Tag Archive: Compliance

Applying the SEC’s Newest Guidance on Pay Ratio Disclosures

Published by
alexandralajoux

  Alexandra R. Lajoux

“It ain’t over ‘til it’s over.” Truer words were never spoken when it comes to the new pay ratio rule.

A key chapter in pay regulations closed August 5, 2015 when the U.S. Securities and Exchange Commission (SEC) issued its final rule on the pay ratio disclosure mandated by the Dodd–Frank Wall Street Reform and Consumer Protection Act. This final rule capped a two-year comment period intended to resolve many thorny issues around exactly when and how to calculate the two numbers involved in the rationamely median employee compensation/CEO compensation. (To see NACD’s comment letter, visit the NACD Resource Center on Corporate Governance Standards and click on our Comment on Pay Ratio.)  The NACD comment letter, like some others, noted that the “annual total compensation” figure can be misleading, and suggested solving this problem by asking the SEC to permit the use of industry averages, to limit employees to full-time domestic employees, and to permit supplemental notes. In its final rule, the SEC did not make these changes but did address concerns about total annual pay by allowing companies to use any “consistently applied compensation measure” (CACM) to calculate median annual compensation for employees.

This concept of a CACM led to questions, however. So on October 18, 2016, the SEC’s Division of Corporation Finance addressed them by updating its C&DI for Regulation S-K, one of the 32 “Compliance and Disclosure Interpretations” (C&DIs) the staff maintains on its most complex regulations. Although the five questions raised are technical rather than strategic, and represent only a tiny fraction of the many issues raised by the final rule overall, they still merit board attention. Therefore, this blog presents, in simplified English, the five ratio-relevant Q&As in the newly updated C&DI (codified under Section 128 C) and provides a key question and a final “takeaway” for boards.

Summary of the SEC’s Five Questions and Answers

Summary of Question 1: If a company does not use annual total compensation to identify the median employee, how should it choose another consistently applied compensation measure (CACM) to do so?

Summary of Answer 1: SEC’s updated C&DI assures companies that a CACM can be any measure that “reasonably reflects the annual compensation of employees,” but asks that companies explain their rationale for the metric they choose. An appropriate CACM will depend on “particular facts and circumstances,” says the SEC. For example:

  • Total annual cash compensation can work as a CACM, unless the company has also made a wide distribution of annual equity awards for the same period.
  • Social Security taxes withheld would likely not be an appropriate CACM unless all employees earned less than the Social Security wage base.

Summary of Question 2: May a registrant exclusively use hourly or annual rates of pay as its CACM?

Summary of Answer 2: No. Although an hourly or annual pay rate may be a component used to determine an employee’s overall compensation, the use of the pay rate alone generally is not an appropriate CACM to identify the median employee.

Summary of Question 3: When a registrant uses a CACM to identify the median employee, what time period may it use?

Summary of Answer 3: The SEC’s answer to this question says that the company must select a date within three months of the end of its most recent fiscal year to determine the population of employees from which to identify the median employee. The CACM need not be contemporaneous. In fact, it can come from the prior fiscal year, as long as there has not been a material change in the registrant’s employee population or employee compensation arrangements—that is, a change that would “result in a significant change of its pay distribution to its workforce.”

Summary of Question 4: What about furloughed employees?

Summary of Answer 4: The SEC’s response clarifies that the final rule identifies four classes of employees: full-time, part-time, temporary, and seasonal. It does not define or even address furloughed employees, because a furlough could have different meanings for different employers. It is a matter “facts and circumstances” and provides additional guidance on the matter.

Summary of Question 5What about independent contractors? Under what circumstances can their pay be included in the CACM for the employee?

Summary of Answer 5: The final rule had stated that “leased” workers are excluded from the definition of employees “as long as they are employed, and their compensation is determined, by an unaffiliated third party.” The SEC’s answer preserves this distinction, and gives some flexibility. In determining when a worker is an “employee,” the company “must consider the composition of its workforce and its overall employment and compensation practices.” So a company should include workers whose compensation it (or a subsidiary) determines “regardless of whether these workers would be considered ‘employees’ for tax or employment law purposes.”

NACD Takeaway
Are you familiar enough with compensation patterns in your company to know whether a chosen CACM “reasonably reflects” the compensation in your company? If not, you may wish to meet with the officer responsible for employee pay below the executive level to get a better sense of this important issue.

Compensation committees have traditionally focused on executive compensation, leaving employee compensation to management. In the past few years, however, several factors have combined to broaden the committee’s purview, including concerns about pay disparity, and the new requirement to disclose compensation risk. Therefore, more compensation committees are overseeing enterprise-wide pay. For example, in its 2016 proxy statement, WPX Energy disclosed that in the past year “With the oversight of our Compensation Committee, we conducted a risk assessment of the Company’s human capital with a focus on enterprise-wide compensation programs.” (Emphasis added.)

The key word in all of these questions and answers is “reasonably.” It is exactly the right word for compensation committees to use as they oversee this disclosure, as well they should.


Alexandra R. Lajoux is chief knowledge officer emeritus at the National Association of Corporate Directors. 

What Boards Should Look for in Corporate Ethics and Compliance Programs

Published by

One of the board‘s key responsibilities is the oversight of a company’s conduct, including the strength of its culture and the effectiveness of its ethics & compliance (E&C) program. In recent years, that responsibility has become even weightier. Recent corporate scandals, such as Volkswagen, Unaoil, and Mitsubishi Motors, have created public skepticism about business ethics, and policy makers have responded with a new emphasis on accountability for both companies and responsible individuals, including directors who are either negligent in preventing fraud or willingly participate in it. Enforcement agencies now scrutinize a company’s E&C efforts before making prosecutorial decisions by inquiring about board oversight in the company’s approach to E&C.

Ronnie Kann

Ronnie Kann

Patricia Harned

Patricia Harned

Organizations around the world invest tremendous resources to establish internal E&C programs and prevent corporate wrongdoing. Although E&C was historically a U.S. focus, a number of international standards have heightened the importance of E&C programs globally: the UK Bribery Act; the new International Organization for Standardization (ISO) 19600 Compliance Management System Guidelines; and the OECD Anti-Bribery Convention.

Directors observe these developments and scratch their heads. What does an effective E&C program look like? How can we succeed with E&C without stifling our business? What is the board’s role in E&C oversight? Has any organization gotten it right?

There is good news for directors. There are exemplary organizations—representing a wide variety of sizes, sectors, and industries—that have raised the bar even higher than mere compliance with the law. These organizations have transformed their workplaces through their E&C efforts to yield stronger, more positive results. And even better, there is now a framework to help directors guide their own organizations in establishing such an E&C program.

The Framework: Principles and Practices of High-Quality E&C Programs

In May 2015, the Ethics & Compliance Initiative (ECI) convened a group of 24 thought leaders with E&C program experience, including corporate directors, former deputy attorneys general, former members of the United States Congress, business executives, senior E&C practitioners, and academics. The panel produced a new report with leading principles and practices for effective E&C program implementation: Principles and Practices of High-Quality Ethics & Compliance Programs. The report includes five key principles practiced by organizations not satisfied with “minimum” E&C efforts; these organizations are referred to in the report as high-quality programs (HQPs). The principles, which should be tailored to each company’s individual circumstances, are adapted below from the original report:

Principle 1:  Ethics and compliance is central to business strategy.

  • E&C is both a function on the organizational chart and is considered to be an essential element within every operation.
  • A high standard of integrity and compliance is articulated as a business objective, and every strategic decision is evaluated for alignment with the organization’s values and standards.
  • An HQP ensures compliance with law and regulation, and is resourced to help leaders across the organization understand their critical role in setting and meeting the standard for integrity.
  • The E&C program is expected to provide an independent voice, and regularly updates the board on E&C objectives, risks, and progress.
  • HQP staff maintains excellence by dedicating themselves to continuous improvement in E&C through innovation, engagement with stakeholders (inside and outside the organization), and consistent consideration of employee feedback.

Principle 2: Ethics and compliance risks are identified, owned, managed, and mitigated.

  • While organizational values are the heart of any E&C program, risk assessments provide the foundation upon which HQPs are built.
  • E&C staff collaborates across the organization to support a risk assessment process that identifies, prioritizes, and mitigates risk consistently.
  • Compliance performance, strength or weakness of organizational culture, employee willingness or fear to report, and other key E&C areas are evaluated and reported to the board as potential risks to the organization.
  • Leaders at all levels assume ownership for the ongoing identification and mitigation of risks that are relevant to their areas, both inside and outside the organization.
  • The board is regularly briefed on emerging E&C risks and how the E&C program is monitoring and mitigating risks where necessary.

Principle 3: Leaders at all levels across the organization build and sustain a culture of integrity.

  • Culture is the largest influencer of business conduct, and leaders are recognized as the primary drivers of that culture.
  • Leaders throughout the organization are committed to, and responsible for, making ethical conduct and decision making central to the organization and its operations.
  • The board assumes responsibility for evaluating the performance of senior management in providing ethical leadership and setting a proper tone at the top.
  • HQPs equip managers and supervisors with the support needed to make those values relevant to their day-to-day operations.
  • Recognizing that employees at all levels make ethics-related choices every day, HQPs provide resources, guidance, and training that emphasizes to all employees the importance of acting in accordance with shared values, seeking help, and speaking up.

Principle 4: The organization encourages, protects, and values the reporting of concerns and suspected wrongdoing.

  • HQPs focus on establishing an environment where issues can be raised long before situations are elevated to the level of misconduct.
  • HQPs prepare leaders and supervisors to respond appropriately if/when employees do come forward with concerns about wrongdoing.
  • Managers understand the impact of their actions, and HQPs hold them accountable for contributing to a culture that does not support the reporting of concerns.
  • There are focused efforts to prevent and deter retaliation.
  • HQPs treat all those who report violations fairly and consistently, and effectively support employees who report suspected violations.
  • The board is regularly briefed on high-level trends in employee reporting, and management is expected to be transparent with the board when substantive “bad news” transpires.

Principle 5: The organization takes action and holds itself accountable when wrongdoing occurs.

  • Investigations are timely, neutral, thorough, competent, and consistent.
  • When a violation is confirmed, the organization responds with appropriate consequences, regardless of the violator’s position within the company.
  • The organization maximizes learning from every substantiated case of wrongdoing.
  • HQPs recognize that technology has increased reputational risk.
  • HQPs have well developed systems for escalating issues, with regular testing for crisis management and response.
  • When appropriate, HQPs disclose issues to appropriate regulatory and government authorities and work cooperatively to respond to their concerns.
  • The board is well informed when substantive issues arise that require organizational accountability to stakeholders.

As corporate directors know better than anyone, there is no one approach to effective ethics and compliance. Each company’s circumstances are unique; therefore, their E&C programs must vary accordingly. But there are some universals among organizations that “get it right,” particularly when it comes to implementing a proper E&C tone at the highest levels of the organization. The board has an essential role in setting the expectation that the organization will not be satisfied with upholding only the minimum standard. Understanding the principles and practices that characterize leading E&C practice will help board members engage with management to ensure that the highest standard of integrity is seamlessly aligned with the performance of the organization overall.

See NACD’s Director Essentials: Strengthening Compliance and Ethics Oversight for more guidance on how directors can effectively oversee compliance and ethics efforts at their companies. Fortune 500 company directors offer additional insights on the role of the board and the audit committee in E&C oversight in the research brief NACD Audit Committee Chair Advisory Council: Audit Committee Oversight of Compliance.

Patricia Harned is CEO of the Ethics & Compliance Initiative (ECI) and frequently speaks and writes about workplace ethics, corporate governance, and global integrity. Ronnie Kann is executive vice president of research and program development at ECI, having served chief ethics and compliance officers, general counsel, and chief human resource officers throughout his career. Harned and Kann both contributed as authors to the ECI report Principles and Practices of High-Quality Ethics & Compliance Programs. The Ethics & Compliance Initiative (ECI) empowers its members across the globe to operate their businesses at the highest levels of integrity. ECI provides leading ethics and compliance research and best practices, networking opportunities, and certification to its membership, which represents more than 450 organizations across all industries. ECI is comprised of three nonprofit organizations: the Ethics Research Center, the Ethics & Compliance Association and the Ethics & Compliance Certification Institute. www.ethics.org

The Board’s Role in Mitigating U.S. False Claims Act Risks

Published by

The U.S. False Claims Act (FCA) is an anti-fraud statute used to police the conduct of companies that accept federal funds or have payment obligations to the federal government. The government has been hugely successful in pursuing FCA cases, collecting $26.4 billion from 2009-2015, with $5.5 billion and $3.5 billion in 2014 and 2015, respectively. In light of these staggering figures, every company potentially subject to the FCA must be aware of and take steps to minimize its FCA compliance risk.

Tirzah_Lollar

Tirzah Lollar

Neace_Kathleen

Kathleen Neace

The FCA imposes liability on companies and individuals that submit “false claims” for payment to the government. Originally termed “Lincoln’s Law,” the FCA was enacted during the Civil War to bring to justice suppliers who sold fraudulent goods to the Union Army. Its modern incarnation has expanded beyond its defense contracting roots to become a leviathan statute with the ability to reach a vast number of companies and organizations.

The FCA imposes a broad spectrum of liability. “Claims” may be direct or indirect. In addition to a classic “claim”—i.e., an invoice for services rendered—the FCA also applies to, for example, pharmaceutical companies receiving funds through research grants and oil companies paying royalties. Indeed, any entity participating in a government program that provides funding, including Medicare, the Small Business Administration, or even the Federal Emergency Management Association, is subject to the FCA.

While a violation occurs only if the claim is “false,” falsity is a concept given wide latitudes under the FCA. A claim could be “false” if it incorrectly states the amount owed, mischaracterizes services rendered, or in at least some jurisdictions—even if the claim is entirely accurate on its face—the submitter was not in perfect compliance with an applicable contract term, statute, or regulation, and a plaintiff convinces a court that this lack of compliance could have affected the government’s decision to pay that claim.

Penalties for violating the FCA are severe, including triple damages and up to $11,000 penalties per false claim. These high penalties push this civil statute into the quasi-criminal realm. This means that in an industry where invoicing occurs based on discrete transactions, the penalties alone could be harsh even if the actual “false claim” is relatively small. FCA cases are also expensive to defend, and carry additional risks of reputational impact and even suspension or debarment from doing business with the government. Companies often choose to settle these cases for high amounts rather than risk an unfavorable verdict. In 2014, Countrywide Financial Corp. and Bank of America paid $1 billion to settle an FCA case, rather than litigate to measured damages and penalties.

The FCA is a bounty statute, allowing private citizens to bring suit on behalf of the government in exchange for a “bounty” for bringing the case to the government. The potential rewards for turning in a whistleblower create a strong incentive for current and former employees to run to the government with any perceived violations rather than reporting the concern to management. In 2015 alone, FCA whistleblowers received over $590 million.

Minimizing Risk

There are some affirmative steps that a board can take to protect against FCA liability:

  • Review the company’s business operations with management to identify “claims” subject to potential FCA enforcement and ensure that these actions are periodically reviewed to prevent and detect potential FCA violations;
  • Maintain a publicized, anonymous and confidential fraud reporting hotline for employees and third parties;
  • Investigate reports of fraud-related conduct through counsel to establish and maintain attorney-client privilege over the investigation;
  • Ensure hotline reporters are informed about the company’s attention to their concerns, validating their efforts while only sharing non-privileged information so as to protect the privilege;
  • Be aware of whistleblower protection laws, especially the FCA’s prohibition of retaliating against employees;
  • Upon learning of potential FCA liability, consider whether the company has any obligation to report this to any government agency;
  • Ensure that the company has a compliance professional and/or experienced FCA counsel who periodically assesses the company’s potential liability and advises the Board about this complex and evolving statute.

Tirzah Lollar is a partner and Kathleen Neace is an associate in the Washington, D.C. office of Vinson & Elkins LLP.