October 26, 2018

Glass Lewis Issues ’19 Voting Guidelines

As noted on their blog, Glass Lewis has posted its 2019 Voting Guidelines. As always, page 1 of the Guidelines summarizes the policy changes – and we will be posting memos in our “Proxy Advisors” Practice Area. Changes include:

Board Gender Diversity: The policy announced last year will take effect in 2019 – Glass Lewis will generally recommend voting against the nominating committee chair of a board that has no female members, but they’ll closely examine the company’s disclosure of its board diversity considerations and other relevant contextual factors.

Conflicting & Excluded Proposals: The policy lays out how Glass Lewis will evaluate conflicting proposals on special meeting rights – for one thing, they’ll typically recommend against members of the nominating & governance committee when a company excludes a shareholder proposal in favor of a management proposal of an existing special meeting right. And in limited circumstances, Glass Lewis may recommend against members of the governance committee if a company excludes any conflicting proposal based on no-action relief, if Glass Lewis believes the exclusion is detrimental to shareholders. See this blog from Davis Polk’s Ning Chiu.

Diversity Reporting: Glass Lewis will now generally recommend in favor of shareholder proposals requesting additional disclosure on employee diversity and those requesting additional disclosure on the steps that companies are taking to promote diversity within their workforces.

Environmental & Social Risk Oversight: Glass Lewis has codified its approach to reviewing how boards are overseeing environmental and social issues – if mismanagement of these risks has threatened or diminished shareholder value, Glass Lewis may recommend against the directors responsible for E&S oversight.

Officer & Director Compensation: In its say-on-pay recommendation, Glass Lewis will consider excise tax gross-ups, severance and sign-on arrangements, grants of front-loaded awards, clawback provisions, and CD&A disclosure for smaller reporting companies. And they’ve clarified their approach to peer groups, pay-for-performance, the use of discretion, director compensation and bonus plans.

Auditor Ratification: Glass Lewis will consider additional factors for auditor ratification proposals, including the auditor’s tenure, a pattern of inaccurate audits, and any ongoing litigation
or significant controversies which call into question an auditor’s effectiveness. In limited cases, these factors may contribute to a recommendation against auditor ratification.

Virtual Shareholder Meetings: The policy announced last year will take effect in 2019. For companies opting to hold their annual meeting by virtual means, and without the option of attending in person, Glass Lewis will examine the company’s disclosure of its virtual meeting procedures and may recommend voting against the members of the governance committee if the disclosure does not ensure that shareholders will be afforded the same rights and opportunities to participate as they would at an in-person meeting.

Written Consent Shareholder Proposals: In instances where companies have adopted proxy access and a special meeting right of 15% or lower, Glass Lewis will generally recommend against shareholder proposals requesting that companies adopt a shareholder right to action by written consent.

Clarifying Updates: No changes here, but Glass Lewis has codified its approach to director and officer indemnification, quorum requirements, director recommendations on the basis of company performance, and OTC-listed companies.

Dual-Class: CII Petitions Exchanges to Require Sunset

On Wednesday, CII announced that it had filed an NYSE petition and a Nasdaq petition to curb listings of dual-class companies. Specifically, the petitions ask the exchanges to amend their listing standards to require that – going forward – companies seeking to list that have multiple share classes with differential voting rights include in their governing documents provisions that convert the share structure within seven years of the IPO to “one, share-one, vote.”

The petitions have support from BlackRock, T. Rowe Price, CalSTRS and CalPERS. CII cites several factors that support the concept of time-based sunsets, and also observes:

The SEC believes it lacks the statutory authority to compel U.S. exchanges to amend their listing rules. Over the past year, providers of benchmark indexes — FTSE Russell, MSCI and S&P Dow Jones — have stepped into the breach, with varying curbs on multi-class companies in indexes that are used widely by institutional investors. A listing standard would put all dual-class companies on the same footing.

Director Survey: Lots of Underperforming Colleagues

Here are the top findings from PwC’s annual survey of 700 directors:

– 45% of directors think that at least one person on their board should be replaced – and only 30% think their board is “very effective” at dealing with underperforming directors

– 94% agree that board diversity brings unique perspectives to the boardroom – and 84% think it enhances board performance. But 52% think board diversity efforts are driven by political correctness – and 48% think shareholders are too preoccupied with the topic

To me, these responses imply that directors do see the value in diversity – but are frustrated about being pushed to refresh their boards (even underperforming directors have staying power) and look for new directors outside of their typical network. Which means they’ll get to it when they’re good & ready, dagnabbit! Also, keep in mind that over 75% of the survey participants aren’t diverse and are likely accustomed to the status quo (the survey details some pretty wide gaps in perspective between female & male directors).

The survey also looks at other “hot topics,” like cybersecurity and the board’s evolving role in overseeing corporate culture. Here’s what directors think about those subjects:

– 87% of directors think that inappropriate tone at the top leads to problems – while 79% also blame middle management and 74% point to “short-termism”

– 71% think that employee engagement surveys are one of the best ways to scope out problems with corporate culture

– The percentage of directors that said company strategy should “very much” take social issues such as health care, resource scarcity and human rights into account increased between 7 to 10 percentage points from last year

– Boards continue to shift responsibility for oversight of cybersecurity – 36% of directors say the job falls to their full board, up from 30% last year – and 21% say their board has moved cybersecurity oversight from one committee to another

Liz Dunshee

October 25, 2018

SOX 404: Excluding New Acquisition from Report a Red Flag?

Corp Fin has long permitted businesses acquired during the current fiscal year to be excluded from management’s report on internal control over financial reporting – but a recent study says that you may want to think twice before you opt to do that. This “Audit Analytics” blog discusses the study’s conclusions. Here’s an excerpt:

A recent academic paper provides some insight into acquisitions that may generate negative returns to investors. In the “Costs and benefits of internal control audits: Evidence from M&A transactions”, Kravet found evidence that acquisition targets that were excluded from the assessment of internal controls by the acquiring companies generated statistically significant negative stock returns of 0.8% at the time of the exemption announcement (typically, months after the acquisition news hits the market).

The authors identified statistically significant negative returns of 8.8% and 12% for the period of two and three years after the exemption announcement, indicating that negative outcomes are not fully priced at the announcement date. In addition to negative stock returns, Kravet associated acquiring companies that elect to exclude acquisition targets from control assessments with other negative outcomes, such as higher likelihood of goodwill impairments, lower return on investment, higher probability of a financial restatement and overall lower quality of financial reporting.

As a practical matter, the blog says that a company’s decision to take advantage of the SOX 404 exemption for a newly-acquired company provides an early warning that it may need more scrutiny on a going forward basis.

More SOX 404: Management-Only Reports & Auditor’s Attestations

Audit Analytics seems to be locked-in on Sarbanes-Oxley 404 reporting lately – in addition to its analysis of the potential “red flags” associated with excluding acquisitions from management’s report on ICFR, this recent blog discusses its report on 14 years of trends in auditor’s attestations & management-only SOX 404 assessments.

If you’ve ever read Audit Analytics’ stuff, you know that there’s great information there, but pulling it together sometimes takes a little effort.  Fortunately for me, Cooley’s Cydney Posner’s done that work so I don’t have to. Check out this excerpt from her recent blog summarizing the report’s conclusions about trends in auditor attestations:

Starting in 2004, there were 454 adverse auditor attestations (or 15.9% of the total population of attestations). That number increased in 2005 to a high of 492 (although declining as a percentage to 12.6%), but then tiptoed down to a low of 141 (3.5%) in 2010.

Arguably, following SOX, the introduction of auditor attestations imposed some discipline on the process, which led initially to the identification of more ICFR issues, but declined thereafter as companies began to get a better handle on the process. After that, the number steadily rose again to hit 246 (6.7%) in 2016, which the analysis attributes to more aggressive oversight from the PCAOB. In 2017, the number of adverse attestations declined to 176 (4.9%), a 28% decrease and the first decline since 2010.

Cydney points out that trends in the management-only assessments that non-accelerated filers provide don’t exactly line-up with those for reports including auditors’ attestations:

The first year non-accelerated filers were required to make assessments was 2007. In that year, there were 1,089 adverse assessments, representing 30% of small companies. The number rose to a high of 1,727 (34.9%) in 2010—curiously, a year when adverse auditor attestations were at their low point. Unlike auditor attestations, the numbers were almost identical for the period from 2011 to 2013 at around 1,616; however, the percentages varied from 35.6% to 39.5%.

Although the number dipped in 2014 to 1,556, the percentage of smaller companies with management reports showing ineffective ICFR reached a high in that year of 40.8%, then dipped every year after. In 2017, the number fell to 1,191 (38.1%). The most startling aspect of the analysis here is that at least one-third of non-accelerated filers disclosed ineffective ICFR every year, reaching a high of almost 41% in 2014.

Transcript: “Blockchain in M&A”

We have posted the transcript for the recent DealLawyers.com webcast: “Blockchain in M&A.”

John Jenkins

October 24, 2018

Shareholder Proposals: Corp Fin’s New Staff Legal Bulletin!

Yesterday, Corp Fin issued Staff Legal Bulletin No. 14J – which follows up on last year’s Staff Legal Bulletin No.14I and provides additional guidance on the application of the “economic relevance” and “ordinary business” exclusions to shareholder proposals submitted under Rule 14a-8. We’ll be posting the memos in our “Shareholder Proposals” Practice Area as they come in (here’s Ning Chiu’s blog on it).

Last year’s SLB 14I addressed, among other things, the scope & application of Rule14a-8(i)(5) (the “economic relevance” exception) & Rule 14a-8(i)(7) (the “ordinary business” exception). That SLB also invited companies to include in their no-action requests a discussion of the board’s analysis of the policy issue raised by the shareholder proposal and its significance in relation to the company.

The new SLB 14J reviews the Staff’s experience with these no-action requests during this year’s proxy season and highlights the discussions of the board’s analysis that were most helpful.  From Corp Fin’s perspective, the best of these submissions focused on the board’s consideration of specific substantive factors in reaching its conclusions.  This new SLB specifies several of these substantive factors:

– The extent to which the proposal relates to the company’s core business activities.
– Quantitative data, including financial statement impact, related to the matter that illustrate whether or not a matter is significant to the company.
– Whether the company has already addressed the issue in some manner, including the differences – or the delta – between the proposal’s specific request and the actions the company has already taken, and an analysis of whether the delta presents a significant policy issue for the company.
– The extent of shareholder engagement on the issue and the level of shareholder interest expressed through that engagement.
– Whether anyone other than the proponent has requested the type of action or information sought by the proposal.
– Whether the company’s shareholders have previously voted on the matter and the board’s views as to the related voting results.

SLB 14J also addresses the application of the ordinary business exclusion to proposals relating to executive and director compensation.  In particular, it provides further guidance on the circumstances under which proposals implicating the following issues may be excludable:

– Senior executive and/or director compensation and ordinary business matters.
– Aspects of senior executive and/or director compensation that are also available or applicable to the general workforce.
– Micromanagement of senior executive and/or director compensation practices

Sustainability: A Low Priority for Institutional Investors?

According to a recent survey, most institutional investors still don’t prioritize sustainability in making their investment decisions. This article summarizes the study:

Sustainable investing is a low priority issue for most institutional investors, according to a survey by Schroders. The UK-listed asset manager polled 650 investors around the world running $24trn (€20.6trn) and found that, although they expected sustainable investing to become a bigger issue in the next few years, it was not currently a high priority for most.

Almost a third (32%) of those questioned by Schroders said that how sustainable an investment was had “little to no influence” on the decision to buy. Factors such as a manager’s track record, expected return and risk tolerance were all more important factors, investors said.

There is a silver lining in the survey’s results for sustainability advocates – nearly 75% of respondents said sustainable investment would become more important over the next five years, and half have increased their allocations to sustainable investments during the past five years.

Activism: Dealing with Shareholder-Nominated Directors

With activists increasingly winning representation on public company boards, many GCs are seeking guidance on how to deal with these new directors.  This Ropes & Gray article provides insight into how to address some of the more difficult issues that arise with the election of a shareholder’s representative to the board.  This excerpt discusses how to approach the director’s sharing of information with the activist:

When a shareholder-nominated director is clearly the representative of the shareholder, the shareholder is generally entitled to receive the information that the director receives.  Since the shareholder-nominated director generally has access to all company information, this effectively means that the shareholder likewise has access to all company information.

In light of the reality and general acceptability of the shareholder-nominated director’s sharing of confidential and/or privileged company information with the shareholder, company counsel should seek, before the shareholder-nominated director takes office, to have the shareholder sign an NDA restricting the shareholder’s disclosure and use of such information.

While the general rule is that information sharing is permissible, the article goes on to address situations in which it might be a breach of the director’s fiduciary duty to provide confidential information to the activist.

John Jenkins

October 23, 2018

Cybersecurity: Fortune 100 Disclosure Practices

The SEC continues to ratchet up its scrutiny of cybersecurity issues. It issued disclosure guidance earlier this year & recently turned its attention to internal control implications of cybersecurity lapses.  But are companies getting the message?

This recent EY report provides some clues on the disclosure front.  It analyzes cybersecurity-related disclosures of Fortune 100 companies in proxy statements and Form 10-K filings. Not surprisingly, disclosure practices vary widely. Here are some some key findings:

– 84% of companies disclosed that at least one board-level committee was designated oversight of cybersecurity matters. At the same time, around 25% identified one or more “point persons” among the management team on cyber – e.g., the CISO or CIO.

– All companies included cybersecurity as a risk factor. In comparison, less than 15% voluntarily highlighted cybersecurity as a strategic focus in the proxy statement.

– 71% of companies described efforts to mitigate cybersecurity risk and 30% specifically referenced response planning, disaster recovery or business continuity considerations.

The report notes that cybersecurity risk management and incidents and related disclosures are a critical issue for investors & other key stakeholders. The SEC’s guidance & its high-profile enforcement proceeding involving Yahoo’s data breach indicate that this topic remains high on regulators’ list as well.

Cybersecurity: Board Oversight of a Dynamic Threat Environment

There’s also evidence to suggest that boards are taking cybersecurity threats – and the board’s oversight role in corporate efforts to prevent breaches – more seriously. For example, this recent EY memo reports on a recent cybersecurity board summit, in which 30 directors & other panelists participated. Here are some of the key takeaways:

– The board’s role is not cybersecurity risk management; it is cybersecurity risk oversight.
– Boards may need to restructure their committees and develop new charters to adequately oversee cybersecurity risk management.
– Directors want and need more education on cybersecurity risk.
– Boards need to engage a third party to independently and objectively assess whether the company’s cybersecurity risk management program and controls are meeting its objectives.
– These third parties should have direct dialogue with the board to report on the effectiveness of the company’s cybersecurity risk management program.
– Boards and companies need to adequately plan for a cybersecurity crisis, including having an arrangement with all their third-party specialists in place before a crisis hits.
– The board and management need to routinely practice the cybersecurity response plan.
– Management should consider providing the board regular updates with key metrics on critical cybersecurity controls communicated in plain English.

The memo notes that while improved detection efforts may increase the rate of cyber-related incidents, the rate of noteworthy incidents should decline as organizations improve how they manage and contain these incidents.

I’ve noticed that I blog a lot about cybersecurity. Maybe that’s because I’m a “Mr. Robot” fan – and I think anybody who’s watched that show probably has a bit of a knot in their stomach when they consider just how plausible the whole scenario of a truly devastating cyber-attack seems to be.

Theranos: “Things Fall Apart”

Despite my best efforts, I actually learned a few things in my college English classes. For example, I learned that everything Emily Dickinson wrote can be sung to the tune of “The Yellow Rose of Texas.” I also learned that John Keats’ last name is pronounced “Keets” & W.B. Yeats’ last name is pronounced “Yates.”

I also picked up a few lines from Yeats’ “The Second Coming”, one of which is “Things fall apart; the centre cannot hold.” That line came to mind when I read this article from MarketWatch’s Francine McKenna detailing the last days of Theranos. Check it out.

John Jenkins

October 22, 2018

Coming Soon(ish): SEC’s “Semi-Annual Reporting” Proposal

Back in August, President Trump asked the SEC to study the possibility of moving from quarterly to semi-annual reporting for public companies. We then blogged the reaction to this concept from a number of quarters. And a few weeks ago, SEC Chair Clayton indicated that the push for semi-annual reporting wouldn’t go too far.

Apparently, Chair Clayton’s comments may have been misinterpreted because the latest “Reg Flex Agenda” – posted last week – indicates that a proposal for semi-annual reporting is forthcoming (or at least, it’s in the “prerule” stage – as compared to the “proposed rule” stage). And since the Chair has indicated that his Reg Flex Agendas don’t need to be taken with a grain of salt, we really might expect to see a proposal from the SEC in the ‘shorter rather than longer’ term (meaning over the next year IMHO). In fact, a SEC spokesperson noted in this Reuters article that Chair Clayton was expecting to consider this type of rulemaking even before the President tweeted about it (hat tip to Cydney’s blog)!

Other forthcoming proposals include:

Overhaul of Reg S-K
Narrowing ‘Accelerated Filer’ Definition
Amendments to Rule 3-05 of Reg S-X
Resource Extraction Payment Disclosures
Extending Jobs Act’s ‘Testing the Waters’ to Non-EGCs
Expanding Availability of Reg A

And these open rulemakings remain on the ‘long-term’ burner: clawbacks; pay-for-performance; conflict minerals; universal proxy; board diversity disclosures; proxy plumbing – and a proposal based on the recent Rule 701/Form S-8 concept release…

Some Pay Ratio Stats (Military Below 5:1)

During the keynote of our recent “Proxy Disclosure/Executive Compensation Conference,” Steven Clifford noted that the pay ratio in the US military is less than 5:1. And this Labrador blog covers our conference including these pay ratio stats:

– Average ratio for S&P 500 companies was 160:1
– For the Fortune 1000, it was 158:1
– For the Russell 3000, it was 71:1
– Median employee pay was $69,000 for S&P500 versus $108,000 for the tech industry
– Highest ratios were in retail, consumer discretionary and consumer staples and materials
– Lowest ratios were in financials, healthcare and utilities
– 19% of the Russell 3000 provided some sort of supplemental pay disclosure such as adjusted workforce, full-time only employees used to find median or adjusted CEO pay due to one-time awards
– Some companies noted a low pay ratio this year due to caveats to prepare for higher ratios in the future

“101 Pro Tips – Career Advice for the Ages” Paperback!

I just ordered a bunch more of our latest paperback – “101 Pro Tips – Career Advice for the Ages” Paperback – from the printers because they flew off our shelves. Here’s the “Table of Contents.” It’s free for members of TheCorporateCounsel.net (but it does cost $20 in shipping & handling).

This book is designed for fairly young lawyers – both in law firms and in companies. It’s written in an “easy to read” style, complete with some stories & anecdotes to make it interesting. A fairly unique offering in our field. This is a unique offering – and I’m pretty happy about how it came out. Members can request it now.

Broc Romanek

October 19, 2018

CEO & Investor Group Issues “Commonsense Governance Principles 2.0”

Yesterday, a group of heavy-hitter CEOs & institutional investors issued “Commonsense Governance Principles 2.0,” an updated version of the high-level list of principles that the group originally promulgated in 2016.

Like the prior version, the updated principles are intended to provide a basic framework for sound, long-term-oriented corporate governance for public companies, their boards & their institutional shareholders. According to this press release announcing the updated governance principles, changes from the prior version include:

– Board members should be prepared to serve for a minimum of three years.
– If board elections are not annual, companies should explain why.
– Companies and shareholders are encouraged to engage early on important proxy proposals.
– Companies should allow some form of proxy access.
– Poison pills and other anti-takeover defenses should be put to a shareholder vote and re-evaluated by the board on a periodic basis.
– Asset managers should disclose if they rely on proxy advisors to inform their decision making.
– Asset managers should disclose their conflict of interest policies in their proxy voting and shareholder engagement activities.
– Portfolio managers should be compensated based on performance over an appropriate term, given the strategy and investment time horizon for the portfolio.
– Asset owners should promote sound, long-term oriented governance in their direct interactions with both companies and asset managers.
– Asset owners should use benchmarks and performance reports consistent with their investment time horizon to affect governance outcomes with asset managers and evaluate the asset managers’ performance on both investment returns and governance.

Early returns indicate that the new principles are likely to be well-received by investor groups. For instance, the CII issued a press release “applauding” the updated version, which it says represents a “significant improvement” over the original. More information, including an “open letter” from the signatories, is available at the group’s website.

ISS Policy Survey: Pay-for-Performance & Board Gender Diversity

Yesterday, ISS opened its “Annual Policy Survey.” For the US, the two main areas open for comment are board gender diversity – and financial performance assessment methodology.

As always, this is the next step for ISS as it formulates its 2019 voting policies. Comments are due by November 1st. Final policy changes are expected in mid-November…

Blockchain & Beyond: SEC Introduces “FinHub” for FinTech 

Yesterday, the SEC announced the launch of “FinHub” – its new “strategic hub for innovation and financial technology.” According to the press release, FinHub will serve as a resource for public engagement on blockchain & other FinTech-related issues and initiatives.

In addition to blockchain and digital assets, issues & initiatives encompassed by FinHub include automated investment advice, digital marketplace financing, and artificial intelligence/machine learning. It’s intended to replace several existing SEC working groups that have focused on similar issues. According to the release, FinHub will:

– Provide a portal for industry and the public to engage directly with SEC staff on innovative ideas and technological developments;
– Publicize information regarding the SEC’s activities and initiatives involving FinTech on the FinHub page;
– Engage with the public through publications and events, including a FinTech Forum focusing on distributed ledger technology and digital assets planned for 2019;
– Act as a platform and clearinghouse for SEC staff to acquire and disseminate information and FinTech-related knowledge within the agency; and
– Serve as a liaison to other domestic and international regulators regarding emerging technologies in financial, regulatory, and supervisory systems.

FinHub also replaces the FinTech@secgov address established in connection with the SEC’s 21(a) Report on the status of digital assets under the Securities Act – and provides a form that may be used to contact the Staff to arrange a meeting or request assistance with FinTech issues.

John Jenkins

October 18, 2018

Cross-Border Exemptions: 27 New CDIs Replace & Update Telephone Interps

Earlier this year, Broc blogged about the Staff’s efforts to complete its decade-long project of transitioning from its legacy “Telephone Interpretations” guidance to CDIs.  Yesterday, Corp Fin reached another milestone when it issued 27 new CDIs to replace the interps contained in Section II of the July 2001 Supplement dealing with cross-border exemptions. Here’s the inventory:

– 5 CDIs (101.03, 103.01, 104.02, 104.03, & 104.05) reflect substantive changes to the Telephone Interps

– 2 CDIs (100.04 &101.01) reflect technical revisions to the Telephone Interps

– 4 CDIs (100.01, 101.09, 104.04, & 105.01) reflect only non-substantive changes to the Telephone Interps

– The remaining 16 CDIs are newly published interpretations

Tweet Fight! Nell Minow v. Main Street Investors Coalition

Governance guru Nell Minow is not shy about calling things as she sees them – and her cavalcade of Twitter blasts against the NAM-backed “Main Street Investors Coalition” is a good example of that.

Here’s how this has been playing out – every time @MainStInvestors tweets, @NMinow fires back a response. She usually starts by highlighting the organization’s ties to CEOs and raising questions about its funding sources – and sometimes goes on from there. Here’s a recent example. I called this a “tweet fight,” but it’s pretty one-sided at this point. Main Street appears to have decided not to engage with Nell.

Nell also has been using the term “corp-splaining.” One person defined the term as “companies trying to tell people outside of a corner office why they shouldn’t care.”

Tweet Tempest! “Say Shareholder Value Theory is Evil Again – I Dare Ya!”

I spend way too much time on Twitter – which FT Alphaville recently described as a “rage-as-a-service platform.” But since we’re there, this Business Law Prof blog recounts the tempest that pundit Matt Yglesias stirred up when he responded to reports about Google’s decision to build a censored search engine in China by tweeting that, “according to shareholder value theory, if being evil increases the discounted present value of future dividends then Google’s executives are required to be evil.”

The responses started with UCLA’s Stephen Bainbridge inquiring whether Matt was “really that stupid?” & didn’t get a whole lot warmer after that. Enjoy!

John Jenkins

October 17, 2018

SEC Issues Section 21(a) Report on “CEO Impersonator” Emails

Yesterday, the SEC issued this Section 21(a) report about companies with deficient internal controls – in particular, nine unnamed companies that became victims of a cyberfraud called “business email compromises.” This fraud entails employees receiving spoofed or otherwise compromised electronic communications – and in response, employees wired large sums of money or paid fake invoices to the tune of at least $1 million. Two of them lost more than $30 million! Losses for the nine companies totaled nearly $100 million, almost all of which has not been recovered – and some of the frauds lasted a long time & weren’t discovered until the real vendor complained they hadn’t been paid yet.

As noted in this article, there were two kinds of business email compromises — emails from fake executives and ones from fake vendors. In schemes involving emails from fake executives – also called “executive impersonation” – fraudsters not affiliated with a company use spoofed email addresses to send communications that appeared to come from a company executive, typically the CEO. Sometimes, the spoofed emails used real law firm and attorney names. The executive impersonation emails often had these common elements:

1. Referred to time-sensitive “deals” that needed to be completed within days, emphasizing the need for secrecy from other company employees and sometimes suggested some form of government oversight.
2. Claimed that the requested funds were needed for foreign transactions – and all directed the wire transfers to foreign banks. The emails provided minimal details about the transaction – and while all of the companies had some foreign operations, these types of foreign transactions would have been out of the ordinary.
3. Typically went to mid-level personnel who rarely communicated with the executives being spoofed – and who typically were not involved in the supposed transactions.
4. Often included grammatical errors. Hint, hint.

Meanwhile, see this blog about how courts are wrestling with insurance coverage for cyber-related claims…

Governance Stats: Silicon Valley v. S&P 100

This Fenwick & West study surveys the landscape of Silicon Valley’s governance practices and compares them with those found at S&P 100 companies. Not surprisingly, the study found significant differences between Silicon Valley and Corporate America. Here are some highlights:

Annual Meeting Participation:
– An average of approximately 89.1% of shares of SV 150 companies was represented in person or by proxy at company annual meetings during the 2018 proxy season, similar to 2016. However, in addition to the approximately 10.9% not represented, an additional 14.5% were represented via proxy by brokers who did not receive instructions on voting for the bulk of matters for which broker discretionary voting is not permitted. This compares to 12.8% not represented and 13.9% broker non-votes in the S&P 100 in the same period.
– The ranges of representation and voting, though, were somewhat broader in the SV 150 than the S&P 100 (e.g., 52.9% –100% voting in the SV 150, compared to 71.3% – 93.9% voting in the S&P 100).

Director Elections:
– In the vast majority of cases, the elections of directors continue to be uncontested. One of the SV 150 companies and two of the S&P 100 companies had a contested election at its annual meeting in the 2018 proxy season (compared to one in each group in 2017).
– In the SV 150, the dissident stockholder was able to elect two of the three candidates sought.
– In the S&P 100, the dissident was able to have its candidate appointed after very narrowly losing the stockholder vote at Procter & Gamble, and Broadcom was forced to withdraw its slate at the 11th hour following CFIUS review.

Say-on-Pay:
– Opposition to named executive officer compensation reached 15% or more of votes cast (ignoring abstentions and broker non-votes) at 22.8% of SV 150 companies (compared to 13.8% of S&P 100 companies). Within those SV 150 companies with relatively lower levels of support, opposition reached 30% or more at 15 companies (of which nine had opposition of 40% or more, including seven companies where opposition exceeded 50%).

Other Proposals Voted On:
– Setting aside director elections, say-on-pay (as well as say-on-frequency) and auditor approval voting, stockholders at SV 150 companies were asked to vote on one other matter on average, while stockholders at S&P 100 companies averaged 2.5 other matters voted on. The difference is primarily driven by the fact that stockholder proposals are primarily a large company phenomenon. There were only four such proposals voted on by stockholders outside of the top 50 companies in the SV 150.

Company Proposals:
– Excluding director elections, say-on-pay (as well as say-on-frequency) and auditor approval voting, stockholders at SV 150 companies voted on 86 company-sponsored proposals in the 2018 proxy season, primarily in compensation-related subjects, as well as some governance matters (compared to 56 such proposals at S&P 100 companies).

Stockholder Proposals:
– The stockholder-sponsored proposals voted on in the SV 150 generally focused on governance matters or policy issues (this was also true in the S&P 100).
– The average support for stockholder-sponsored proposals was approximately 31.9% at the SV 150 companies (compared to approximately 27.3% at S&P 100 companies).
– The most common topic for stockholder-sponsored proposals in the SV 150 were proxy access (eight proposals, two of which succeeded) and anti-discrimination/diversity (eight proposals, none of which were successful).
– The most common such topic in the S&P 100 was regarding political/lobbying activities (31 proposals, none of which succeeded).

DOJ’s Updated “Corporate Monitors” Policy

Here’s an excerpt from this Wachtell Lipton memo (we’re posting memos in our “White Collar” Practice Area):

In a speech on Friday, Assistant Attorney General Brian Benczkowski of DOJ’s Criminal Division announced a newly updated policy to guide the Division’s decision-making on whether to require a monitor as part of a corporate criminal resolution. The updated policy codifies the principle that imposing a corporate monitor should be “the exception, not the rule.” Specifically, the policy requires a cost-benefit analysis, directing that a corporate monitor be imposed only where there is “a demonstrated need for, and clear benefit to be derived from,” a monitor when compared to the costs and burdens to the corporation. A monitor “will likely not be necessary” if a corporation’s compliance program is “demonstrated to be effective and appropriately resourced at the time of resolution.”

The new policy also mandates that, where a monitorship is imposed, its scope should be “appropriately tailored to address the specific issues and concerns that created the need for the monitor.” To ensure suitable tailoring, Criminal Division agreements must now include an explanation of the monitorship’s scope, along with a description of the process for replacing a monitor, if necessary. And AAG Benczkowski emphasized that Criminal Division prosecutors have an ongoing obligation to ensure that monitors are acting properly and effectively by “operating within the appropriate scope of their mandate.”

In the same speech, AAG Benczkowski announced that the Criminal Division will eliminate the position of compliance counsel – a role created to some fanfare in the last administration – citing the institutional limitations of relying on a single person as the repository of compliance expertise. But AAG Benczkowski hastened to emphasize that assessment of the compliance function will continue to be a key consideration in every corporate enforcement matter. Rather than hiring a new compliance counsel, the Criminal Division will institute a hiring and training program to cultivate “a workforce better steeped in compliance issues across the board.” Accordingly, this change does not signal a shift in DOJ’s approach to corporate enforcement nor does it diminish the importance of maintaining an effective compliance program.

Broc Romanek

October 16, 2018

Handling Edgar’s Outages: SEC Now Posting Notices!

Since I’ve been blogging so much about Edgar outages (here’s the latest), I decided to get a little more educated about the state of play for Edgar. About a year ago, the “Edgar Business Office” was created. This new office will eventually house “nearly everything Edgar” – including “Edgar Filer Support.” Among other things, the new “Edgar Business Office” is responsible for two main tasks: existing Edgar functions, as well as an Edgar redesign that will take several years to complete.

As for Edgar outages, my primary beef has been a lack of transparency as to when Edgar is down – and when it is back to being operational. As I understand it, this problem is more complicated than I realized. When Edgar is down, it might be just for a few companies (meaning Edgar works for most companies; but not all) – and it might be just for a few minutes. Another challenge for the SEC is that it might take them a little while to realize the magnitude of the problem. So you’re encouraged to contact “Edgar Filer Support” to report a problem.

Given all that, I can see how it would be challenging for the SEC to keep us apprised of what is happening with Edgar – unless there was such a big shortage that it would be apparent (and clearly material to our community as a whole). But there is good news! The SEC has started posting notices when Edgar problems impact the ability of filers to access Edgar – and when they are resolved. These notices are being posted on this “Edgar Systems Announcements” page

For what it’s worth, this recent update to the “Edgar Filer Manual” addresses warning messages for incorrect XBRL tags, preventing the system from retrieving & exposing a return copy of a test or live submission…

More on “Do You Read Footnotes?”

Recently, I blogged about whether it’s okay to use footnotes when you write. I received many responses from members – and the poll that I ran was popular: 35% said they read them only when they’re in the mood; 41% always read them; 18% only read them for court opinions & SEC releases (no one never reads them – and 7% selected the joke answer of wishing their significant other had the temperament of a footnote).

One member shared the sage advice of his civil procedure professor at Cornell Law – the late & incomparable Rudolf Schlesinger – delivered with a wagging index finger: “The children of lawyers who do not read footnotes will starve.” And Allen Matkins’ Keith Bishop wrote this blog about whether it’s legal to use footnotes…

Will Google Face a SEC “Cybersecurity Disclosure” Enforcement Action?

Over the past few years, the SEC has conducted a number of cybersecurity disclosure investigations – but not much has come out of that other than last year’s action against Yahoo. As detailed in this blog by John Stark, perhaps that will change due to the circumstances involving a data breach at Google…

Broc Romanek

October 15, 2018

Now Available! Steven Clifford on “The CEO Pay Machine”

At our recent “Proxy Disclosure/Executive Compensation Conference,” the keynote by Steven Clifford – a former CEO that recently wrote a book about executive pay practices – was so well received that we decided to make his remarks freely available.

Steven’s book (“The CEO Pay Machine“) is an easy-to-read & entertaining dissection of how we got to where we are – and how we can fix it. His book is laden with stories that really “tell it like it is.” Please check it out & tell others that can help make a difference…

Tomorrow’s Webcast: “Proxy Solicitation – Nuts & Bolts”

Tune in tomorrow for the webcast – “Proxy Solicitation: Nuts & Bolts” – to hear Morrow Sodali’s Tom Ball, Strategic Governance Advisors’ Mark Harnett, Kingsdale Advisors’ Lydia Mulyk and Alliance Advisors’ Reid Pearson discuss the art of proxy solicitation in this activism-heightened world.

ISS & CII Team Up Against Proxy Advisor Reform

As noted in this Davis Polk blog by Ning Chiu, ISS & CII recently teamed up to create “Protect the Voice of Shareholders” in an effort to oppose H.R. 4015, the ‘Corporate Governance Reform and Transparency Act,’ that passed the House last October (but never got further than that).

Broc Romanek