Archive for the ‘Regulations & Legislation’ Category

Current Efforts Toward Corporate Disclosure Reform

August 22nd, 2014 | By

The discussion surrounding corporate disclosure reform has consistently centered on the issue of how to provide sufficient levels of information to investors and other readers without overburdening those responsible for preparing the disclosures. On July 29, the U.S. Chamber of Commerce’s Center for Capital Markets Competitiveness (CCMC) hosted an event addressing corporate disclosure reform. A variety of issues involving disclosure reform were discussed in panels featuring general counsels from leading companies, former officials from the Securities and Exchange Commission (SEC), the current head of the SEC’s Division of Corporation Finance, and other stakeholders.

Corporate disclosure reform has also been a recurring topic of discussion among the delegates of NACD’s advisory council meetings. Delegates are committee chairs of Fortune 500 companies and, along with key stakeholders, they discuss the issues and challenges currently affecting the boardroom. In particular, NACD’s Audit Committee Chair Advisory Council has discussed this topic at length, and this issue featured prominently in the discussions at the June 2013, November 2013 and March 2014 meetings. In particular, the November meeting featured senior leaders from the Society of Corporate Secretaries and Governance Professionals to discuss their efforts to streamline disclosures, while the March meeting included analysts from Moody’s Analytics and Morgan Stanley to share how they use disclosures.

Many of the key takeaways from the CCMC’s July meeting have been echoed at NACD’s advisory council meetings. These include:

The “disclosure burden” is largely driven by a desire to reduce liability. The first CCMC panel focused on the perspectives of two former SEC commissioners: Roel Campos, who is currently a partner at Locke Lord; and Cynthia Glassman, now a senior research scholar at the Institute for Corporate Responsibility at the George Washington University School of Business. There was agreement that disclosures have become documents of litigation. The usefulness of many disclosures was called into question, and in fact, many of the disclosures found on today’s financial statements are not actually mandated. For example, while comment letters issued by SEC staff from the Division of Corporation Finance and the Division of Investment Management “do not constitute an official expression of the SEC’s views” and are “limited to the specific facts of the filing in question and do not apply to other filings,”[1] many companies include disclosures based on these comment letters, often aiming to reduce their company’s liability by accounting for every possible contingency.

What’s more, if one company is asked by the SEC to provide a particular disclosure, other companies may feel compelled to disclose the same information even though they may operate in different industries.

Nevertheless, elimination of unnecessary or outdated disclosures requires a lengthy review process. Without a champion for reform, disclosures can linger on financial statements in perpetuity. An advisory council delegate noted: “It’s possible to take the initiative and cut the 10-K down. But it’s a significant time commitment, so you need buy-in from the CEO, CFO, and audit committee.”

Technology provides promising solutions. It was also observed that many disclosures are mandated by laws and rules stemming from the 1930s to the 1980s, when corporate information was only accessible in a physical form. Today, company websites often provide more detailed, current information than the 10-K. One CCMC panelist suggested that the SEC should encourage companies to rely more on these websites for the disclosure of certain information, such as historical share prices.

CCMC panelists also discussed ways to take advantage of technology to redesign and standardize the financial statements themselves, which could make them searchable and allow investors to make comparisons over time or across companies more easily. One panelist suggested that disclosure transparency could be enhanced by creating a “digital executive summary” document. In this summary, new, newly relevant, and the most material disclosures could be grouped in one place with hyperlinks to more detailed information. A similar notion has been discussed at recent Audit Advisory Council meetings, as one delegate offered: “Perhaps we need a second document, aside from the 10-K, that provides a shorter, more meaningful narrative that’s focused on the material issues that investors are interested in.”

Disclosure reform involves multiple stakeholder groups. The second CCMC panel of the morning focused on balancing the disclosure needs of various stakeholders. The panel included the perspectives of several professionals whose work is heavily influenced by the disclosure regime. They included Julie Bell Lindsay, managing director and general counsel for capital markets and corporate reporting, Citigroup Inc.; Chris Holmes, national director of SEC regulatory matters, Ernst & Young; Flora Perez, vice president and deputy general counsel, Ryder System Inc.; and Ann Yerger, executive director, Council of Institutional Investors.

From the investors’ perspective, it was noted that because investors are voracious consumers of information, they will rarely say “no” if offered more information.

Several corporate counsels noted initiatives at their companies that are designed to increase disclosure transparency, including efforts to work directly with investors to determine the information that was the most important to them. In fact, nearly half of the respondents to the 2013–2014 NACD Public Company Governance Survey indicated that a representative of the board had met with institutional investors in the past 12 months:

survey graphic

The SEC is currently developing solutions. The final panel of the morning featured Keith Higgins, director of the SEC’s Division of Corporation Finance, who provided his views regarding the state of the disclosure system and described how the division is currently conducting its disclosure reform initiatives. More details regarding the division’s plans to tackle disclosure reform can be found in this speech by Higgins to the American Bar Association in April.

Throughout the morning’s discussions, there were also points of disagreement, such as the relevance of specific disclosures. Each session, however, provided evidence that on all sides of the issue there are those making good-faith efforts to improve the system.

[1] http://www.sec.gov/answers/commentletters.htm.

Voluntary Public-Private Partnership on Cyber-Risk Oversight

July 30th, 2014 | By

On Tuesday, the U.S. Department of Homeland Security selected and posted the NACD Director’s Handbook on Cyber-Risk Oversight on the Critical Infrastructure Cyber Community (C3) Voluntary Program website. At a press conference yesterday, four panelists, Ken Daly, president and CEO, NACD; Mark Camillo, head of cyber products for the Americas Region, AIG; Larry Clinton, president and CEO, ISA; and Dr. Andy Ozment, Assistant Secretary for Cybersecurity and Communications, DHS, spoke generally about cybersecurity as an issue for directors, and specifically about the contents of the handbook, created by NACD in association with AIG and ISA, which focuses on cybersecurity oversight at the board level.

Larry Clinton observed that the first of two goals for combatting cyber risks at board level is to raise awareness of cybersecurity as a risk directors must oversee. NACD has been actively engaged in educating the board member community on cyber issues for some time. In summer 2013, The Art of Cyber War graced the cover of NACD Directorship, followed by coverage in subsequent issues; NACD has held multiple roundtables and events focused on cybersecurity issues, including a day-long cyber-risk summit in Chicago, and has built the topic into the flagship Master Class program. In addition to the director’s handbook, other recent NACD thought leadership includes the white paper Cybersecurity: Boardroom Implications and a video series focused on technology and cybersecurity.

On Tuesday, Dr. Ozment emphasized the fact that cyber risks affect organizations of all sizes, sectors, and industries, stating that a director who doesn’t know about cyber incidents falls into one of two categories: either “your CEO doesn’t think you care about cyber incidents,” or “your CIO doesn’t know about the cyber incidents.” He followed with, “unfortunately the bad guys are doing more for cybersecurity awareness than any one of us can do.” Clinton’s first goal, realizing the “why” of cyber-risk oversight at board level, has been scarred into directors’ understanding.

Clinton’s second goal is simple but even more challenging: we have to work together to “solve it.” According to the forthcoming 2014-2015 NACD Public Company Governance Survey, 90 percent of directors believe their boards’ understanding of cyber risk needs improvement. Though directors get the “why,” they need guidance on the “how,” advice practical to boards’ oversight of cyber risk.

The NACD Director’s Handbook on Cyber-Risk Oversight provides insight into the “how.” Daly stated that cyber “is simply another risk [that] fits within the enterprise risk management system.” Camillo indicated that the handbook’s five principles “can be used immediately” and applied to an organization’s existing ERM program:

  • Principle 1: Directors need to understand and approach cybersecurity as an enterprise-wide risk management issue, not just an IT issue.
  • Principle 2: Directors should understand the legal implications of cyber risks as they relate to their company’s specific circumstances.
  • Principle 3: Boards should have adequate access to cybersecurity expertise, and discussions about cyber-risk management should be given regular and adequate time on the board meeting agenda.
  • Principle 4: Directors should set an expectation that management establish an enterprise-wide cyber-risk management framework with adequate staffing and budget.
  • Principle 5: Board-management discussions about cyber risk should include identification of which risks to avoid, accept, mitigate, or transfer through insurance, as well as specific plans associated with each approach.

Daly further emphasized the “voluntary public-private partnership” between NACD, ISA, AIG, and DHS reflected in the fact that the handbook is the first, and currently only, private-sector document featured on the DHS C3 Voluntary Program website. The concept of cross-sector partnership to combat cyber risks is a centerpiece of the president’s 2013 executive order, Improving Critical Infrastructure Cybersecurity. The handbook’s release signifies that the partnership-based approach is bearing fruit and the private sector is taking responsibility for cyber risk. Dr. Ozment agreed, stating that “managing cybersecurity is a shared responsibility,” and this handbook demonstrates widespread acceptance of the NIST cybersecurity framework. The handbook’s creators’ combined cyber, risk, and governance expertise to provide recommendations, broadly applicable to directors of all economic sectors, for combatting a national and international problem.

Proxy Season Paradoxes

June 19th, 2014 | By

As corporate fiduciaries, directors represent shareholders. But what should boards do when their sense of corporate good conflicts with resolutions advanced by specific owners? It is easy to say that boards need to do more to oversee risk, or to improve strategy, but without real-world testing, these statements become platitudes. Let’s take a look behind the headlines surrounding six recent proxy season conflicts—starting with five Fortune 500 companies (Bank of America, Darden, Staples, Target, and Walmart) and closing with a mid-market real estate investment trust (REIT) family (Ashford). In each case, boards have had to draw the line when confronted by special interests—while still respecting the rights and interests of all shareholders, including activists.

Please click on a company name above to go directly to the case study.

Bank of America: Of Accounts and Accountability

The issue. Is the board responsible for preventing honest administrative errors? On April 28, the Federal Reserve Board announced that it would require Bank of America Corp. to suspend planned increases in capital distributions and resubmit its capital plan. This requirement followed disclosure by Bank of America that the bank made an error in the data used to calculate regulatory capital ratios used in the most recent stress tests conducted by the Federal Reserve. The error was unintentional and, in comparison to the $2 trillion on the balance sheet, small. Nonetheless, the consequences became clear at the annual meeting on May 7, when the California State Teachers’ Retirement System (CalSTRS) pension fund voted against four of five members of Bank of America’s audit committee. “The shortcomings in processes and risk controls underscore the need to make the necessary changes to ensure this sort of issue does not arise again,” opined CalSTRS spokesman Ricardo Duran in an e-mailed statement to the Wall Street Journal. Yet only a minority of investors joined the California giant. Apparently, most investors shared the views of William Smead, chief investment officer of  Smead Capital Management in Seattle, who told the Wall Street Journal that the bank’s CEO Brian Moynihan “is a straight shooter” so his fund would “stay the course.” At the meeting, shareholders elected the full board for another term, approved all the management proposals, and rejected all four shareholder proposals; still, the CalSTRS campaign and commentary fired warning shots heard around the governance world.

The lesson. Boards cannot prevent error, but they can ensure quality of both processes and people. Clearly, this bank (like every institution) can continue to improve its controls. On the other hand, when management is willing to admit mistakes and act quickly, and the board has supported this progressive direction, it’s hardly time to change leadership.

Darden Restaurants (and Pfizer): The Right to Sell (or Buy)

The issue. Should cut-or-keep strategy be decided by boards and management or by shareholders? On May 16, Darden Restaurants Inc. announced a definitive agreement to sell its Red Lobster chain restaurant business and related assets, and assumed liabilities to Golden Gate Capital for $2.1 billion in cash. Red Lobster was failing and the board opted to sell it rather than turn it around. The deal will net Darden about $1.6 billion, of which approximately $1 billion will be used to retire outstanding debt. The deal is expected to close in early 2015 after necessary regulatory approvals. A week later, on May 22, Starboard Value, protesting the sale, put forward a full slate of candidates for Darden’s board of directors to be voted on at the company’s June 22 annual meeting. (Similar questions arose on the buy side at the Pfizer annual meeting on April 24 during the recently ended Pfizer bid for Astra-Zeneca.)

The lesson. Boards have a right to exercise judgment on whether a struggling company should turn around or sell off part of the business—or, conversely, whether a market leader should grow via merger. Analyst John Maxfield, writing about Red Lobster for the popular investment site Motley Fool, observed that turnarounds rarely succeed. He cited wise words from Warren Buffet, who wrote the following back in 1980: “When a management with a reputation for brilliance tackles a business with a reputation for poor fundamental economics, it is the reputation of the business that remains intact.” The Darden board apparently believed that the fundamental economics of Red Lobster were unfavorable so they sold it. (On the buy side, the Pfizer board made a similarly justified strategic decision—not to let go of a division, but instead to chase, and subsequently let go of, a dream.)

Staples: A Matter of Discretion

The issue: Can the board justly exercise discretion in pay in order to retain executives during a turnaround? The Staples board believed so, and proceeded in good faith to pay accordingly, but shareholders disagreed. On March 3, the Staples board rewarded executives for their added workload in turning the retailer around by approving a “2013 Reinvention Cash Award.” The board also approved an extra reward cycle to retain executives and staff who had not received a bonus in two years due to dragging financials caused by the poor economy for consumer discretionaries. Institutional Shareholder Services (ISS), a proxy advisory firm, urged investors to reject the plan in their advisory “say-on-pay” vote at the annual meeting on June 2. ISS carries considerable influence in the proxy policy-setting and voting processes, and in this case apparently they did, as a majority of shareholders (53.64%) voted against the Staples plan. At that same meeting, 50.66 percent of shareholders cast advisory votes to split the chair and CEO roles at the retailer.

The lessonWhile directors should make every effort to comply with their policies when awarding pay, they should reserve and defend the right to exercise discretion; similarly, directors are the ones who should determine the independent leadership structure for their boards. When boards exercise compensation discretion, for example by making an award that did not appear in a plan, they need to clearly communicate early on their reasons for doing so. This is a key finding of the NACD Blue Ribbon Commission (BRC) on Executive Compensation, convened in 2014, as well as previous BRCs on the topic. Communication, not compensation, may be the core issue here. (Then again, communication of any point requires two parties—the speaker and the listener. In some cases, however, it simply may be that shareholders are unwilling to hear management’s reasons for a nonroutine pay decision.)

Target: Expecting the Impossible?

The issue. If a board knows that a particular risk exists and takes action to defend against it, are directors to blame if the defense does not function well enough to prevent harm? In mid-2013, anticipating hacker problems, Target began installing a $1.6 million malware detection tool made by the computer security firm FireEye; yet due to a break in the chain of alerts during the most recent holiday season, the defense did not work and Target suffered an attack at the height of the holiday shopping season. Subsequently—despite swift response to the problem (replacing the chief information officer and strengthening security)—ISS recommended that shareholders vote against 7 of the company’s 10 directors at the company’s June 11 annual meeting, urging rejection of the members of the audit and corporate responsibility committees. The day before the meeting, Luis Aguilar, a commissioner at the Securities and Exchange Commission, mentioned the Target incident in a speech at the NYSE, and observed that “effective board oversight of management’s efforts to address these issues is critical to preventing and effectively responding to successful cyber-attacks.” Shareholders did vote by a majority on June 11 to keep the full board, but concerns linger. More than 90 lawsuits have been filed against Target by customers and banks for alleged “negligence,” and they are seeking compensatory damages as well.

The lessonThe line between the board and management is still distinct, but it is no longer bright; it will vary by company, so it is up to each board to find it. IT risk oversight is not easy. NACD’s Director’s Handbook Series on Cyber-Risk Oversight recommends that boards approach cybersecurity as an enterprise-wide risk management issue, and encourages directors to understand the legal implications of cyber risk as they apply to their company’s specific circumstances. Boards can encourage them to build that arsenal. Meanwhile, boards can and should vigorously defend themselves against voting campaigns that would disrupt board continuity at the expense of various stakeholders, including not only shareholders but also employees and their communities.

Walmart: What Price Integrity?

The issue. Does the board have a right to invest heavily in building an ethical culture or should shareholders get more of that money? Sometimes it seems that boards are damned if they do and damned if they don’t. On June 6, Walmart shareholders voted to reelect the entire Walmart board, and to reject a proposal that would mandate a separate chair and CEO, among other votes. This vote occurred despite campaigns against the directors in March; both the CtW Investment Group (on March 19) and ISS (on March 25) issued reports critical of Walmart, recommending that shareholders vote against two existing directors, as well as the company’s executive compensation proposals. They claimed that the company failed to disclose information to shareholders regarding sums spent on investigations into alleged company violations of the Foreign Corrupt Practices Act. In fact, Walmart did publish a global compliance report with details on its programs, so the main reason for the critique seems to be the amount of money spent on compliance. Randy Hargrove, a Walmart spokesperson, has assured the public that “[t]he board has authorized whatever resources are necessary to get to the bottom of the matter.”

The lesson. Boards have the right and, one might argue, the obligation to invest resources to ensure ongoing efforts to improve compliance and integrity. Global companies have many employees and agents to oversee. Policies can go only so far. Perhaps the best guidance here comes directly from the classic Delaware Chancery Court decision in the Caremark case (1996) in which Chancellor William Allen, finding in favor of a defendant board in an insurance kickback case, held that a board as part of its duty of care has an obligation to “exercise a good faith judgment that the corporation’s information and reporting system is in concept and design adequate to assure that appropriate information will come to its attention in a timely manner as a matter of ordinary operations.” If a board fulfills that requirement, its oversight should be praised rather than condemned.

Ashford: A Tale of Two REITs

The issue. Who gets to determine governance—the board or shareholders? The recent history of the Ashford REIT complex provides a real-world laboratory for the issue. It all started in February when the Ashford Hospitality Trust (AHT) board amended AHT bylaws to require board approval of any future bylaw amendments. (Previously, AHT bylaws could be amended by shareholders without board approval.) One reason for this amendment is that the AHT board wants the company to remain under the protection of the Maryland Unsolicited Takeover Act (MUTA). The AHT board also voted to increase the number of shares required to call a special meeting of shareholders. In response, ISS called on shareholders to withhold votes for all but one director at the annual meeting on May 13. At that meeting, all directors were voted in by a majority of votes cast, despite a high amount of negative votes for the targeted directors. Earlier, shareholders of an AHT spin-off, called Ashford Hospitality Prime (AHP), which is advised by AHT, approved two proxy proposals submitted by Unite Here, a union representing workers in the garment and hospitality industries. AHP shareholders voted by a majority of 68 percent to have the company opt out of MUTA—a result that the AHT board hopes to avoid. So far the board of AHT is holding firm in favor of takeover protections and remaining under MUTA protection, unlike its AHP spin-off.

The lesson. Within the bounds of legal compliance, governance is a responsibility of the board, not the shareholders. So when it comes to preserving corporate independence, boards need not give up their corporate shields just because activists accuse them of being too defensive. This may well be a case of rhetoric versus reality. When the MUTA was passed 15 years ago (in 1999), the Baltimore Business Journal hailed it as good for investors: “Corporate takeover bill protects stockholders,” read the news item. In an editorial detailing the law’s provisions to a painstaking degree, the Baltimore Business Journal concluded: Some public commentary on the takeover bill has mistakenly suggested that it takes away all obligations directors have to stockholders. To the contrary, unlike Pennsylvania’s corporate law, which is highly pro-management and provides no relief to investors or stockholders in Pennsylvania corporations, Maryland law now provides some increased procedural advantage to and greater flexibility for directors, while preserving the primacy of stockholder value and providing an escape valve from the most troubling provisions for future investors in Maryland corporations. It seems that with the passage of time, and inattention to statutory language, the anti-MUTA myth has risen again. We will watch this case for further developments.

Conclusion

These developments have involved different issues—financial planning, mergers and acquisitions, compensation, cybersecurity, internal controls, and takeover protection. Nevertheless, these developments point to the need for ongoing director education on risk oversight in all of these areas, not just in a classroom, but also on the job, and with more active monitoring. These stories also show the value of understanding the evolving expectations of governance itself. As directors face increasing pressures to continually know more and do more, they can strive to improve, yet at the same time recognize the intrinsic limitations of the board’s role. Directors should also seek to provide investors with information on the context and rationale behind the board’s decisions, as part of the company’s overall shareholder engagement and communication program. This close look at current struggles has yielded important lessons—and guidance for an ever-challenging future.