Category: Legislative & Regulatory

Separating Signal from Noise: How Corporate Boards Are Making Sense of the New Administration

Published by

A few weeks into the Trump presidency, it is tempting to obsess about the political rhetoric and soundbites coming out of Washington, DC. While the first month of this new administration is certainly unprecedented in style, method, and message, the real cumulative impact on business remains unclear.

The combination of the chaotic start, the many political appointee vacancies across key departments and agencies, conflicting policy views between a Republican White House and Republican-controlled Congress on key issues, and ongoing investigations makes it challenging for businesses to respond and separate signal from noise.

Nevertheless, a recent pulse survey conducted by the National Association of Corporate Directors (NACD) offers some early insight into how companies and their boards are starting to navigate this new political environment.

Trump Blog Graphs-011. A small majority of respondents (51%) is positive or very positive about the possible impact of the new administration on the growth prospects for their companies in the next 2 years. Almost 29 percent of respondents rated the possible “Trump effect” on business as either negative or very negative.

The differences in outlook are likely influenced by the relative dependence of individual companies on the benefits of international trade, the expected industry benefits of deregulation and infrastructure spending, and perceptions about the impact of a changing US leadership role in the global economy and security architecture.


2. Corporate tax reform, deregulation, and trade protectionism are the most highly ranked “policy” topics that respondents plan to discuss at their next board meeting.
That’s not surprising since the (gradual) effect of policy changes in these three areas can significantly alter cost and revenue Trump Blog Graphs-02projections for business. The big question for many boards and executive teams will be whether the potential
fallout from trade protectionism (actions by the United States and possible retaliation by its trading partners) would offset any gains from a reduced tax and regulatory burden.

Trump’s unorthodox approach of injecting himself in the daily business of individual companies and their decisions seems to concern fewer respondents. Only 13 percent plan to discuss reputational exposure and management at their next board meeting.


3. Fifty-one percent of companies are now reassessing core assumptions about the impact of new and proposed policies on their strategic growth plans,
which is an important exercise when so many key variables are moving or likely to move in the near future (for example, corporate tax rates, inflation, value of the dollar, interest rates, and import/export barriers).

Trump Blog Graphs-03Also, in response to the speed and ferocity with which consumers in this very polarized environment now react to corporate actions, many business leaders are beginning to proactively communicate the authenticity of their brand and their company’s contributions to society. More than 44 percent of respondents report that their companies are now reaffirming their core values and commitments to key stakeholder groups.

4. Only 25 percent of respondents decided to introduce scenario planning exercises to adapt to changes in the operating environment. Of that group, 85 percent are considering discontinuous scenarios based on major swings in key economic indicators, while 76 percent are scenario planning different outcomes from the planned overhaul of the US corporate tax system. Other macro-issues, for which boards will use scenario-planning in the coming months, include the possible repeal of the Affordable Care Act, the commercial fallout of trade protectionism, and the impact of significant geopolitical crises.

If used effectively, these scenario exercises can help open the minds of decision-makers—corporate directors included—to different signals, and prepare for surprises that directly affect the business strategy. Leading companies actively monitor for such signposts that would trigger course corrections in their strategic pathway.

To help corporate directors sense and respond to changes in this operating environment, NACD continuously assesses and interprets the impact of emerging issues. Every week we post our most recent analyses in our Emerging Issues Resource Center. Stories are accessible to all members.

13 Questions Directors Should Ask in Post-Election America

Published by
Kimberly Simpson

Kimberly Simpson

What questions should board members ask the leadership of their companies in the weeks to come? Political experts Terry Baxter, who served in three presidential administrations and is the former CEO of the National Transportation Safety Board (NTSB), and Alex Castellanos, co-founder of public affairs firm Purple Strategies and current member of CNN’s political analysis team, opined on considerations for the business community in this time of political and societal uncertainty.

Castellanos shared that President-Elect Donald J. Trump is highly aware that his administration will be under pressure to enact policies that produce economic growth. Both panelists agreed that the success of the new administration will also hinge on delivering on regulatory and tax reform, as well as changes to healthcare policy. Ever present in the incoming administration’s actions will be the populist sentiment that propelled the success of the Trump campaign. Castellanos suggested that companies that expect to succeed in this environment should be prepared to tell their story about how they are contributing to American renewal, including domestic job growth.

Attendees took away from the program several key questions that directors should be asking of management—and of each other—in post-election America:

Questions for Management

  1. Information gathering: How are we informing ourselves about the new administration’s proposed policies, the implementation of those policies, and what those changes might mean for our company?
  2. Outreach: What is our outreach and engagement plan for advancing our positions on important issues with the new administration?
  3. New trends: How is our company identifying current trends, disruptors, and business impact issues? How are we identifying key actions that have longer-term or permanent implications?
  4. Tax policy: What are we doing to prepare for shifts in the tax policy?
  5. Spending: How are we positioning the company to benefit from proposed spending on infrastructure?
  6. Growth: What core assumptions about our business’s growth should be reconsidered in light of the changes in government? What possible, emerging growth opportunities are on the horizon that we should be anticipating? Do we have a capture plan in place for these growth opportunities?
  7. Exposure: What is our exposure to trade policy changes and the fluctuation of the U.S. dollar?
  8. Supply chain: Do we know which of our critical suppliers could be impacted by a shift to a nationalist trade policy?
  9. Strategic planning: How are we integrating political risk analysis and assessments into our strategy and risks processes?
  10. Scenario planning: How robust and effective are our current scenario-planning processes, and how prepared are we to act quickly if needed?
  11. Technology: What impacts will the new administration have on the growth of technology?

Questions for Fellow Directors

  1. Compensation: What objectives are our compensation plans setting out for key executives and business units? Are we rewarding the right activities and the right behaviors?
  2. Board composition: Does our board have the right combination of skills, diversity, and experience to provide effective guidance and oversight to management?

The audience also left with an important piece of advice. Castellanos cautioned that, in a world where we get our news from each other and the President-Elect has an affinity for social media, it is more critical than ever for companies to have a well thought-out corporate social media strategy.

Note: The views and opinions expressed in this blog are those of the speakers at this event and do not necessarily reflect the views or opinions of the National Association of Corporate Directors (NACD) or the NACD Capital Area Chapter.


Kimberly Simpson is NACD regional director for the Southeast, providing strategic support to NACD chapters in the Capital Area, Atlanta, Florida, the Carolinas, and the Research Triangle. Simpson, a former general counsel, was a U.S. Marshall Memorial Fellow to Europe in 2005.

Cross-Border Information Flows: Existing and Developing Challenges

Published by

In this digital age, an organization’s ability to collect, analyze, aggregate, associate, and securely share data around the world is mission-critical. However, an increasing number of laws have been adopted across the globe regulating and restricting the transfer of information, ranging in type from data privacy-focused regulations to national security-focused regulations.

web-meyer

Joan Meyer

michaelegan_bmckenzie

Michael Egan

Regulatory restrictions can present significant challenges for global organizations, as they could directly impact business transformations (e.g., new cloud sourcing arrangements, the collection of mobile and Internet data, big data analysis projects, and the like) and corporate compliance initiatives (e.g., auditing, monitoring, internal investigations, e-discovery, whistleblower hotlines, and other similar compliance undertakings).

Knowing what these restrictions are, how they impact the business, and how the organization is addressing compliance are key to the board’s oversight of data management practices, which are an increasingly fundamental business element.

Knowledge is Power

Because regulations are increasingly impacting how information may be collected, used, and transferred, it is essential for directors and executives to understand these regulations and to apply best practices. By doing so, boards can help their organizations mitigate the risk of exposure to regulatory noncompliance, in particular as the potential penalties for noncompliance become increasingly material. To accomplish this, boards must ensure that their organizations are informed of the five W’s of data to stay ahead of the compliance curve:

  • Who – Who are we, who are our data subjects, and who has access to our data?
  • Where – Where do we keep our data and where do we transfer our data?
  • Why – Why do we collect and transfer this data?
  • When –When are we retaining data and for how long, and when do we share it with others outside the organization?
  • What – What solutions do we have in place to safeguard regulated data and what elements are in place address any local requirements, including cross-border transfer requirements?

Data Privacy-Related Cross-Border Transfer Restrictions

Outside of the United States, many jurisdictions, including those in the European Union, regulate the collection, processing, and transfer of personal data via comprehensive data protection laws that cover a broad range of personal data and activities related to such information, including its collection, use, and transfer. Considering the ubiquity of data collection for marketing, commerce, and employment purposes, these regulations have significant implications for a broad range of businesses.

Personal data covered by these regulations is often broadly defined to include any information relating to, or that could be linked to, an identified or identifiable individual, including the following:

  • Name
  • Email address (including work email address)
  • Title
  • Telephone number
  • Payment card information
  • IP address

These regulations often restrict the transfer of such personal data across international borders unless certain conditions are met. The first question in the analysis is often whether the data is being transferred to a jurisdiction that provides similar or “adequate” protection for personal data.

If the answer is “no,” then investigate whether:

  1. adequate safeguards have been put in place or some other justification for the transfer can be relied upon; and/or
  2. whether a derogation applies (e.g., the data subject has consented to the transfer or the transfer is required for the performance of a contract).

It is important to note that accessing personal data remotely in a different jurisdiction from the one in which it is stored is often viewed by foreign regulators as a transfer to that other jurisdiction (e.g., viewing data stored in Germany from a computer in the U.S.). It is also noteworthy that United States’ legal protections for personal data frequently fail to meet the “adequacy” standards of authorities in more highly regulated jurisdictions, such as those in the European Union.

Data Privacy-Related Cross-Border Transfer Solutions

There are several solutions for organizations that need to transfer personal data across borders to countries that may not be deemed to provide “adequate” protection to personal data by certain foreign authorities, such as the United States. Boards should ask management teams to verify that one or more of the following solutions is in place to comply with applicable cross-border data transfer restrictions:

  • Consent – Where appropriate, ensure that the data subject has given his/her voluntary and unambiguous consent to the proposed transfer. It is important to note that this option may not be available for employee data in certain jurisdictions in which employees are generally not seen as able to provide voluntary consent to their employers, such as in Germany or France.
  • Data Transfer Agreements – Review whether or not contractual provisions designed to provide adequate protection to the personal data transferred are utilized by the organization both for internal cross-border transfers between affiliated entities and for transfers to third parties (e.g., the EU Standard Contractual Clauses).
  • Binding Corporate Rules – Determine whether the organization should adopt enhanced internal personal data protection policies and procedures within the group of companies, referred to as Binding Corporate Rules, and have those approved by the applicable regulators in order to rely on them as a solution.
  • EU-U.S. Privacy Shield Framework – For transfers of personal data from the European Economic Area to the United States, determine whether the recently approved EU-U.S. Privacy Shield Framework, which provides that organizations self-certified to the Framework are deemed to provide “adequate” protection to personal data by the European Commission, may be an appropriate solution.

These solutions will likely continue to evolve, along with the various regulations that impose the restrictions, in order to address the ever-changing digital marketplace. For example, under the new European General Data Protection Regulation (GDPR), which comes into effect in May of 2018, requirements around what constitutes valid data subject consent will have more prescriptive conditions and any new decisions by the European authorities deeming that a non-EU jurisdiction provides “adequate protection for personal data” will likely be subject to more rigorous requirements (although existing “adequacy” decisions will be grandfathered). The penalties are also increasing, with fines for violating the GDPR going up to EUR 20,000,000, or 4 percent of the total worldwide annual turnover of the preceding financial year, whichever is higher. Furthermore, beyond data privacy-related cross-border transfer restrictions, boards should also be aware that there may be additional potentially applicable cross-border transfer restrictions on organizations, including those related to national security or state secrets.

Given the significant financial and regulatory burdens for non-compliance, boards need to understand how these cross-border transfer regulations may impact their organization and stay informed of their organization’s compliance position, and any risk decisions made related thereto, when it comes to both current and future data collections and uses.


As a partner at Baker & McKenzie LLP, Michael Egan advises clients across a range of industries regarding the legal aspects of global privacy and data protection, data security, information technology, and related restrictions on data collection and transfer. Joan Meyer chairs the North America Compliance, Investigations & Government Enforcement Practice Group at the firm.