Category: Risk Management

Six Economic Factors Boards Need to Address Now

Published by

Dambisa Moyo

Dambisa Moyo is a renowned global economist, author, and board director. She is a preeminent thinker who advises key decision makers in strategic investment and public policy, as well as a trusted advisor on macroeconomics, geopolitics, technology, and millennial themes. Moyo currently sits on the boards of Barclays Bank and Chevron Corp. She will speak at NACD’s 2018 Global Board Leaders’ Summit on “Harnessing the Future” with Shelly Palmer. NACD’s Summit programming will feature a plethora of speakers who will focus on exciting future trends to keep board members ahead of the field.

We caught up with Moyo as she prepares for her keynote at Summit and for the release of her  book, Edge of Chaos: Why Democracy Is Failing to Deliver Economic Growth—and How to Fix It (Basic Books, 2018). Moyo shared her thoughts on the major economic issues that boards are overlooking, emphasizing why they should be addressed sooner rather than later. Highlights from the conversation follow.

What is one major economic issue that boards are currently overlooking that should be addressed sooner rather than later?

This quote is usually attributed to Mark Twain: “It ain’t what you don’t know that gets you into trouble. It’s what you know for sure that just ain’t so.” I think that is really a powerful statement. Too often we understand risk as being a constant, immediate and short-term. When it comes to risk, we need to take a fundamental step back. We need to look at the bigger picture to think about how we approach risk over the long-term.

Ask yourself, “What are the things we are not seeing today that we will look back on and wish we saw coming?” Board members 10 or 15 years ago were making very rational bets assuming that we were going to be in a globalized economy and in a stable democracy where there would be no populism, but that has turned out not to be the case. We didn’t anticipate issues such as populism, trade risk, tariffs, and protectionism.

  1. Technology and the risk of a jobless underclass Moving forward, the risk of creating a jobless underclass as a result of increasing automation and technological advances is considerable. Tech holds benefits in terms of reducing costs for companies, but where will revenue come from if no one is working and a large number of people live in a jobless underclass?
  2. Demographic shifts Our planet will hold 11 billion people by 2100. How do we navigate the challenges around aging populations and shifting consumer demands? Where should we transact our business and how should we transact our business? Companies need to think about this not only in terms of business but also in terms of hiring human capital. We have to focus on the quality and quantity of the world’s population and then figure out where our talent pool lies.
  3. Income inequality It has become clear that issues around pay have come to the fore. The issues of pay inequality between the genders, and between the company CEO and the company’s median or lowest-paid employees are now top of mind. Companies are now being required to address some of these income-inequality issues, which means that in the public’s mind the board’s governance responsibility has broadened from the idea that companies are just there to maximize shareholder value.
  4. Natural resource scarcity Natural resource scarcity has come to the forefront due to the imbalance between increasing urbanization and demand for products and the shrinking supply of arable land, potable water, energy, and minerals. This dynamic could create a lot of inflation. How do we navigate that?
  5. Debt Debt is at an all-time high. Virtually every class of debt is at a historical high: government debt, household debt, credit card debt, auto loans and student debt. Is that sustainable? The US Congressional Budget Office notes that US debt and deficits are a big risk and caution that they are unsustainable. It’s a big risk for companies because they have to decide if they should borrow at a low interest rate and what the debt burden will do to their customer base.
  6. Productivity Productivity should be increasing in a world where we do things more efficiently thanks to technology, but unfortunately we are actually seeing productivity decline around the world. There are real questions about what the implications might be for companies and growth around a decline in productivity.

Your new book, Edge of Chaos, will inform directors’ understanding of the current economic climate. Which topic would have the greatest impact on their oversight duties?

For corporate board members the most important issue is myopia. This is economic short-termism in both the corporate and political space. A lot of the issues threatening the global economy are long-term, intergenerational, structural problems in the economy. These harken back to my list of six economic problems. These are all long-term problems.

One of the biggest challenges that we face is that policymakers are paid and rewarded for short-term thinking. Policymakers are constantly facing reelection and that means they’re thinking very short-term in terms of how they deal with issues. Companies face a challenge because they are focused on reporting quarterly earnings and their investors are very keen to see the short-term returns. This is a hurdle that we need to reevaluate.

The mismatch between long-term economic challenges and short-term political myopia needs to be bridged. My book offers 10 ways to get through that. I also highlight some of the biggest consequences of short-termism that we’ve seen in the corporate space. For example, CEO and CFO tenures have shortened and the holding period by portfolio managers has shortened a lot. There have also been issues around the life span of companies. A company in the 1930s had a life span of around 100 years. It’s now only about 16 to 17 years before a company is bought and sold. All of these things lead to how companies should think about their overall strategy and how they fund themselves.

Don’t miss out on Moyo’s keynote, at the 2018 Global Board Leaders’ Summit, happening September 29 through October 2 in Washington, DC. There will be plenty of opportunities at Summit to discuss the future of the economy, globalization, and much more. Register now to attend.

Global Directors Hear from Scientist on Encryption, Human Error, and Homer Simpson

Published by

More information is hidden in plain sight than ever before. When the success of the global economy is hinged on the secure ownership of intellectual property and data, it behooves those who govern in the global company to understand how this information is being protected—and how it could be compromised. To that end, the National Association of Corporate Directors convened directors and cyber risk experts in Geneva, Switzerland, for its first Global Cyber Forum.

Dr. Simon Singh demonstrates the inner workings of an Enigma machine (Credit: Les Studios Casagrande).

Attendees from nearly every continent made their way to the Hotel President Wilson to confront the challenges of securing data across borders in light of complex and sometimes competing regulations. The European Union’s General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018, will be a watchword during each session. The complex and potentially costly regulation is likely to affect most companies that do business with or employ Europeans.

GDPR defines protected data far more broadly than the protections set by most country regulators. (Click here to learn more about the implications of GDPR.) Experts from international KPMG offices, cybersecurity firm Rapid7, AIG together with NACD cohosts Ridge Global and the Internet Security Alliance, will proffer their best advice on the interconnected challenges and solutions of cybersecurity oversight for today’s board directors.

NACD’s Global Cyber Forum commenced Tuesday night with a keynote presentation by popular scientist and author Dr. Simon Singh.

A particle physicist who completed his degree at Cambridge University while working at the European Organization for Nuclear Research (CERN), Singh has committed himself to helping everyday people understand some of the most complex concepts in modern math and science. He is the author of several books and won a BAFTA award for producing Fermat’s Last Theorem, a documentary based on the search to prove one of the most difficult mathematical theories in history.

Singh’s presentation in Geneva turned directors’ attention to “the history of secrecy,” a topic that he covers in his 1999 book, The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography (Doubleday). He pointed to writers of the popular TV programs, The Simpsons and Futurama, to highlight how unexpected points about mathematics and science hidden in plain sight and how susceptible we are to finding patterns that may have absolutely no meaning.

He cited several instances of codes being found in popular texts or songs, including in the rock band Led Zeppelin’s “Stairway to Heaven,” which when played in reverse has been interpreted to contain an evil message. When Singh queued up the song, at first no one in the audience heard any discernable words. Then he pointed to the lyrics on a slide deck and almost half of the audience “heard” the words. His point? To challenge the audience to be more skeptical and open to believing that which can be proven—or disproven—with rigorous evidence.

When the science of cryptography was introduced to the audience. Singh noted that messages can be found as a pattern almost anywhere—including in Moby-Dick, where one author found an inordinate number of passages pointing to history that had coincidentally happened since its publication in 1851. The human mind, however, has been able over the millennia to form some truly remarkable codes that have eluded prying eyes and minds for hundreds of years.

While some of the earliest computing machines, such as Enigma, developed during the First World War present nearly insurmountable odds against being deciphered, Singh reminded the audience that all ciphers are created by humans, and where there are humans, there is bound to be error. The same human curiosity and propensity to find patterns in behavior has led some skilled code-breakers such as those at the UK’s Bletchley Park who turned the tide of World War II by breaking codes.

Directors in the audience were challenged to think of the technologies that could protect their company’s own secrets while also considering the power—and foibles—of human error. Singh brought with him a prized possession: his very own Enigma machine.

When he turned to the audience to see if they had any questions about it after a brief demonstration, one attendee asked how the next frontier of quantum encryption would impact businesses. Singh pointed to the fact that scientists in Geneva were already sending messages encrypted at the quantum level within cities, and that others had sent quantum-secured messages via satellite. Quantum computing itself could make all encryption obsolete, he said. Such a development would render useless our current understanding of how to protect corporate assets, such as customer information and other data. He also noted that no one really knows what governments around the world have already achieved regarding this next frontier in information security.

 

Coverage of the full day of programming at the Global Cyber Forum is forthcoming in another installment of the blog and in the May/June issue of NACD Directorship magazine. 

Caution: GDPR is Big, and It’s Almost Here

Published by

Michael Walter

The European Union’s (EU) General Data Protection Regulation (GDPR) is causing a seismic shift in the digital information space, and, whether your company has a presence in Europe or not, the sweeping regulation likely applies. As a director in the era of bet-the-farm digital transformation, familiarity with the basics of GDPR is a must. To that end, Michael Walter and Joel Wuesthoff, experts from Protiviti and Robert Half Legal, respectively, recently presented the ins and outs of the regulation at an NACD Atlanta Chapter program.

Does GDPR even apply to my company?

Joel Wuesthoff

Effective May 25, 2018, it probably does. The regulation is borderless and applies to all organizations—regardless of size and regardless of whether they have a physical European location—that collect and process personal data of data subjects in the EU. An EU data subject is anyone from whom personal data is collected while in the EU (i.e. data subject is not limited to someone with EU “citizenship”). For example, a skier from Colorado who buys a snowboard online while in the EU may subject the product seller to the GDPR. The rules apply to both data controllers and data processors. The range of information that is protected is quite broad, ranging from vehicle identification numbers to photos to employment information to IP addresses.

If GDPR applies, what’s the big deal?

In the U.S., personal information is often collected as a matter of course, with only an “opt out” offered to consumers. By contrast, GDPR requires that in order to collect information from EU data subjects, an affirmative “opt in” consent must be obtained that clearly specifies how the data will be used. Privacy policies must match. Then, once information is obtained, the EU data subject has the right to request that his or her data be deleted; that is, to invoke the right “to be forgotten.” Incorrect information must be corrected upon request. These rights may seem simple enough, but when data is held in multiple locations, developing a process to handle such requests may be quite difficult.

The burdens of GDPR cannot be outsourced, as companies have joint and several liability with third-party vendors. Due diligence requirements for vendors therefore will be heightened, and all in scope data processors will need to be GDPR compliant.

What if my company has a data breach or fails to comply?

In the event of a data breach involving an EU subject, the breached company has 72 hours to notify regulators and must notify EU data subjects without undue delay under certain conditions.

Fines for failure to comply with GDPR can be up to 20M Euros or four percent of an organization’s annual global turnover, whichever is higher. Further, data subjects can claim compensation for damages from breaches of their personal data.

GDPR won’t be enforced right away, will it?

The expectation is that GDPR likely will be enforced right away against global organizations that collect large volumes of personal data. However, beware. EU countries continue to hire people for enforcement of the GDPR. Also, since individuals have a right of action, it is unclear whether GDPR will be used as a manner of protest against companies that are unpopular with EU data subjects.

What should I be asking management?

The path to compliance with GDPR will require a multi-functional task force, including information technology, legal, human resources, privacy, and other functions. Directors may consider asking about the key phases of compliance:

  • Discovery and inventory: Have we identified high risk areas to ensure a focused approach?
  • Gap analysis: Have we determined exposure and prioritized compliance activities?
  • Compliance remediation: Are we implementing changes to achieve compliance?
  • Ongoing compliance: Are we prepared to provide evidence of accountability and compliance?

Boards may also want to discuss the appointment of—and ramifications of having—a data protection officer (DPO), required under GDPR for companies processing large scale data; however, bear in mind that the DPO is a unique intermediary between the regulators, the organization and the data subjects who is required to be an independent actor within the organization reporting up to the highest levels of the organization. Care must be taken prior to appointing a DPO as significant obligations attach once this decision is made.

In short, GDPR’s long reach and substantial requirements merit fulsome discussions in the boardroom, even of U.S. companies. Is your company ready?

 

Looking to learn more about how your board will be impacted by GDPR? Stay tuned. NACD will release an FAQ brief in May. You can also learn more from Protiviti by visiting protiviti.com/gdpr.

Kimberly Simpson is an NACD regional director, providing strategic support to NACD chapters in the Capital Area, Atlanta, Florida, the Carolinas, North Texas and the Research Triangle. Simpson, a former general counsel, was a U.S. Marshall Memorial Fellow to Europe in 2005.