From left: Shelley Broader, David Walker, Jan Fields, and Lauren Smith
Chico’s FAS, parent company of the Chico’s, White House Black Market, and Soma brands, made headlines in 2016 when an activist investor dropped its bid for board seats at the company. Chico’s FAS was one of the largest U.S. companies targeted in a 2016 proxy contest. The company’s victory was credited to a number of factors, including the new CEO’s clear vision and the board’s preemptive work on governance.
NACD’s Florida Chapter recently convened a program at the Chico’s FAS headquarters in Fort Myers, hearing insights from NACD Florida Chapter Board member and Chico’s FAS Chair David Walker; Jan Fields, chair of the company’s corporate governance and nominating committee; and Chief Executive Officer and President Shelley Broader.
To set the stage for the discussion, the group shared details about the company’s situation in 2015, prior to hearing from the activist:
In the spring of 2015, the company was coming off a weak earnings announcement. The stock was languishing.
Fields recognized the situation and began to put together a plan in her new role as head of the company’s corporate governance and nominating committee.
Walker became the chair of the Chico’s FAS board.
As the prior CEO retired, Broader was identified and slated to join in December of 2015.
She quickly assessed and provided the company with a four-pillar strategy that was underpinned by the philosophy that the customer is looking for an excellent experience.
Based on the actions the board took during this period, the panelists shared key steps that every company should consider—not just to fend off activists but, more importantly, to ensure the board and management are looking after all of the company’s shareholders:
Ask the question, “What makes us so appealing to an activist?” Think about operations, capital allocation, governance, etc.
Know your shareholders. The stock of Chico’s FAS is widely held, so having a strong and engaged investor relations group is a critical element in the company’s success.
Identify a team to help point out weaknesses and prepare for challenges. This team could include legal, public relations, proxy advisors, investment banks, etc.
Use the newly-formed team to help you look at the company like an activist shareholder might, and be willing to make tough decisions when performance lags. Look at your company against its peers and review what analysts are saying.
Utilize a skills and experience matrix to ensure the board has the talent it needs to provide oversight to the company. To avoid directors rating themselves as expert in all areas of the skills matrix, ask each director to rate his or her top three areas of strength. Consider term and age limits. Recruit “rock stars” when you need new board members and make sure they are filling any gaps identified in your matrix.
When the activist challenge arose, the Chico’s FAS board agreed on the key members who would focus on the issue, and management did the same thing, ensuring that all but a small group at the company would continue to devote themselves entirely to advancing the company’s four-pillar strategy and running the day-to-day business during the proxy fight.
For those tasked with meeting personally with an activist, Broader repeatedly stressed the need to actively listen to the activist. Be sure to understand the activist’s point of view without reacting or prejudging any ideas or suggestions.
Though settling with an activist can sometimes be in the best interest of shareholders, leadership at Chico’s FAS determined that a fight to the proxy stage was warranted. A select group went on a roadshow, visiting significant investors, and creating tailored presentations based on the investor’s particular interests. The group also met with proxy advisory firms by phone.
The meetings proved highly valuable, with these firms ultimately siding with the company. In all of its meetings, the company articulated its strategic plan, introduced its slate of board candidates, and explained in detail why both were better options than those being proposed by the activist.
Lessons learned from Chico’s brush with an activist investor follow.
Shareholder relationships are like a vaccine. Maintain robust, ongoing engagement.
Be open to change after a vulnerability review. Taking action to address vulnerabilities can result in a stronger defense if one is needed.
Be willing to consider settlement but don’t settle if it is not in the company’s best interests.
Adopt corporate governance best practices. For example, director independence both by definition and in thinking is critical, and executive pay should be tied to performance. A board must continually hold itself accountable. (It is worth noting that Chico’s FAS is a full board member of NACD.)
What does the future hold for the company? Broader says that interesting times are ahead for retail in general, and innovation and design will be important drivers of her company’s success. While others are taking resources away from brick and mortar stores, Chico’s FAS recognizes the storefront as a key component of its omni-channel approach. No matter the path, the company’s board and management team have now learned a great deal about staying ahead of activists.
NACD Florida would like to thank the team at Chico’s FAS, for hosting the program and the panelists for sharing their experiences with attendees.
Kimberly Simpson is an NACD regional director, providing strategic support to NACD chapters in the Capital Area, Atlanta, Florida, the Carolinas, North Texas and the Research Triangle. Simpson, a former general counsel, was a U.S. Marshall Memorial Fellow to Europe in 2005.
While technical defenses might help stave off some attempted hacks, sooner or later a company will become a victim of cybercrime, and a contingency plan for communicating about the aftermath of an attack is critical for any organization. RANE recently reached out to several experts for their advice to companies for managing the flow of information and maintaining control of an organization’s reputation in the event of a breach.
The Initial Response
Ann Walker Marchant
“There’s a lot to gain or lose when you approach the equity you’ve built in your brand—and trustworthiness is part of the value of your brand,” says Ann Walker Marchant, CEO of The Walker Marchant Group. After a breach, an organization’s leadership must keep in mind all of the people who have placed trust in the brand. The impacted enterprise must convey that it is “willing to do whatever it takes to ensure you minimize risk to them,” she adds.
“You have to understand that it’s most important you’re communicating with your own people internally,” Christopher Winans, executive vice president and general manager at Hill+Knowlton Strategies, argues. Organizations should not allow internal stakeholders to learn about a crisis from external sources. “When your own people are finding out through press reports, it harms confidence within your [entire organization].”
“With a cybersecurity breach, you often don’t know what’s been compromised, at least at the very beginning,” Walker Marchant explains. Often, the best bet is to expect the worst. “You’ve got to assume they’ve got everything and act accordingly without appearing to create fear and panic with your internal and external audiences,” while simultaneously dealing with pressure from various audiences and stakeholders, Walker Marchant said.
Reaching Out to Regulators
A client update published by Debevoise & Plimpton LLP, titled “How to Disclose a Cybersecurity Event: Recent Fortune 100 Experience,” states that Fortune 100 companies disclosed 20 “incidents of major data breaches or cybersecurity events between January 2013 through the third quarter of 2015.” Most of the affected organizations made initial public announcements via news reports instead of a current report on Form 8-K. Debevoise & Plimpton notes that companies that did go the Form 8-K route “most often did so where the breach involved customer financial information.” Organizations, the report’s authors add, “should also be mindful of selective disclosure issues and their obligations under Regulation FD.”
Debevoise & Plimpton also warns against the risk of disclosing incomplete information regarding a breach, noting that “the ‘known’ facts may represent a small piece of the cybersecurity risk mosaic, which can require significant forensic research to assemble.” Potential inaccuracies in any disclosure represent yet another risk for organizations.
Subsequent reporting of updated cyber risk factors were largely contingent upon how breaches were initially disclosed in periodic corporate reports. In annual reports that come after a material breach, the Debevoise & Plimpton report notes, many corporations “view their annual report as an opportunity to update and tailor risk factors more generally, and the occurrence of an intervening cybersecurity event provides fodder for such fine tuning.”
Differing Perspectives Within an Organization
Caution is important, although any delay in responding in a timely manner also presents a risk for targeted enterprises. At the outset of planning the response, Winans adds, “It is better to tell your constituencies what you don’t know than it is not to tell them anything.”
However, there are often conflicting viewpoints of how to act in the immediate aftermath. “The tech guys will weigh in and say the best thing the company can do is get a hold of the FBI and find all the things in the network that are screwed up so they can take action to fix it,” says Steven Bucci, a visiting fellow for special operations and disaster management at The Heritage Foundation. “But you’d be hard pressed to find any lawyers to give their leaders that advice; instead, they’ll say it will hurt the company’s bottom line, it’ll hurt the company’s stock, and it could open up the organization to claims by competitors. While all of that, frankly, is true, that leaves the organization as vulnerable as they were before the breach—and probably also in violation with the Securities and Exchange Commission, as well as open to potential lawsuits from customers or clients.”
Still, it’s understandable that a cautious approach may appeal to many who don’t want to create panic, or those who are simply conflicted over the best course of action, Walker Marchant says. On the other hand, any delay in crafting a measured public response can result in harm to an organization’s brand equity. “Stakeholders will want to know who knew what, when, and why didn’t you tell us?”
Winans says that a clear organizational response plan that involves upper management is crucial before a crisis. “The very first thing you need to do is create a team, a coordinating committee, that is made up of all the functional parts of the company—the C-suite, the CEO or COO. Ideally, it’s got to be the leader of the company that takes charge of the situation, and you have to have people from HR, legal, operations, IT and investor relations.” For a company that answers to a variety of regulators, it’s even more important to get people in different roles together.
“That’s a team that needs to meet every day,” Winans adds. And before an actual breach takes place, that same team should be practicing how they will respond to a worst-case scenario. Winans proposes a “flight school.” “We set up people to actually play out an actual scenario,” he says. “The whole thing is designed to feel like an actual crisis.”
Lessons of a Real World Response
The Sony Pictures hack is an instance where the company was a little more forthcoming, at least with law enforcement, because they had no idea who could be penetrating their systems so extensively. Nevertheless, they suffered serious criticism and ridicule for how poorly they guarded their network.
“Exactly what the breach entailed wasn’t clear at the very beginning,” Walker Marchant says. “It was death by a thousand knife wounds because it was that trickle-down approach, because every day was something different.” Lists of salaries, copies of unreleased films, and sensitive e-mail from senior leadership were also part of the data theft. Still, Bucci argues that “while they did get beat up pretty badly,” in the end “they got through it faster and with far more sympathy from the public by saying, ‘We got hammered.’”
As recent examples of flawed responses by organizations following cyber breaches highlight the risks of incomplete or inaccurate information, boards have one clear warning: Doing nothing is not an option. The age of instant communications and 24/7 media coverage ensures that very little in the cybersecurity universe can reliably remain under wraps for long—lessons that others have already learned the hard way.
“I think the biggest mistake is deluding yourself that you can contain this and no one will find out,” Winans says. “The fact is that very often the worst thing that can happen to a company isn’t a crisis situation. It’s how they respond to it.”
About the Experts
Steven Bucci is a Visiting Fellow for Special Operations and Disaster Management, as well as primary instructor in leadership, at The Heritage Foundation.
Debevoise & Plimpton LLPis a premier law firm with market-leading practices, a global perspective and strong New York roots.
Ann Walker Marchant is recognized as a preeminent strategist and counselor with more than 20 years of experience developing and leading wide-ranging initiatives for the White House and Fortune 100 brands.
Christopher Winans, executive vice president and general manager at Hill+Knowlton Strategies in New York, has 22 years of experience in journalism, 10 of those at The Wall Street Journal.
RANE is an information services and advisory company serving the market for global enterprise risk management. Learn more at www.ranenetwork.com.
With an expected regulatory downshift under the incoming Trump Administration, standard-setting for business conduct may move from the government to the corporate sector, with shareholders and socially conscious directors driving the trend in myriad areas, from industry-specific concerns such as animal welfare to broader issues such as climate change. To be sure, we will continue to see proxy resolutions in the dozen general categories that have become hallmarks for activists, but the rise in attention to social issues by activists seems inevitable (See Figure 1).
Corporate leaders and major shareholders alike are recognizing the role that social issues can play in corporate value. In 2016, corporate leaders and prominent investors issued “Commonsense Principles of Corporate Governance,” a collaborative document containing a key message: “Our future depends on…companies being managed effectively for long-term prosperity, which is why the governance of American companies is so important to every American.” Among their recommendations was the suggestion that boards pay attention to “material corporate responsibility matters” and “shareholder proposals and key shareholder concerns.”
As revealed in the NACD Resource Center on Board-Shareholder Engagement, proxy resolutions can play a role in raising board awareness of key issues. Although shareholder resolutions rarely win by a majority, and even then are only “precatory” (non-mandatory), they do raise boards’ awareness of issues and can spark change over time. Many of today’s governance practices began as failing proxy resolutions but ended up as majority practices, with or without proxy votes.
Take for example proxy bylaw amendments, which have only been fair game for proxy votes since spring 2012 (thanks to a new rule that removed director nominations from the list of topics disallowed for shareholder resolutions). That season saw only three proxy access resolutions at the largest 250 companies, and only one got a majority vote. Fast forward to spring 2016 when 28 companies had such votes, and nearly half succeeded in getting a majority vote. By December 2016, proxy access had been adopted by a majority of Fortune 500 companies, as Sidley Austin reports. Those early proxy access resolutions lost their early battles, but in the end, they won the larger war. The same could happen over time to social resolutions over the next four years.
Directors Want More Dialogue on Social Issues
Interestingly, directors seem to be intuiting that they will need to step up on social issues this year.The 2016-2017 NACD Public Company Governance Survey, which features responses from 631 directors surveyed in 2016, reveals a significant finding in this regard. When asked to judge the ideal amount of time to be spent on various boardroom topics, directors ranked five topics as highest in terms of needing more discussion time:
director succession; and
corporate social responsibility.
One in three respondents said they would like more time devoted to discussing the “social responsibility” topic. For all issues other than these five, fewer than a third of respondents said that the topics merited more board attention. While this is a relatively new question, NACD has asked similar questions in the past, and this is the first time our respondents have ever ranked social issues so highly as a “need to know” topic.
A Gravitational Pull to Social Issues With a Strategic Slant
So what lies ahead for the next proxy season in the social domain? Aristotle is attributed with coining the phrase “nature abhors a vacuum,” a theorem in physics aptly applied to the likely vacuum in new corporate rule-making in 2017. USA-first trade rules aside, we believe that shareholder activists may try to fill the break in Dodd-Frank rule making with their own social agendas.
As we go to press, attorney Scott Pruitt is slated to head his institutional nemesis, the Environmental Protection Agency, while Governor Rick Perry, former leader of oil-rich Texas, is in line to direct the Department of Energy. Neither man is likely to crack down on carbon-based fuels, so if shareholders want carbon reduction, they will need to redouble their own efforts—and indeed that seems to be the plan.
According to the environmental group Ceres, quoted in an overview by Alliance Advisors, LLC, U.S. public companies will face some 200 resolutions on climate change in 2017, up from a total 174 such resolutions during 2016. This prediction may be conservative. According to Proxy Monitor, in 2016 the 250 largest companies alone saw 58 environmental proposals—meaning that nearly one out of every four large companies faced one.
In other developments, As You Sow, a community of socially engaged investors, has already announced 46 of its own proxy resolutions, including three on executive pay. All the rest are on social issues, including climate change (11), coal (10), consumer packaging (5), and smaller numbers of resolutions in a variety of other social issues, including antibiotics and factory farms, genetically modified organisms, greenhouse gas, hydraulic fracturing, methane, nanomaterials, and pharmaceutical waste. The gist of many of these resolutions is to ask for more disclosure, including more information on the impact of current trends on the company’s strategy and reputation. For example, the “climate change” resolution in the Exxon Mobile proxy statement asks Exxon to issue a report “summarizing strategic options or scenarios for aligning its business operations with a low carbon economy.”
Similarly, the Interfaith Center on Corporate Responsibility has already announced the filing of five shareholder resolutions for the 2017 proxy of its longtime target Tyson Foods on a variety of issues, including one on the strategic implications of plant-based eating. Sponsored by Green Century Capital Management, the resolution seeks to learn what steps the company will take to address “risks to the business” from the “increased prevalence of plant-based eating.”
In the same vein, at Post Holdings, which holds its shareholder meeting January 28, a shareholder resolution from Calvert Investment Management asks for disclosure of “major potential risks and impacts, including those regarding brand reputation, customer relations, infrastructure and equipment, animal well-being, and regulatory compliance.” Note that animal welfare is only one factor here; Calvert is making a business case for the social change.