The Third Circuit filed its long-awaited opinion this week in the Trinity v. Wal-Mart case following its mid-April order reversing the District Court and allowing Wal-Mart to exclude Trinity’s proposal from its proxy under Rule 14a-8’s ordinary business exclusion. Although the Court makes clear that the disposition of each case is fact-specific, the opinion sets forth a logical framework and analysis for applicability of the exclusion.
This great opening set the stage for what I found to be a very engaging and insightful opinion:
“[T]he secret of successful retailing is to give your customers what they want.” Sam Walton, SAM WALTON: MADE IN AMERICA 173 (1993). This case involves one shareholder’s attempt to affect how Wal-Mart goes about doing that.
Notably, among other things, the Court: (i) prompted in large part by Trinity’s arguments and the District Court’s analysis, devoted substantial discussion to distinguishing a proposal’s form versus its substance (emphasizing that the latter must govern); and (ii) rejected the notion that a proposal’s call for board (as opposed to management) action magically obviates the availability of the exclusion.
Having served in-house with a retailer for almost 12 years, I also appreciated the Court’s analysis and observations about the aspects of retailing that were particularly relevant in this case. Among other insights, the Court observed that management weighs numerous factors – consumer safety, reputational, financial, competitive, etc.- in deciding what products to sell and that, although shareholders may provide valuable input, that should be the extent of their influence in this area: “Although shareholders perform a valuable service by creating awareness of social issues, they are not well-positioned to opine on basic business choices made by management.”
And finally, in a “save the best for last” conclusion, the Court expressed empathy for the many of us who deal with these issues on a regular basis, and suggested that the SEC update its proposal guidance:
Although a core business of courts is to interpret statutes and rules, our job is made difficult where agencies, after notice and comment, have hard-to-define exclusions to their rules and exceptions to those exclusions. For those who labor with the ordinary business exclusion and a social-policy exception that requires not only significance but “transcendence,” we empathize. Despite the substantial uptick in proposals attempting to raise social policy issues that bat down the business operations bar, the SEC’s last word on the subject came in the 1990s, and we have no hint that any change from it or Congress is forthcoming . . . We thus suggest that [the SEC] consider revising its regulation of proxy contests and issue fresh interpretive guidance.
Proxy Season: Uptick in Shareholder Activism Tempered by Strong Director Support
The latest Broadridge/PwC ProxyPulse and EY report both reveal a 2015 proxy season characterized by various forms of increased activism coupled with indicators that, for the most part, reflect widespread support for company practices.
Particularly noteworthy are the strong shareholder support for directors (the highest level in seven years) and say-on-pay, and EY’s S&P 500 data reflecting increasing engagement. Approximately 50% of S&P 500 companies disclose engagement with investors – up from 6% five years ago, and 18% of those disclose board involvement.
As a result of engagement:
– 46% disclose changes in practices or disclosure
– 82% disclose changes related to executive pay
– 33% disclose changes related to governance
– 12% disclose changes related to environmental or social practices
– 7% disclose changes related to general proxy disclosures/format
We continue to post new items daily on our blog – “The Mentor Blog” – for TheCorporateCounsel.net members. Members can sign up to get that blog pushed out to them via email whenever there is a new entry by simply inputting their email address on the left side of that blog. Here are some of the latest entries:
This recent, first FTC enforcement actionagainst a crowdfunding project creator is instructive. The defendant, who raised money from (and promised rewards to) individuals on Kickstarter to produce a board game, allegedly instead used the more than $122,000 obtained from 1,246 backers for personal expenses including rent, relocation, personal equipment and licenses for a different project.
Under the settlement order, the defendant is prohibited from making misrepresentations about any crowdfunding campaign and failing to honor stated refund policies, and barred from misuse of customers’ personal information. The order imposes an approximately $112,000 judgment that was suspended due to the defendant’s inability to pay, but will be due immediately if he is found to have misrepresented his financial condition.
In addition to signaling a warning to other crowdfunding project creators who may be thinking that their misdeeds are below any regulatory radar screen (which, fortunately, is not the case), the action serves as a reminder to consumers to be mindful of the risks associated with crowdfunding of this nature. See also this Securities Edgepost and WSJ blog, and this Crowdfund Insider post comparing and contrasting reward-based and equity-based crowdfunding.
I realized Crowdfunding had become mainstream when I saw this “how to” guide in my recent LA Times weekend Parade magazine.
Startup Funding Sources: Crowdfunding an Increasingly Significant Player
According to this recent policy brieffrom the Kauffman Foundation, over 20% of startups applying for loans in the first half of 2014 did so through an online loan platform, i.e., crowdfunding.
Other noteworthy stats include:
– Banks (particularly small banks) are the primary source of startup capital.
– 40% of initial startup capital is in the form of bank debt.
– Equity, primarily sourced from angel investors and venture capitalists (3% and 1%, respectively), is much rarer, but reportedly more impactful due, in part, to intangible contributions from these types of investors such as expertise and guidance.
– Venture-backed companies purportedly tend to professionalize sooner, have an increased likelihood of an IPO, and have greater post-IPO survival rates.
The brief includes a reader-friendly chart noting the primary advantages and disadvantages of each of the main funding sources.
In related news, intrastate crowdfunding was among the principle topics discussed at the SEC Advisory Committee on Small and Emerging Companies meeting last month. Among other things, committee members urged the Commission to review Rule 147 of the ’33 Act, which is deemed to be impeding the use of state crowdfunding. See this Crowdfund Insider blog.
More on “The Mentor Blog”
We continue to post new items daily on our blog – “The Mentor Blog” – for TheCorporateCounsel.net members. Members can sign up to get that blog pushed out to them via email whenever there is a new entry by simply inputting their email address on the left side of that blog. Here are some of the latest entries:
– Cybersecurity: Board Guidance – A Different Approach
– Revenue Recognition Standard: Early Adoption & Deferral
– 2015 Audit Committee Agenda
– Blackholes in the Boardroom
– Stand-Alone Conflicts of Interest Policy Considerations
As expected (see my earlier blog), the SEC issued a concept release last week on audit committee disclosure, fairly concurrently with the PCAOB’s release of its Supplemental Request for Comment on disclosure of the audit engagement partner.
The SEC’s concept release, which focuses on independent auditor oversight, acknowledges that some companies already exceed the minimum audit committee-related disclosure requirements. In fact, presumably prompted in part by the Audit Committee Collaboration’s 2013 Call to Action, as discussed in my previous blog and the CAQ’s Transparency Barometer, many companies already disclose more than the minimum across a broad spectrum of potential disclosures.
The SEC’s concept release seeks comment on whether disclosure of the audit engagement partner and additional members of the engagement team should be made by the audit committee and included in the proxy statement. In contrast, the PCAOB’s proposal would require that audit firms publicly disclose the name of the audit engagement partner and information about certain other audit participants in a new form filed with the PCAOB. The PCAOB’s proposal purportedly seeks to be responsive to concerns raised by auditors and others specifically regarding the risks of liability and litigation associated with disclosure of such information in the auditor’s report, as had been previously proposed; however, concerns expressed about the implications of identifying the engagement partner were not limited to risks of liability/litigation.
Here is an excerpt from Ning Chiu’s blog on the areas of potential additional disclosure included in the SEC’s release:
Audit committee’s oversight of the auditor:
1. Additional information regarding communications between the audit committee and the auditor, which could include all communications required under the PCAOB rules, the nature of the committee’s communication with the auditor related to the auditor’s overall audit strategy, timing, significant risks, nature and extent of specialized skill used in the audit, planned use of other firms or persons, planned use of internal audit, the basis for determining that the auditor can serve as principal auditor, the results of the audit, and how the audit committee considered these items in its oversight of the auditor
2. How often the audit committee met with the auditor
3. The audit committee review of and discussion about the auditor’s internal quality review and most recent PCAOB inspection report
4. Whether and how the audit committee assesses, promotes and reinforces the auditor’s objectivity and professional skepticism. It is unclear what the SEC is expecting in this regard and in fact, the SEC itself questions what type of disclosures would satisfy this possible requirement.
The audit committee’s process for appointing or retaining the auditor:
1. Whether and how it assesses the auditor and its rationale for retaining the auditor
2. The process for selecting the auditor through any requests for proposals (RFPs)
3. The board’s policy, if any, for a shareholder vote on auditor ratification and the consideration of the vote in selecting the auditor
Qualifications of the audit firm and members of the engagement team:
1. Disclosure of the name of the engagement partner and key members of the engagement team and their experience
2. The audit committee’s input in selecting the engagement partner
3. The number of years that the auditor has audited the company
4. Other firms involved in the audit
Both the SEC & PCAOB releases are tagged with 60-day comment periods.
SEC Charges Deloitte with Auditor Independence Violations
Coincidentally (presumably), on the same date that the SEC issued the audit committee concept release, it charged Deloitte with violating auditor independence rules when its consulting affiliate maintained a business relationship with a trustee serving on the boards and audit committees of three funds it audited. Deloitte agreed to pay more than $1 million to settle the charges. The SEC also charged the trustee with causing related reporting violations by the funds, and charged the funds’ administrator with causing related compliance violations. SEC Division of Enforcement Associate Director Stephen Cohen noted:
“The investing public depends on independent auditors like Deloitte to test the reliability of publicly-reported financial statements, and they have front-line responsibility for ensuring their own independence. But they are not alone in safeguarding the audit process, and the other fiduciaries charged in this case failed to fulfill their roles and preserve investor confidence.”
We continue to post new items daily on our blog – “The Mentor Blog” – for TheCorporateCounsel.net members. Members can sign up to get that blog pushed out to them via email whenever there is a new entry by simply inputting their email address on the left side of that blog. Here are some of the latest entries:
– Audit Committee Survey: Workload at Tipping Point?
– 2015 Cyber Risk Agenda
– Navigating Corporate Governance Hot Topics
– Study: Data Breach Preparedness
– Survey: Current (& Future) State of Compliance
The average Fortune 100 firm has a staggering 320+ social media accounts with over 200,000 followers and 1500 employee participants who make over 500,000 posts to these accounts. Proofpoint Nexgate’s latest “State of the Social Media Infrastructure” report presents these (and other) concerning results of its analysis of 32,000+ social media accounts of Fortune 100 companies:
Findings
– The average company suffered from a total of 69 unmoderated compliance incidents during the study’s 12 month research window.
– Nine different U.S. regulatory standards triggered incidents, including rules and regulations of the SEC (e.g., Reg. FD), FINRA, FTC, FDA and the UK’s FCA.
– Financial Services Standards violations dominate the field. However, improper disclosure of confidential corporate activity accounted for 118 standalone incidents (i.e., 150 additional incidents crossed categories) – consisting of information regarding layoffs and restructurings, earnings and financial updates and M&A transactions. Reg. FD violations accounted for an additional 149 incidents.
– There were over 900 “Regulated Data” incidents consisting of improper disclosure of user names/passwords, SSNs, credit card numbers, etc.
The report also offers recommendations for developing a successful social media compliance program – summarized by Compliance Week.
See also this WSJ article discussing the various state social media laws, this Corporate Compliance Insights post, and this new FTI/NYSE Law in the Boardroom survey, which found that social media ranks among the top three areas about which directors have the least amount of confidence in their GCs’ oversight. And 91% of directors and 79% of GCs affirmed that they don’t have a thorough understanding of their company’s social media risks.
This recent CEB (Corporate Executive Board) blog identifies the most important triggers, and provides a decision tree, for determining when to develop a new or update an existing policy.
CEB research found that the seven most important reasons for writing a new policy or updating an existing one are:
New risk assessment results.
Revision of the company’s code of conduct.
New internal audit findings.
Publicized failure in the same or similar industry.
Shift in business strategy.
Merger, acquisition, or other organizational change.
Geographic expansion.
See the blog’s nifty decision tree, and this CEB Policy Management Toolkit on how to create and implement a policy on policies.
More on “The Mentor Blog”
We continue to post new items daily on our blog – “The Mentor Blog” – for TheCorporateCounsel.net members. Members can sign up to get that blog pushed out to them via email whenever there is a new entry by simply inputting their email address on the left side of that blog. Here are some of the latest entries:
– Spencer Stuart Addresses Board “Refreshment”
– Avoiding & Managing Boardroom Disputes
– Using COSO to Assess & Manage Cyber Risks
– Form 10-K Preparation Tips
– How to Proactively Tackle the Director Tenure Issue
This recently published paperseeks to undermine six myths about board gender diversity. I say “seeks” only because the rebuttal to one of the myths – that concerning the cause of gender disparity in the boardroom – is premised on an assumption with which I disagree, i.e., there aren’t enough women at the top of the corporate ladder who are potential candidates for directorships.
Not only do I disagree that there aren’t enough women at the top such that board diversity could be measurably improved (at least in the U.S.), but I also and – more importantly – disagree with the assumption that being a qualified director candidate is dependent upon being at the top of the corporate ladder. However, that’s just my personal view, and certainly all of the myths and associated discrediting facts are worth consideration.
Six myths about boardroom gender diversity:
– Popular boardroom surveys provide an accurate picture of women’s relative underrepresentation. – The financial crisis would not have happened if Lehman Brothers had been Lehman Sisters. – Female directors are just like male directors. – HR directors are to blame. – Adding a woman to your board will improve shareholder value. – Quotas are necessary to improve female board representation.
See this recently released NYSE Governance/Barker Gilmore survey, which found that more than half of company director respondents believe having a GC serving as an independent director on an outside board adds value to the company, and this recent Fortune articleidentifying (based on a PwC survey) five ways boards may differ if they had more women directors.
In this interesting new article, Ivey Business School Professors Seitjs, Gandz, and Crossan and Post-Doctoral Fellow Byrne elaborate on their previously published notion that being an effective board member requires competencies, character and committment by further exploring the aspect of character.
Based on meetings and surveys with over 780 directors and prospective directors, the paper discusses in detail the important – but too often ignored – attribute of character as represented by 11 character dimensions deemed to play a critical role in director effectiveness including judgment, integrity, accountability and others.
Among other things, the survey results revealed that boards don’t spend enough time addressing or assessing the character of their director nominees, despite believing that character is very important. In that context, the article offers a number of tangible recommendations to aid the director search, evaluation and performance review processes.
We have heaps of helpful resources in our “Board Composition” Practice Area.
More on “The Mentor Blog”
We continue to post new items daily on our blog – “The Mentor Blog” – for TheCorporateCounsel.net members. Members can sign up to get that blog pushed out to them via email whenever there is a new entry by simply inputting their email address on the left side of that blog. Here are some of the latest entries:
– Code of Ethics/Conduct Primer
– Audit Committee Role in Improving Disclosure
– CEO Succession Planning Guidance for CEOs & Boards
– Addressing Key Governance Challenges in International Markets
– Study: How Board Gender Impacts M&A Decision-Making
A recently released CFA Institute study reveals significant investor concerns about current standard-setter initiatives (see FASB’s Private Company Council and Simplication Initiative) to create differential or reduced financial reporting requirements for nonpublic companies; extend certain alternative private company reporting requirements to public companies; and simplify certain public company reporting requirements. The proposed changes are purportedly driven by a desire to reduce companies’ compliance costs which, although certainly a laudable objective, presumably shouldn’t be pursued single-mindedly at the expense of impeding investors’ understanding and utility of companies’ financial performance and prospects.
The CFA Institute’s 2014 member survey found that:
– 82% of respondents believe differential standards will decrease comparability – so, create comparability challenges for those investing across public and private companies
– 73% believe differential standards will increase complexity rather than reduce it (by, e.g., prompting investors to seek alternate ways to obtain information including accessing management on a one-on-one basis; substantially raising the burdens and costs associated with going public or acquiring a private company)
– 65% believe differential standards will result in the loss of information useful to their financial analyses (e.g., reduced disaggregation of information; substituting presentation of items on the face of the financial statements by disclosure)
The report also notes that FASB is currently considering whether to extend certain private company accounting alternatives to public companies – a move favored by only 6% of CFA Institute members.
See CFA Institute’s Mohini Singh’s blog summarizing the study. For additional information, you may contact Mohini at Mohini.Singh@cfainstitute.org.
Identifying Opportunities for Nonprofit and For-Profit Boards to Learn From Each Other
In this Columbia Law School blog, Stanford Graduate School of Business Nicholas Donatiello, David Larcker and Brian Tayan discuss their recently published paper, “What Can For-Profit and Nonprofit Boards Learn from Each Other About Improving Governance?“. The thought-worthy paper focuses on lessons that for-profit and nonprofit directors can learn from each other to improve their respective governance (based in part on this recent nonprofit governance survey) including:
Lessons for Nonprofits:
– Formal governance processes
– Focus on fiduciary obligations
– Expertise and stability
Lessons for Corporate Boards:
– Balanced power with CEO
– CEO compensation
– Gender balance
We continue to post new items daily on our blog – “The Mentor Blog” – for TheCorporateCounsel.net members. Members can sign up to get that blog pushed out to them via email whenever there is a new entry by simply inputting their email address on the left side of that blog. Here are some of the latest entries:
– Vanguard Discloses Engagement/Voting Specifics
– FCPA Compliance: Third Party Diligence Framework
– Study: Investor Holding Periods Have Not Shrunk
– Germany Moves on Board Gender Diversity
– Should Directors Take a “Gap” Year?
[Hi. It’s Randi blogging again this week so, to be clear, the views I express are my own and don’t necessarily reflect those of Broc or anyone else…]
In the brief time since the SEC published the proposed Pay vs. Performance rule, there’s been a fair amount of criticism aimed at the proposal’s use of TSR as the sole “approved” metric by which investors will gauge the correlation between executive pay and corporate performance. In a perfect example of what one of my very seasoned and wise former board members during my GC days would likely characterize as the tail wagging the dog, investors’ desire for comparability across companies is trumping the proposal’s use of performance metrics that actually make sense given each company’s unique facts and circumstances and that drive behavior consistent with a long-term view.
In case you’ve just joined the fray, here’s just a sampling of recent, relevant critiques:
– LA Times columnist Michael Hiltzik shared his passionate critique of the rule proposal, noting (among other things) TSR’s imperfect correlation with corporate performance and its short-termism focus, i.e., tendency to drive executive behaviors that will boost TSR, but harm the company over the long-term. Hiltzik also criticizes the rule’s focus on “shareholder value” to the exclusion of everything else – a focus that ultimately distorts corporate behavior to the detriment of the broader economy.
– Based on its recently reported analysis of the link between various LTI measures and corporate performance, FEI concluded that TSR was the worst performance measure to drive positive corporate performance:
TSR, particularly on a relative basis, is a poor LTI measure. For the majority of companies granting performance-based grants, relative TSR is a commonly used performance measure. However, using TSR as a measure has a negative influence on company performance, except in the case where it has been used as a performance measure for each of the past five years. Moreover, TSR, particularly when measured against a group of companies (including a stock index), does not motivate executives, and is similar to a stock option in its nature (another form of lottery ticket), as it does not provide the line of sight necessary for oversight.
– The IRRC Institute submitted this comment letter to the SEC accompanied by recently published research on pay and performance alignment, which found a disconnect between TSR and performance:
“[T]he focus on share price appreciation through total shareholder return (TSR) obscures more than it reveals with share price as a capital markets performance metric. Factors which impact TSR such as fund flows, central bank policies, macroeconomics, geo-political risks and regulatory changes are all beyond the control of executive management.
– In this Fortune commentary, Eleanor Bloxham describes the proposal’s use of TSR as encouraging pay incentives that “fuel crisis”:
The American Bar Association and the Center on Executive Compensation, among others, have opposed the SEC’s prescriptive approach to this rule. In choosing total shareholder return (a measure of a company’s stock market price and dividends), the SEC admits that pay disclosure may have nothing to do with the actual way in which a corporate board makes compensation decisions. The problem is that this kind of measure may now have an influence on such decisions. Boards should not reward executives based on stock performance or dividends paid. They should reward executives based on the operational measures the executives in that company should be focusing on and can control. As a basis for incentives, a company’s stock price promotes undesirable CEO behavior, the kind that can lead to volatile swings in the economy. Those incentives helped fuel both the financial crisis and the stock market rout following the misdeeds of Enron and WorldCom’s top executives. Similarly, increasing dividends is not always wise, because they can strip a firm of the assets needed to make valuable long-term investments and the liquidity required to weather rocky times. The SEC should have required that companies report on the financial performance measures they currently use to determine compensation. Then, investors could sort out which companies actually understand performance measurement and which ones are clueless.
– In this recent article, Semler Brossy identifies TSR as a “flawed” incentive measure, noting:
Relative TSR rewards volatility more than steady performance. As they say, every dog has its day, and this is certainly true with relative TSR. We measured TSR for hundreds of companies over the recent 20 years and found that even long-term, bottom-quartile TSR performers can reach top-quartile heights in a given three-year measurement period — generally by ‘bouncing’ from a low share price. Further, relative TSR does little by way of focusing executives’ attention or driving behavior. Executives respond positively to incentive measures that reflect their day-to-day responsibilities. Rewards based on relative TSR are an affirmation of company success but do little to set the path to performance at the outset of a measurement period.
– Last but not least (for now), Steve Quinlivan shared these observations about the disconnect between TSR and executive pay:
What aberrations may exist? First, there may be no link at all between executive pay and TSR. This isn’t necessarily a governance faux pas. Executive pay may well have increased because of improved financial metrics the compensation committee chose wisely to reward while the stock price declined because of general market conditions beyond the executives’ control. Sure, the SEC invites the company to explain the reasons and to submit alternative measures of performance, but that will be hard to do without making it look like an apology. Perhaps this will engender a trend to tie incentives to TSR to make the discussion easy and that may not universally by the best thing for companies to do.
SEC Enforcement: Ongoing Choice of Forum Debate
This recent WSJ op-ed addresses the fact that the SEC’s Enforcement Staff’s recently issued guidance to forum selection in contested actions generally was not well-received by those who had criticized the apparent lack of objective criteria driving determinations about whether an action would be brought in federal district court or in an administrative proceeding before an ALJ. The authors, former director of the SEC’s Division of Enforcement and former SEC chief litigation counsel, suggest the SEC take these steps to “reclaim the high ground”:
– Develop meaningful, objective criteria for exercising its discretion to bring matters in-house that is the product of input from interested parties, including the defense bar
– Modernize the rules of procedure governing its in-house proceedings
– Avoid finding, on appeal, additional violations and imposing additional penalties beyond those assessed by the ALJs, who are independent government employees
See this recent blog discussing an ALJ’s denial of an accused’s request for more information about the Commission’s forum selection process, and memos about Enforcement’s recent guidance, which are posted in our “SEC Enforcement” Practice Area.
More on “The Mentor Blog”
We continue to post new items daily on our blog – “The Mentor Blog” – for TheCorporateCounsel.net members. Members can sign up to get that blog pushed out to them via email whenever there is a new entry by simply inputting their email address on the left side of that blog. Here are some of the latest entries:
– Investors & Directors: Understanding & Bridging the Gaps
– Bolstering Compliance Programs: Compliance & Ethics Liaisons
– Old COSO Internal Controls Framework: “Qualified Pass” for 2014
– FCPA: SEC’s Director of Enforcement Talks Compliance Programs
– Overlapping Audit & Compensation Committee Memberships: Pros & Cons
This new KPA Advisory report, based on a recent survey of over 80 major pension funds, identifies a positive correlation between the quality of institutional investors’ internal corporate governance practices and their long-term investment practices. The findings further suggest that better internal governance actually drives long-term investing.
Unfortunately, however, it appears (based on the current as well as prior surveys) that there are significant governance deficits and long-term investing “aspiration vs. reality” gaps that need to be addressed to minimize short-termism and – instead – promote a long-term investment approach.
Principle governance deficits include:
– Board selection and improvement processes continue to be flawed in many cases.
– Board oversight function in many organizations needs to be more clearly defined and executed.
– Competition for senior management and investment talent is often hampered by uncompetitive compensation structures.
Barriers to long-term investing include:
– Regulations that force short-term thinking and acting
– Short-term, peer-sensitive environment that makes it difficult to truly think and act long-term
– Absence of a clear investment model, performance metrics and language that fit a long-term mindset
– Alignment difficulties in outsourcing, and compensation barriers to in-sourcing
This CFA Institute blog – which discusses short-termism factors identified in the report, as well as the short-termism problem more generally – suggests that the time has come for a global set of standards and curricula to govern fund fiduciaries.
See also this 2013 Focusing Capital on the Long Term initiative-driven study revealing perceptions that short-term result pressures have been intensifying – which was the impetus for the current KPA Advisory project.
Building a Board for the Long-Term
This new Spencer Stuart publication is part of a more comprehensive essay collection reflecting the views of CEOs, directors, investors and regulators about what it will take to change current behaviors among companies and investors that compromise long-term growth for short-term gain. The paper provides guidance to boards on how to avoid succumbing to short-termism pressures and act – instead – consistently with a long-term view.
The essay collection is part of the broader Focusing Capital on the Long Term initiative co-founded by CPPIB (Canadian Pension Plan Investment Board) and McKinsey in 2013 to develop practical approaches for longer-term behaviors among both companies and investors.
More on “The Mentor Blog”
We continue to post new items daily on our blog – “The Mentor Blog” – for TheCorporateCounsel.net members. Members can sign up to get that blog pushed out to them via email whenever there is a new entry by simply inputting their email address on the left side of that blog. Here are some of the latest entries:
– Cybersecurity Guidance for Directors
– Directors Logging Many Hours for Board Service
– OECD’s Draft Updated Principles Support Proxy Access
– Under Attack: The SEC’s Use of Administrative Law Judges in Enforcement Actions
– Fine-Tuning Your Section 16 Reporting
This new white paper from Foley provides a practical, easy-to-follow blueprint for directors and officers to tackle cybersecurity. Notably, the paper includes individual “bite-sized” checklists of important considerations covering each of the key elements of a compliance & risk management program. Here are the 10 key elements – each of which is capably addressed with a targeted checklist:
10 Key Elements of a Cybersecurity Risk Management Program
– Incident Management
– User Education and Awareness
– Managing User Privileges
– Home and Mobile Working
– Removable Media Controls
– Malware Protection
– Monitoring
– Secure Configuration
– Network Security
– Cybersecurity Insurance
The paper also includes an information security “policy library” that identifies the most critical policies (e.g., access control, BYOD (bring your own device)) companies should consider as part of their compliance program, and an appendix defining key security concepts.
Effective Use of Internal Audit in Cybersecurity
This new Compliance Week article discusses ways in which companies can tap their internal audit staff to assist with their cybersecurity program, including:
Cybersecurity risk assessment
Identification and inventory of the company’s most important data
Vulnerability testing (to some extent – subject to avoiding independence impairment)
Identification of potential consequences of vulnerabilities
Validation of company’s response plan
Monitoring and periodic testing of program effectiveness
While internal audit functions vary widely, if the company isn’t utilizing internal audit in its cybersecurity assessment and compliance efforts, it’s likely under-utilizing a key resource.
– Substantiation rates for retaliation reports spiked from a consistently historical 10-12% to 27%
– Substantiation rates for repeat reporters are higher than rates for first-time reporters
– Five-year trend of rising report volume continues
– Case closure times continue to climb
– Low rate of anonymous reporters who follow up with their initial report still worryingly low
– Allegations vs. inquiries reveal a fairly steady 80%/20% split
The increasing substantiation rate (i.e., rate of allegations determined to have at least some merit) for retaliation reports – which more than doubled in 2014 compared to 2013 – is particularly noteworthy. As NAVEX Chief Compliance Officer, SVP Carrie Penman noted, while the statistic could be an anomaly, the SEC’s “recent focus on retaliation has caused companies to take a deep dive into these allegations.” Widely publicized, the WSJ recently reported that the SEC sent letters to a number of companies seeking copies of employment agreements and confidentiality training materials since Dodd-Frank’s 2010 effective date that might indicate attempts to stifle employee reporting to the SEC in violation of the law.
Also significant is the higher substantiation rate for repeat reporters. This is important because – at least historically – there has been concern that companies may perceive repeat reporters/complainants as less credible – a practice that SEC Chair White has cautioned against in the past.
See also this more recent WSJ article noting potential challenges to the SEC’s authority to enforce Dodd-Frank’s anti-retaliation provisions.
How to Handle Informal SEC Communications
This recent Compliance Week article provides guidance about how to handle informal SEC communications – including informal requests for information such as the SEC’s recent whistleblower-related inquiry.
According to former SEC enforcement attorney BakerHostetler’s Marc Powers, “Cooperation with the SEC may be in a company’s best interest, but compliance has to be carefully planned and considered. No matter how friendly the voice on the other end of the phone may be, or how cordial a letter is, regulators are not paid to be your friend. ‘If it is an enforcement group, their primary goal is to ferret out wrongdoing from whatever the situation.'”
The article also provides some useful tips from SEC Deputy Chief Accountant Dan Murdock’s remarks at the December 2014 AICPA Conference and, more recently, PLI’s 2015 SEC Speaks conference, about how to most appropriately utilize Staff’s frequent speeches – which often appear to be guidance-like in nature, but are almost always qualified as reflecting the views of the speaker only, not the SEC. For example, he characterized such speeches as generally having a five-year shelf life due to, among other things, evolving staff thinking and business models.
More on “The Mentor Blog”
We continue to post new items daily on our blog – “The Mentor Blog” – for TheCorporateCounsel.net members. Members can sign up to get that blog pushed out to them via email whenever there is a new entry by simply inputting their email address on the left side of that blog. Here are some of the latest entries:
– Are Nominating/Governance Committee Chairs Undervalued?
– CEO Involvement in CEO Succession
– Practical Guidance on Internal Audit Independence
– Enhancing COSO’s ERM Framework
– Bigger Penalties When Whistleblowers Involved