This newsletter’s Table of Contents is as follows:
1.SEC Enforcement Division Annual Report Reflects Areas of Focus on Public Companies
2.Director Performance Evaluations – ISS REVISED
3.New Requirement: Board Oversight of Corporate Culture
4.Companies boost transparency of auditor oversight, study finds
5.2018 U.S. Spencer Stuart Board Index Highlights
6.Today’s Independent Board Leadership Landscape
7.Managing multiple generations of employees
8.When it comes to cybersecurity, is your board providing effective oversight?
1. SEC Enforcement Division Annual Report Reflects Areas of Focus on Public Companies
Cryptocurrency fraud and schemes against mom-and-pop retail investors may consume the limelight and make for good press, but the SEC enforcement division’s annual report also highlights continued interest in public company actions.
Individual accountability is one of the staff’s five key initiatives. In FY 2018, the Commission charged individuals in more than 70% of the enforcement actions it brought, including “numerous” CEOs and CFOs, as well as accountants, auditors and other gatekeepers.
The Division’s Cyber Unit is up and running. The Unit brought the case against Yahoo! Inc., which was the agency’s first case against a public company for failing to properly inform investors about a cyber breach.
Financial remedies are supplemented with governance changes. The Division intends to continue to explore alternative means of relief, such as stripping the CEO of super-majority voting control in the Theranos case and “enhanced” corporate governance that included appointment of two new independent directors, a committee of independent directors and the CEO stepping down as chairman, in the Tesla case.
Issuer reporting and disclosure issues and auditor misconduct accounted for 16% of cases. The Division brought actions against 54 entities and 94 individuals related to reporting and disclosure allegations. Besides Tesla and Theranos, the cases involve: failing to disclose bribery schemes; inflating the value of assets; misleading investors about increased risk that a company would miss a key financial goal announced previously in connection with a merger; misleading investors about the impact of a documentary on the company’s reputation and business; and misleading investors about the development of a cancer drug.
Source: Davis Polk
2. Director Performance Evaluations – ISS REVISED
ISS’s director performance evaluation policy is designed to identify companies that have long-term under performance and a significant number of board entrenchment features. In an attempt to streamline and strengthen the application of this policy, ISS has more clearly set out a two-step process by moving up the five-year total shareholder (TSR) assessment to the first step of its analysis. Accordingly, step one now involves a five-year under performance test based on an assessment of one-, three- and five year TSR values. The second step involves the assessment of certain problematic governance provisions, which, if present, may be considered to reflect negatively on the board’s performance. ISS believes that moving the five-year under performance test to the initial screen, as opposed to as part of a secondary step, will appropriately reduce the number of companies that undergo scrutiny under this policy. 2. Environmental and Social
Source: ISS
3. New Requirement: Board Oversight of Corporate Culture
Corporate culture can no longer be considered as a soft issue by management and boards. Its strength or weakness has a lasting impact on organizational performance and reputation. The oversight of culture must be a key board responsibility, as it is inextricably linked with strategy, CEO selection, and risk oversight. The NACD Blue Ribbon Commission Report on Culture as a Corporate Asset explores how boards can strengthen their oversight of corporate culture. The report provides practical recommendations that boards can adopt to better assess the health of the corporate culture and use existing board responsibilities, such as the following:
1. The board, the CEO, and senior management need to establish
clarity on the foundational elements of values and
culture—where consistent behavior is expected across
the entire organization regardless of geography or operating
unit—and develop concrete incentives, policies,
and controls to support the desired culture.
2. Because of its significant interdependencies with strategy
and risk, active monitoring of the organization’s culture
is a full-board responsibility, with specific oversight activities
housed in committees as appropriate.
3. Directors should review the culture of the whole
board and its key committees on a regular basis.
4. Integrate culture into the board’s ongoing discussions
with management about strategy, risk, and performance,
emphasizing that the way in which results are achieved is
as important as whether or not a given goal is met.
5. Directors should make culture an explicit criterion in the
selection and evaluation of the CEO, and set the expectation
that the CEO and senior leaders do the same in their
own leadership development and succession-planning
activities.
6. Boards and compensation committees should review the
company’s recognition and reward systems (including
incentive compensation as well as promotion decisions
and other nonfinancial rewards) to ensure that they reinforce
the desired culture and avoid unintended outcomes
that could undermine culture.
7. Shareholder communications should include a description
of how the board carries out its responsibility for overseeing
and actively monitoring the company’s culture.
Source: NACD
4. Companies boost transparency of auditor oversight, study finds
Audit committees at large US companies are offering increased levels of transparency regarding their work in overseeing outside auditors, according to a new study.
Research by the Center for Audit Quality (CAQ) and Audit Analytics finds that 40 percent of S&P 500 companies now disclose considerations in appointing the audit firm, up from 13 percent in 2014, when the organizations first compiled data on the issue.
In comparison, 27 percent of S&P mid-cap companies disclose considerations in appointing the audit firm, an increase from 10 percent in 2014. Only 19 percent of S&P small-cap companies release this information, up from 8 percent in 2014.
Similarly, almost half (46 percent) of S&P 500 companies now disclose the criteria considered when evaluating the issuer’s audit firm, an increase from just 8 percent five years ago.
Areas of increased transparency include:
- 26 percent of S&P 500 companies disclose that the evaluation of the external auditor is at least an annual event, up 5 percentage points from 2017 and 22 percentage points from 2014
- 70 percent of S&P 500 companies disclose the length of audit firm engagement, up 7 percentage points from 2017 and 23 percentage points from 2014
- 52 percent of S&P 500 companies state that the audit committee is involved in audit partner selection, up 3 percentage points from 2017 and 39 percentage points from 2014.
Many opportunities remain for enhancement in transparency and clarification of the involvement of the audit committee in the oversight of the external auditor.
For example, just 28 percent of S&P 500 companies explain changes in fees paid to the audit firm. This is down from 31 percent of companies last year, and is the same result as found in 2014. In addition, no S&P 500 companies this year disclose ‘significant areas addressed with the auditor’, while 3 percent did so in 2014.
Source: Corporate Secretary
5. 2018 U.S. Spencer Stuart Board Index Highlights
- Now in its 33rd year, the U.S. Spencer Stuart Board Index analyzes the board governance practices of the S&P 500. Some of the most notable findings are highlighted below.
- S&P 500 boards appointed 428 new directors during the 2018 proxy year, the most since 2004 and an increase of 8% from 2017. » 57% of boards added at least one new director. Nearly two-thirds (65%) of the incoming class come from outside the most senior board and company leadership roles. » Only 35.5% of the new directors are CEO-level — active or retired CEOs, chairs, vice chairs, presidents or COOs — down from 47% a decade ago. » 45% of CEOs of S&P 500 companies serve on an outside board. » Reversing a decade-long decline, 56% of the incoming class are actively employed.
- First-time directors comprise 33% of the incoming class of S&P 500 directors. They are younger than their experienced peers and more likely to be actively employed (64% versus 53%). More than a quarter (25.5%) of the incoming directors are financial experts, up from 18% in 2008. 11% are experienced CFOs/financial executives. 10% are investors.
- 17% of the incoming class are age 50 or younger, up slightly from 16% last year. » More than one-third of these next-gen directors have backgrounds in the tech/telecommunications sector. » More than half (53%) are women.
- Progress in boardroom diversity is mixed For the second consecutive year, women and minorities represent half of the class of new S&P 500 directors. » 87% of boards have two or more women directors, up from 80% last year and 56% a decade ago.
- Board assessments are standard practice, but individual assessments are far less prevalent Annual assessments have become the norm for boards, and 98% of S&P 500 companies in our index reported conducting a board assessment over the past year. » Only 38% — largely unchanged from 37% last year and 33% five years ago — report some form of individual director evaluations. » 9% disclosed retaining an independent expert to facilitate the evaluation process, compared to only 2% last year.
- Mandatory retirement policies are an important turnover mechanism S&P 500 boards continue to rely on mandatory retirement policies to facilitate board turnover. » 71% of S&P 500 boards disclose a mandatory retirement age for directors, largely unchanged over the past five years. » Among those with retirement age policies, 43.5% set the age at 75 or older, compared with 42% in 2017. » Three boards have a retirement age of 80. Over the past year, 406 independent directors left S&P 500 boards. They departed at an average age of 68.4 and with an average tenure of 12.7 years. » 56% left at 70 or older. » 36% served on the board for 15 or more years. » 37% left when either reaching or exceeding the age limit. » Only 25 S&P 500 boards (5%) set explicit term limits for non-executive directors
- Independent board chairs are on the rise Half of S&P 500 boards split the chair and CEO roles, up from 39% a decade ago. » 30.5% of boards have an independent board chair. » 80% report having an independent lead or presiding director.
- Growth in director compensation continues to outpace inflation The average total compensation for S&P 500 non-employee directors, excluding independent chairs, is around $295,000, a 3% year-over-year increase. » On average, director pay breaks down as follows: 56% paid in stock awards, 38% in cash and 4% in stock options. » Only 10% of S&P 500 companies pay non-employee directors for attending board meetings, down from 45% a decade ago. » The highest-paying sectors for directors are: healthcare ($363,328); information technology ($337,492); energy ($324,801) and telecommunications services ($330,909).
Source: Spencer Stewart
6. Today’s Independent Board Leadership Landscape
Board leadership structures have evolved dramatically over the past 20 years. Today, 92% of S&P 1500 companies have independent board leadership, up from just 10% in 2000. This change corresponds to a rise in independent directors, as well as the continuing separation of chair and CEO roles.
Today, 60% of S&P 1500 companies have separate individuals serving as chair and CEO, more than doubling the 27% that separated the roles in 2000. But while the shift towards independent board leadership is clear, the form that leadership takes, and the responsibilities assigned to those leaders, differ among companies.
Lead director positions serve as a kind of compromise in terms of board leadership structures. They maintain the unified leadership of the combined CEO/chair while providing an independent counterbalance to management’s leadership on the board. They do not command the same authority as a board chair.
The role of independent chair is distinct in regards to responsibilities related to calling and chairing meetings of the full board and shareholder meetings. Otherwise, most lead directors have many of the same powers as that of an independent chair, such as calling and chairing meetings of the independent directors and approving board meeting agendas, schedules and information.
7. Managing multiple generations of employees.
In the coming years, employers will face the unprecedented challenge of having five generations of employees in the workplace. Companies and their boards can help address these tensions by better understanding employee expectations, encouraging cross-generation mentorship, and setting an example of generational diversity with respect to company leadership and members of the board. If managed correctly, boards and companies alike can benefit from the wisdom, collaboration and innovation that comes with generational diversity.
Source: Harvard Law School
8. When it comes to cybersecurity, is your board providing effective oversight?
While businesses embrace new technologies such as blockchain, AI and others, many boards aren’t aware enough of how vulnerable their organizations are to cyberattacks. Improving the board’s understanding and oversight of cybersecurity can save a lot of money – and grief. Directors and offices are facing an increased risk of personal liability and threats to job security in relation to cybersecurity. In the United States, a number of claims have been brought forward against directors and officers for lack of oversight of their organization’s cybersecurity measures. The good news is that Canadian directors seem to be attuned to these risks. In a recent ICD Director Lens Survey, 42% of respondents cited cyber as the biggest risk they face. This was the highest-rated risk, above regulatory and economic risk.
So what measures can boards take to protect their organizations and themselves to build their cyber resilience? First, boards must determine if management has the appropriate resources and technical skills dedicated to cyber security. Is your organization able to limit the impact of cyber disruption, maintain critical functions and rapidly re-establish normal operations, following cyber incidents? If disclosure of an attack is required, does the board have confidence that the appropriate process has been put in place to effectively communicate to stakeholders?
Ensuring that staff at all levels are aware of potential cyber threats and providing appropriate training is crucial (e.g. do not open that attachment from a sender you do not recognize or that looks suspicious).
Directors also need to look carefully at their own behaviour. According to a recent report, 56% percent of board members communicate using their personal email accounts. This practice may lead to real harm.
Source: ICD
