This newsletter’s Table of Contents is as follows:
- Crisis in the C-Suite: A 10-Step Plan for Boards
- Focussing on Employee Wellbeing: 400 CEOs Viewpoint
- Boards Typically Updated On Cybersecurity Only After An Incident
- Two Governance Hot Topics for Board t Pay Attention: D&O Insurance against Fraud and the Value of Independent Board Chairs
1. Crisis in the C-Suite: A 10-Step Plan for Boards
It’s an all-too-common occurrence. A senior executive is accused of wrongdoing ― sexual misconduct, bullying, financial fraud, a conflict of interest, or other conduct posing a compliance or integrity concern. Suddenly, directors find themselves thrust into the center of a crisis, forced to make critical decisions on a short timeline, often in the glare of a public spotlight.
It’s a time for clearheaded thinking and a game plan. Here’s a 10-point guide for directors for the first few, critical days.
- Make a quick, preliminary assessment of the seriousness of the allegations and establish a proper investigation structure.
- Retain credible advisors: Outside counsel is typically retained to conduct a thorough, investigation.
- Be on the lookout (via the Whistleblower hotline) for additional or related whistleblower reports: Once headline-catching allegations surface, others often follow.
- Determine what, if anything, the company must disclose and how: Assess, with outside counsel, whether any disclosures are required to regulators, other authorities, or investors. Do not be afraid to say, “We don’t know yet, but these are our priorities and values, and here’s what we’re doing.”
- Don’t forget about the auditors: Directors must assess whether the nature of the allegations obligates them to make disclosures to the company’s auditors or whether disclosures should be made as a matter of prudence.
- Develop a public relations strategy: It is not always possible to keep these kinds of investigations confidential and a non-legal advisor’s perspective is valuable.
- Consider suspensions or recusals: The board should consider whether it is necessary or appropriate, based on the type and severity of the allegations, to suspend the target of the allegations, or limit his or her authority or involvement in certain matters or business activities during the investigation.
- Understand root causes: As the investigation progresses, the board should focus not just on whether the allegations are substantiated, but also on analyzing any root causes of the purported issue.
- Think ahead about remediation and disciplinary options: If the allegations of misconduct are substantiated or concerns remain about the executive’s conduct or integrity, the board will have to decide how to respond with regard to the executive.
- Keep litigation risks in mind throughout: If an investigation becomes public or the allegations of misconduct are confirmed, the board should expect civil suits by shareholders, any victims, and, possibly, the executive at the center of the crisis.
Getting the first few days right will save your company time and money, and it will also demonstrate to investors, employees, customers, and counterparties that the company is well-governed has strong controls, and is committed to compliance and ethical behavior.
Common Mistakes to Avoid
- Delaying the start of an investigation, or failing to investigate additional or related reports
- Failing to consider external optics, including potential conflicts, with respect to oversight of the review and outside advisers
- Inconsistent communications, external or internal, and delayed disclosures
Ignoring root causes and related remediation
SOURCE: Skadden, Arps, Slate, Meagher & Flom LLP
2.Focussing on Employee Wellbeing: 400 CEOs Viewpoint
Four Hundred U.S. CEOs have identified their employee value proposition (which now should be specified and articulated in their company’s mission statement aka “Purpose Statement”) as the top operational priority to achieve their growth objectives. Seventy-nine percent also said the accelerated pace of digital transformation through the pandemic will not be sustainable without first addressing burnout among their workforces.
U.S. CEOs believe that focusing on employees’ mental health and well-being is critical to ensuring employees are engaged, motivated, and productive.
Eighty-two percent of U.S. CEOs said the pandemic has shifted their focus toward the social component of their ESG programs. Ally Financial’s Brown considers the past 18 months brutally tough in terms of the continued racism in society. “We have used these tough times as examples to try to bridge our gaps,” he says. “I’ve tried to create and support an environment that’s deeply focused on diversity and equity, but especially inclusion.”
Flexibility and a hybrid workplace have emerged as issues that CEOs are zeroing in on to ensure employee well-being. Fifty-nine percent of CEOs said they will be looking at shared office spaces to allow employees to work more flexibly, and 53% will be looking to hire talent that works predominantly remotely. About one-third (35%) will have a majority of employees working remotely at least two or more days a week, and one-quarter (26%) already have or will downsize their organization’s physical footprint.
Responding to this desire for flexibility is non-negotiable for organizations moving forward. As leaders design new ways of working to meet their workforce needs today and, in the future, flexibility is paramount.
Ensuring a successful outcome includes thinking beyond where teams work and focusing more on how teams work together—enabling purposeful, intentional interactions to help people succeed, learn and develop their careers.
U.S. CEOs believe that focusing on employees’ mental health and well-being is critical to ensuring employees are engaged, motivated, and productive.
Eighty-two percent of U.S. CEOs said the pandemic has shifted their focus toward the social component of their ESG programs. Ally Financial’s Brown considers the past 18 months brutally tough in terms of the continued racism in society. “We have used these tough times as examples to try to bridge our gaps,” he says. “I’ve tried to create and support an environment that’s deeply focused on diversity and equity, but especially inclusion.”
Flexibility and a hybrid workplace have emerged as issues that CEOs are zeroing in on to ensure employee well-being. Fifty-nine percent of CEOs said they will be looking at shared office spaces to allow employees to work more flexibly, and 53% will be looking to hire talent that works predominantly remotely. About one-third (35%) will have a majority of employees working remotely at least two or more days a week, and one-quarter (26%) already have or will downsize their organization’s physical footprint.
Responding to this desire for flexibility is non-negotiable for organizations moving forward. As leaders design new ways of working to meet their workforce needs today and, in the future, flexibility is paramount.
Ensuring a successful outcome includes thinking beyond where teams work and focusing more on how teams work together—enabling purposeful, intentional interactions to help people succeed, learn and develop their careers.
SOURCE: KPMG
3. Boards Typically Updated On Cybersecurity Only After An Incident
A recent report from the Ponemon Institute suggests that boards of directors may need to improve communication with IT teams in order to protect against growing cyber-attacks on industrial controls systems (ICS) and operational technology (OT) environments. In fact, some may only be updated on cybersecurity matters when a security lapse occurs.
The report said that 63 percent of the 603 survey respondents’ organizations had experienced an ICS or OT cybersecurity incident within the last two years, yet only 35 percent had implemented a unified security strategy program to secure both the IT (industrial) and OT (operational) environments of the company.
If management executives, the board, and the IT teams aren’t sharing the same information, it will be nearly impossible for companies to stay ahead of fast-evolving cyber threats. To combat this risk, boards should consider:
• Conduct a comprehensive review of the cybersecurity measures currently being implemented by all IT teams. The board and the management team must understand what is currently in place in order to determine if the company has adequate cybersecurity. If the board does not have a true cybersecurity expert among its ranks to oversee a review of all security systems, it may be necessary to bring in an outside consultant to determine where vulnerabilities are and how they can best be mitigated.
A comprehensive review of cybersecurity measures will also allow the board and management to allocate an appropriate budget for security programs.
• Create a Cybersecurity or IT committee that reports to the board or appoint a cybersecurity expert to the board. Cybersecurity will continue to be an ongoing threat to all companies in all industries, so someone should be appointed to monitor these threats and keep the board and management team informed about strategies that can protect against security-related disruptions. A committee of IT executives that is responsible for cybersecurity measures and reports to the board may work for some companies while having a board member with extensive cybersecurity experience who can suggest effective security procedures and evolving safety measures may also be effective.
The report said that 63 percent of the 603 survey respondents’ organizations had experienced an ICS or OT cybersecurity incident within the last two years, yet only 35 percent had implemented a unified security strategy program to secure both the IT (industrial) and OT (operational) environments of the company.
If management executives, the board, and the IT teams aren’t sharing the same information, it will be nearly impossible for companies to stay ahead of fast-evolving cyber threats. To combat this risk, boards should consider:
• Conduct a comprehensive review of the cybersecurity measures currently being implemented by all IT teams. The board and the management team must understand what is currently in place in order to determine if the company has adequate cybersecurity. If the board does not have a true cybersecurity expert among its ranks to oversee a review of all security systems, it may be necessary to bring in an outside consultant to determine where vulnerabilities are and how they can best be mitigated.
A comprehensive review of cybersecurity measures will also allow the board and management to allocate an appropriate budget for security programs.
• Create a Cybersecurity or IT committee that reports to the board or appoint a cybersecurity expert to the board. Cybersecurity will continue to be an ongoing threat to all companies in all industries, so someone should be appointed to monitor these threats and keep the board and management team informed about strategies that can protect against security-related disruptions. A committee of IT executives that is responsible for cybersecurity measures and reports to the board may work for some companies while having a board member with extensive cybersecurity experience who can suggest effective security procedures and evolving safety measures may also be effective.
SOURCE: Corporate Board Member
4. Two Governance Hot Topics for Board to Pay Attention: D&O Insurance against Fraud and the Value of Independent Board Chairs
- Delaware Supreme Court Affirmed That D&O Policies May Cover Fraudulent Conduct: In March 2021, in RSUI Indemnity Company v. Murdock, the Delaware Supreme Court affirmed a trial court’s judgment that required a D&O insurer to pay for losses resulting from the fraud of Dole Food Company’s CEO and director. The Court held that public policy does not prevent D&O policies from insuring against fraud. Additionally, the Court interpreted Section 145 of Delaware’s General Corporation Law to suggest that companies have “statutory authority to obtain D&O insurance for liabilities arising from bad-faith conduct.” The ruling serves as a good reminder for companies to renew their D&O policies and ensure that they provide adequate coverage.
- Glass Lewis Released Report on Independent Board Chairs: Glass Lewis has released an updated report finding that boards with independent chairs serve shareholders more effectively than boards led by a CEO or other executive. The report cited a recent study by the Millstein Center for Corporate Governance and Performance at the Yale School of Management that “the independent chair curbs conflicts of interest, promotes oversight of risk, manages the relationship between the board and CEO, serves as a conduit for regular communication with shareowners, and is a logical next step in the development of an independent board.”
SOURCE: Sullivan & Cromwell
