This newsletter’s Table of Contents is as follows:
- The Results will SHOCK YOU: What Happens to the CEO Succession ‘Losers’?
- Assessing RISK in Compensation Plans
- Cybersecurity is a BIG Board Issue: Questions that Boards MUST ask
- Risk is everywhere, but who on the Board should own it?
- Corruption is NOT getting the Board attention it needs
- SEC whistleblower awards top $100 million!!
- Are we Doing bankruptcy wrong: Lessons from Sweden
- Companies still slow to respond to shareholder requests
1. The Results will SHOCK YOU: What Happens to the CEO Succession ‘Losers’?
A CEO is crucial to a company’s long-term performance. But how do shareholders know if the board missed a strong internal candidate?
Stanford Graduate School of Business researchers David F. Larcker, Stephen A. Miles, and Brian Tayan looked at succession winners and losers to track where they went and how successfully they performed.
They examined CEO changes at the 100 largest companies between 2005 and 2015 to analyze a total of 121 transitions.
The data suggests that corporate boards do a reasonable job of identifying CEO talent: About 30% of executives passed over at one company get hired to helm another, and those who do tend to perform worse than those promoted at the original company.
121 Transitions
100 were passed over for CEO.
Of that 100:
- 26% stayed at the company
- 74% left the company
Of the 74% that left the company:
- 30% became CEO elsewhere
- 41% took a below CEO level job
- 30% retired
(Due to rounding, does not equal 100%)
What Happened Next…the results will shock you.
Succession Winners
- When a CEO was identified and promoted from within, stocks performed well.
- Three-year stock price performance: 8%
- Three-year stock price performance compared to S&P500: -2%
Succession Losers
- When an executive left the original company to become CEO elsewhere, stock fared less well.
- Three-year stock price performance: -13%
- Three-year stock price performance compared to S&P500: -22%
CONCLUSION: Boards should beware hiring new outside CEOs!
Source: Stanford University
2. Assessing RISK in Compensation Plans
While incentives can be powerful tools to properly align employees with the achievement of the company’s objectives, boards of directors should consider whether there is a process in place to identify and mitigate the potential risks of incentive programs. Risk assessments need to be conducted annually, comprehensively, and holistically. Remember, what gets rewarded gets done BUT do boards really understand the potential for ‘unintended consequences’ in their compensation plans?
Source: Deloitte
3. Cybersecurity is a BIG Board Issue: Questions that Boards MUST ask
One of the biggest concerns facing boards is how to provide effective oversight of cybersecurity. The following are questions that boards should be asking:
- Governance. Has the board established a cybersecurity review > committee and determined clear lines of reporting and > responsibility for cyber issues? Does the board have directors with the necessary expertise to understand cybersecurity and related issues?
- Critical asset review. Has the company identified what its highest cyber risks assets are (e.g., intellectual property, personal information and trade secrets)? Are sufficient resources allocated to protect these assets?
- Threat assessment. What is the daily/weekly/monthly threat report for the company? What are the current gaps and how are they being resolved?
- Incident response preparedness. Does the company have an incident response plan and has it been tested in the past six months? Has the company established contracts via outside counsel with forensic investigators in the event of a breach to facilitate quick response and privilege protection?
- Employee training. What training is provided to employees to help them identify common risk areas for cyber threat?
- Third-party management. What are the company’s practices with respect to third parties? What are the procedures for issuing credentials? Are access rights limited and backdoors to key data entry points restricted? Has the company conducted cyber due diligence for any acquired companies? Do the third-party contracts contain proper data breach notification, audit rights, indemnification and other provisions?
- Insurance. Does the company have specific cyber insurance and does it have sufficient limits and coverage?
- Risk disclosure. Has the company updated its cyber risk disclosures in SEC filings or other investor disclosures to reflect key incidents and specific risks?
The SEC and other government agencies have made clear that it is their expectation that boards actively manage cyber risk at an enterprise level. Given the complexity of the cybersecurity inquiry, boards should seriously consider conducting an annual third-party risk assessment to review current practices and risks.
Source: Harvard Law School
4. Risk is everywhere, but who on the Board should own it?
Organizations today are challenged with managing a rapidly changing risk landscape. In response, audit committees must take an even more proactive role in understanding the company’s ‘risk appetite’, ‘risk tolerance’ ‘risk culture’ and ‘risk management’ policies and procedures. More than ever, they must understand the evolving risks their organizations face as they oversee responses to existing and emerging risks. In exercising their oversight duties, audit committees must determine whether management maintains effective internal controls and systems designed to prevent and detect potential legal and regulatory violations and address emerging risks in this volatile environment.
Source: EY
5. Corruption is NOT getting the Board attention it needs
Global commitments to combating corruption and enhanced cooperation and enforcement by law enforcement agencies have increased the pressure on companies to mitigate fraud, bribery and corruption risks. With some global executives willing to justify unethical activity, audit committees need to continuously assess their ability to robustly oversee fraud, bribery and corruption risk.
Such actions take particular importance as companies expand their business footprint into emerging markets such as Africa, Brazil, China, India and Eastern Europe, where they may be exposed to heightened risks, and as companies continue to grow via record M&A activity. EY’s 2016 Global Fraud Survey found that respondents generally are not yet taking steps to identify and mitigate key corruption and other risks before entering into local joint ventures, partnerships and other business relationships. To minimize such risks, audit committees should confirm that management is adequately resourcing compliance and investigative functions and is undertaking regular fraud risk assessments. Data is also becoming an increasingly important monitoring tool, and audit committees should determine that internal audit is appropriately leveraging data-driven indicators.
Source: EY
6. SEC whistleblower awards top $100 million!!
Five years after the inception of the SEC’s whistleblower program, the SEC issued its second largest award of $22 million—putting the program’s total above $100 million. The award, announced on August 30, came after a whistleblower tipped the agency and helped it stop a “well-hidden fraud” at the company where the whistleblower worked, according to the SEC.
Since 2011, the Whistleblower Office has received more than 14,000 whistleblower tips from individuals in all 50 states, the District of Columbia, and 95 foreign countries. More than $107 million has been awarded to 33 whistleblowers. The largest award, $30 million, was awarded in 2014. “The SEC’s whistleblower program has proven to be a game changer for the agency in its short time of existence, providing a source of valuable information to the SEC to further its mission of protecting investors while providing whistleblowers with protections and financial rewards,” said Mary Jo White, Chair of the SEC, in a press release.
Meanwhile, the SEC continues to show its support for whistleblowers by focusing on restrictive severance agreements that would prohibit potential whistleblowers from providing information to the agency.
In August, the SEC announced settlements with two companies. The SEC charged that the companies offered severance agreements that required employees to waive their rights to file applications for whistleblower awards, which was in violation of federal securities laws. Both companies agreed to pay penalties, which together totaled more than $500,000. “We’re continuing to stand up for whistleblowers and clear away impediments that may chill them from coming forward with information about potential securities law violations,” said Stephanie Avakian, Deputy Director of the SEC’s Enforcement Division, in a press release.
Source: PWC
7. Are we Doing bankruptcy wrong: Lessons from Sweden
When the US Congress created Chapter 11 bankruptcy procedures in 1978, the intent was to avoid having assets of temporarily insolvent companies auctioned off hastily. Congress figured that giving management time to restructure financial claims under court supervision was better than forcing a corporate takeover. Now new research from the Lindenauer Center for Corporate Governance at Tuck University indicates that Chapter 11 may be inefficient relative to auctions.
In contrast to the American system, he Swedish bankruptcy system mandates that bankrupt companies are put up for auction. There the winning bidder alone determines whether a bankrupt company will continue in business or be liquidated.
The research found that, unlike under Chapter 11, a substantial majority of auctioned companies survive as going concerns and perform at par with their competitors. And there is little evidence that auctions produce fire-sale prices. Moreover, while the post-bankruptcy operating profitability of the Swedish firms matches that of their industry rivals, two-thirds of the U.S. firms underperform relative to the competition.
Source: Lindenauer Center for Corporate Governance
8. Companies still slow to respond to shareholder requests
Companies aren’t quick to respond to shareholders’ wishes about majority-supported shareholder proposals and “zombie” directors, according to a review of the Council of Institutional Investors’ (CII) 2016 letter writing campaign to 101 Russell 3000 companies. CII’s 2016 letters asked companies how they plan to respond to either a majority-supported shareholder proposal or to a director who has failed to win a majority of votes cast. As of the beginning of September, 87 shareholder proposals at the 101 companies garnered majority support, but only eight such proposals were implemented. Forty-four directors at the 101 companies did not receive majority votes at their companies’ 2016 annual meetings, but only four stepped down from their boards. Nearly half of the proposals that received majority support addressed proxy access, and most were filed by the Comptroller of the City of New York and the UAW Retiree Medical Benefits Trust. CII says that the slow implementation rate is not unusual; it typically takes a year to enact changes. They further note that the slow pace is part of a recent trend of a declining implementation rate of shareholder proposals over the past few years.
Source: Council of Institutional Investors
