder to distinguish when burdens on other employees are sufficient create a “substantial cost” to the conduct of the business.
Many employers that implemented COVID-19 vaccine mandates received requests for exceptions from the mandates based on religious objections to vaccinations, often seeking to work remotely as an alternative to vaccination. In some cases, employers relied on the “more than a de minimis cost” language to justify the denial of such requests. Under the standard set forth in Groff, however, such an employer would be required to grant an option such as remote work, unless it could show that granting the accommodation would result in substantial increased costs in relation to the conduct of its business.
Employers should ensure that those employees who are responsible for considering religious accommodations understand that the commonly relied upon “more than a de minimis cost” language is not the legal standard for assessing undue hardship, and that instead an employer may not deny a religious accommodation based on undue hardship unless the employer faces “substantial increased costs in relation to the conduct of its particular business.” Furthermore, the decision emphasizes the need for employers to demonstrate respect for individuals’ religious beliefs, since employee or customer hostility based on religion cannot be a consideration in assessing proposed accommodations for religious beliefs or practices.
The other big end-of-term SCOTUS development that could impact “human capital” risks was the decision in two companion cases that struck down the use of “affirmative action” in college admissions. You might think that companies can ignore this holding since it directly applies only to educational institutions and isn’t interpreting the laws that specifically apply to private businesses, but this Morrison Foerster memo explains several ways in which corporate DEI programs could be affected.
Corporate governance and securities advisors need to be aware of these issues because many companies have been increasing their disclosures about DEI programs & metrics – either in SEC filings or on their websites. That means you need to be able to spot disclosures that could imply that the company is engaged in risky practices.
Beyond the disclosure, if human capital is a significant issue at your company, you may need to collaborate with the DEI team, HR, and employment lawyers to be able to update the board on management’s assessment of risks and any significant changes to practices. As the MoFo memo alludes to, a handful of companies are already facing litigation.
The memo suggests taking the following steps to mitigate risks (also see this Cooley memo):
1. Review DEI Programs for Vulnerabilities: Companies should review existing DEI efforts with an eye toward areas of vulnerability and confirm that the initiatives do not create unlawful preferences based on protected characteristics or include quotas or set asides. Employers should consider including race-neutral factors, such as socioeconomic status, first-generation professionals, and geographic diversity, which could help increase diversity in the workplace while mitigating the risk of potential challenges.
2. Review Written DEI Materials: Employers should review their DEI program materials for any statements that describe their companies’ practices in a manner that could be viewed as unlawful. In some cases, plaintiffs have used statements in DEI policies and literature to support reverse discrimination claims.
3. Justify Efforts for DEI Programs: Employers should be prepared to justify the importance of their existing DEI programs and how those programs are consistent with the law.
4. Train Leadership and Managers: Companies should ensure that their leaders and managers are educated on the benefits and objectives of the companies’ DEI and affirmative action programs. It will be important for managers to understand what DEI means and that they cannot give preferential treatment to underrepresented groups when making employment decisions.
5. Review Diversity Trainings for Risk: Employers should review current diversity trainings, including unconscious bias training, considering recent legislation aimed at limiting DEI programs and trainings that might make their programs vulnerable to attack.
6. Monitor State Laws on DEI: Companies should continue to monitor state and local laws and regulations aimed at limiting or requiring DEI efforts to ensure compliance with those laws.
All that said, the EEOC also issued a press release about the ruling, which says:
It remains lawful for employers to implement diversity, equity, inclusion, and accessibility programs that seek to ensure workers of all backgrounds are afforded equal opportunity in the workplace.
This Covington memo walks through the context of that statement, summarizes EEOC guidance that applies to DEI programs and distinguishes them from “affirmative action,” and concludes:
In considering what initiatives could be targeted for litigation, employers should give thought to the extent to which their DEI efforts and initiatives implicate tangible employment actions or, instead, promote a more equitable and inclusive work experience.
Companies may take different approaches in responding to this SCOTUS decision and the general “anti-woke” backlash. For example, some may issue statements to employees and other stakeholders that they’ll continue to prioritize DEI in a way that’s consistent with the Court’s decision, and others may decide that it’s better not to comment. I know Ngozi will be sharing her valuable perspective as a DEI leader, including thoughts on preserving a diverse talent pipeline, over on PracticalESG.
I blogged last month about the PCAOB’s “NOCLAR” proposal – which stands for “non-compliance with laws or regulations.” If adopted, the standard will significantly expand auditors’ role in analyzing legal issues and communicating them to audit committees. It will likely also affect the cost of audits. The deadline for public comment on the proposal is August 7th.
This update from Dan Goelzer – who is a former SEC General Counsel and a former PCAOB Chair, among other roles – summarizes the pros & cons of the proposal, as well as the PCAOB’s proposal from earlier this year on the general responsibilities of the audit committee. Dan also predicts how these standards will affect audit committees. Here’s an excerpt:
Comment: As discussed above, both PCAOB proposals could, if adopted, affect audit committees by expanding the scope and nature of financial reporting and legal compliance issues that auditors would be required to bring to the committee’s attention. In some ways, audit committees might benefit from this wider range of input and insight from the auditor. For example, while it may be difficult for auditors to reach conclusions as to whether GAAP financial statements are “appropriate” and optimally informative, these are the kinds of questions that audit committees (and of course management) should consider. On the other hand, as Board Member DesParte’s comments suggest, the NOCLAR proposal seems to have the potential to flood audit committees with a mass of information concerning possible legal violations that may or may not have occurred and that may or may not be significant from a financial reporting perspective. Shifting through these types of matters – which would likely be necessary once the committee is on notice of them – does not seem like an effective use of audit committee time and resources.
Because of their potential impact, audit committees may wish to ask their auditor or legal counsel to keep the committee informed of the progress of these two PCAOB initiatives.
With the SEC continuing to signal that it will finalize cyber disclosure rules sometime soon – and the Enforcement Division already pursuing and cautioning against potential disclosure shortfalls under existing rules – board are taking a fresh look at their approach to oversight on this topic. This Reed Smith memo suggests 10 questions that boards can ask to get useful info about cyber risks:
1. What and where are your company’s technology-based assets?
2. What cyber insurance does the company benefit from and when was it last reviewed?
3. How do your company’s employees and third-party contractors interact with the company’s cyber assets?
4. What are the legal, regulatory and reputational consequences of a cyberattack on your company?
5. Who at the company owns the cybersecurity risk portfolio? Does the business have sufficient capacity to deal with cybersecurity issues?
6. What cyber expertise exists at the company’s board level?
7. In the event of a cyberattack, what is the company’s plan to mitigate its impacts and consequences?
8. What is the reporting structure to the board regarding cybersecurity issues, and at what frequency does the board receive reports on cyber issues?
9. What cybersecurity policies are in place at the company? How does the company ensure that its employees, contractors and other third parties comply with the policies?
10. Specifically, how does the company ensure that online meetings are kept private and secure in the increasingly hybrid working world?
The full memo gives more color on each of these questions. While I’m not sold on the notion that every board needs a cyber committee or cyber-expert, which the commentary to Question No. 6 could be interpreted as suggesting, the question itself is still worth asking – especially if the SEC’s rule on this topic is adopted as proposed. Visit our “Cybersecurity” Practice Area for additional practical resources.
The role of Nominating & Governance Committees is getting more attention right now due to directors’ concerns about being targeted in contests under the “universal proxy” regime and the SEC’s focus on director skills and board oversight of cyber and climate risks. A recent “blueprint” from NACD & Korn Ferry (available to NACD members) compiled feedback from nominating-governance committee chairs & members at a dozen companies – resulting in recommended approaches to these 5 topics:
1. Setting board culture and expectations for directors
2. Aligning board composition with corporate strategy
3. Fostering continuous improvement in board performance
4. Improving oversight of cross-board matters that often fall to the nominating and governance committee
5. Overseeing board involvement with shareholders and other key stakeholders
This blueprint is intended to translate principles from a framework that an NACD Commission released last fall into committee-level practice tips and examples. The appendices also include templates for:
– Board Member Expectations and Responsibilities
– Questions to Consider When Updating the Nominating and Governance Committee Charter
– Inventory of Director Skills and Experiences
– Board Matrix
When it comes to board composition, your nominating & governance committee’s efforts to align director skills with corporate strategy are a major piece of the puzzle. Communicating those efforts – and the value of your directors – is also key when it comes to director elections. We’ll be discussing “Director Skills & Backgrounds: Why Your Disclosures Need a Refresh… & How To Do It” at our “Proxy Disclosure & 20th Annual Executive Compensation Conference” – which is coming up virtually on September 20th – 22nd. Hear from Davis Polk’s Ning Chiu, Gunster’s Bob Lamm, Labrador’s Judy Mayo, and Veaco Group’s Kris Veaco about the board evaluations, the recruiting & nominating process, and useful proxy disclosures.
In addition, our expert panel of Latham’s Michele Anderson, Joele Frank’s Anne Chapman, Okapi Partners’ Bruce Goldfarb, Sidley’s Kai Liekefett, and Wachtell Lipton’s Elina Tetelbaum will share practical guidance for the second year of the universal proxy regime.
The full conference agenda shows all the “can’t miss” info that we’ll cover during this three-day event. Sign up today! You can register online, by emailing sales@ccrcorp.com or by calling 800.737.1271.
John blogged last week about the difficult decision of whether to pre-release earnings. Anyone who has dealt with this knows that it is an incredibly nuanced, emotional, and high-risk issue for companies and executives. If you’re in the position of advising on this topic – whether as in-house or outside counsel – you need to be able to put yourself in the shoes of the people who will actually be delivering the bad news. That goes for executives who will be facing investors, as well as anyone who has to talk to their own higher-ups. A member sent these thoughts:
The executives often struggle with the human fear of eventually needing to speak to analysts on an earnings call and investors in 1:1’s following disappointing results. For them, any sense of a lack of candor is both embarrassing and subject to being shamed or yelled at. Discussions of pre-releasing can be particularly difficult because people may feel like they are being punished for “doing the right thing” in trying to be candid.
One suggestion for practitioners – especially in-house folks – is to not overlook the auditors. Their fear factor will go off the charts if pre-releasing is brought up. The engagement partner will worry about the national office, the national office will worry about the PCAOB pulling their papers, and all will worry about getting sued if there is a stock drop. Also, if a company pre-releases, it blows-up the timeline for the auditors quarterly procedures – or worse still, their audit. As such, getting the auditors to provide some form of indication whether they are in a position to wrap procedures quickly and with confidence becomes essential. Obviously, if a company goes out early, and the auditors find something that is not immaterial and which impacts the pre-released revenue or earnings, you’ve got a problem. This is less of an issue on the balance sheet but even a goof in the share count by a junior accountant which would have been caught in a normal cadence can cause mayhem for earnings.
And, yes, you are correct to identify the precedent issue. Fairly or unfairly, pre-releasing essentially creates a tolerance range for future results. You can disclaim that point with words, but your actions will speak louder, and they’ll hem you in.
For most companies other than smaller reporting companies, the upcoming Form 10-Q for the quarter ended June 30th will be the first report in which disclosure (and tagging) under new Item 408(a) of Regulation S-K is required. This somewhat confusing disclosure requirement applies when any officer or director adopts, modifies or terminates a Rule 10b5-1 plan, or adopts or terminates any “non-Rule 10b5–1 trading arrangement.”
A recent presentation from Latham & Georgeson suggests model disclosure for this new line item. Check out page 7 of the deck to see sample language & format for these scenarios:
In this 22-minute episode of the “Women Governance Trailblazers” podcast, Courtney Kamlet & I interviewed Maria Doughty. Maria is President and CEO of The Chicago Network, which is an organization of Chicago’s most influential senior executive women leaders and whose purpose is to empower women – of all colors, everywhere – to lead. Before that, she was the Director of Public Policy and Regulatory Examinations and Corporate Counsel for Allstate Insurance Company, where she worked for more than 20 years! Listen to hear:
1. What led Maria to leave Allstate after 20+ years and join The Chicago Network as CEO, and what the mission of The Chicago Network means to her
2. Maria’s advice for women who want to advance in board service – including her views on the value of a legal background for aspiring & current directors
3. How board experience helps women become better leaders
4. What’s surprised Maria in her career
5. What Maria thinks women in the corporate governance field can add to the current conversation on the role of corporations in society
Last month, SolarWinds filed an 8-K disclosing that certain of its current and former executive officers and employees, including its Chief Financial Officer and Chief Information Security Officer, received “Wells Notices” from the SEC’s Division of Enforcement in connection with agency’s investigation of the massive Russian cyberattack against the company. A recent BankInfoSecurity.com article says that the SEC’s unusual decision to name a corporate CISO as a potential target in an enforcement action might be a signal as to what the agency is focusing on:
It’s unusual for a CISO to receive a Wells Notice, and this SEC move could signal a whole new set of potential liabilities for CISOs, Equifax CISO Jamil Farshchi wrote in a LinkedIn post on Monday. Usually, a Wells Notice names a CEO or CFO for issues such as Ponzi schemes, accounting fraud or market manipulation, but those are unlikely to apply to a CISO, he said.
Farshchi speculated that the notice might be related to “a failure to disclose material information – things like failing to disclose the gravity of an incident or failing to do so in a timely manner could conceivably fall into this category,” he said, adding that it’s too early to know if any action will follow the Wells Notice.
“But if this is about disclosure, it shows the SEC isn’t sitting around waiting for cyber regs to be issued,” he added. “They’re taking action today.”
The issuance of a Wells Notice to SolarWinds’ CISO has attracted a lot of attention in the cybersecurity industry – and that’s likely not an unintended consequence. Maybe I’m just a cynic, but SolarWinds CISO strikes me as exactly the kind of high-profile individual that the SEC’s Division of Enforcement likes to have as a poster child when it wants to send a message through an enforcement action.
The Delaware Chancery Court recently dismissed a books & records action against The Walt Disney Company premised on alleged breaches of fiduciary duty by the company’s board arising out of its decision to publicly oppose Florida’s “Don’t Say Gay” legislation. The plaintiffs’ contended that the directors breached their duty of loyalty by placing their personal beliefs ahead of the company’s interest by taking positions that impaired its value.
This excerpt from a recent Wilson Sonsini memo on the decision summarizes Vice Chancellor Will’s reasoning:
The court conducted a trial on a paper record, and that record reflected an appropriately engaged and deliberative board. As the controversy first flared, the Disney board convened a special meeting and, shortly thereafter, held a regularly scheduled meeting to discuss the issues. Board minutes captured the board’s engagement. The record showed that Disney leadership took an increasingly public stance in the face of intensifying criticism from its employees and creative partners. Accordingly, the court noted, the board’s decision did not come “at the expense of stockholders.” Rather, the board was motivated by an understanding that “a positive relationship with employees and creative partners is crucial to Disney’s success.”
As such, the court determined that “[i]t is not for this court to question rational judgments about how promoting non-stockholder interests—be it through making a charitable contribution, paying employees higher salaries and benefits, or more general norms like promoting a particular corporate culture—ultimately promote stockholder value.” Meanwhile, no evidence supported the plaintiff’s allegation that the directors’ personal beliefs or their support of organizations that opposed HB 1557 swayed them to act contrary to the interests of the company and its stockholders.
Based on her analysis, Vice Chancellor Will ultimately concluded that the plaintiff did not establish a proper purpose for inspection because it did not sufficiently allege potential wrongdoing by the board. In an era where companies increasingly find themselves caught in the crossfire of contentious social issues, boards and their advisors are likely to find this excerpt from the Vice Chancellor’s opinion on the latitude that directors have under Delaware law exercise their business judgment to be of some comfort:
Delaware law vests directors with significant discretion to guide corporate strategy—including on social and political issues. Given the diversity of viewpoints held by directors, management, stockholders, and other stakeholders, corporate speech on external policy matters brings both risks and opportunities. The board is empowered to weigh these competing considerations and decide whether it is in the corporation’s best interest to act (or not act).