Corporate directors are confronted with a variety of recently proposed governance standards, while activist investor campaigns are challenging both board composition and board effectiveness by targeting individual directors. Given the high level of personal reputational risk and the associated long-term financial consequences now faced by directors, a hard look at the adequacy of company-sponsored director and officer (D&O) risk mitigation and board compensation strategies is timely.
The Bedrock of Certainty Shifts
Shifting stakeholder expectations are codified in the frequently conflicting governance standards published in recent years. Following the National Association of Corporate Director’s own 2011 Key Agreed Principles, there are now draft voting guidelines from Institutional Shareholder Services (ISS) and Glass Lewis & Co.; standards from groups such as the Office of the Comptroller of the Currency (regulator), CalSTRS (investor), the G20, and the Organisation for Economic Co-operation and Development (influencer); and, most recently, the Commonsense Corporate Governance Principles from a group of CEOs led by JPMorgan Chase & Co.’s Jamie Dimon.
This proliferation of standards reflects differing stakeholder expectations and gives direct rise to new risks for directors. With these new risks and expectations emerge associated questions about the adequacy of current governance strategies, company-sponsored reputation-risk-mitigation packages, and director compensation.
Because the board is the legal structure administering governance, the standards that boards choose to guide their oversight have legal force. Furthermore, detailed, prescriptive standards have instrumental force.
For instance, ISS and CalSTRS are promoting highly prescriptive standards. ISS is exploring specific “warning signs” of impaired governance, including monitoring boards that have not appointed a new director in five years, where the average tenure of directors exceeds 10 or 15 years, or where more than 75 percent of directors have served 10 years or longer. CalSTRS expects two-thirds of a board to be comprised of independent directors, and defines director independence specifically as having held no managerial role in the company during the past five years, equity ownership of less than 20 percent equity, and having a commercial relationship with the company valued at no more than $120,000 per year.
The Commonsense Corporate Governance Principles released this summer was an effort to share the thoughts of the 5,000 or so public companies “responsible for one-third of all private sector employment and one-half of all business capital spending.” Certain background facts may lead some stakeholders to discount the Principles. For example, in addition to Dimon, the list of signatories was comprised mostly of executives who hold the dual company roles of chair and CEO. Also, according to the Financial Times, eyebrows have been raised by CEO performance-linked bonuses of about 24 to 27 times base pay at BlackRock and T. Rowe Price, two asset manager companies with executives who were signatories. Coincidentally, these asset manager companies were ranked among the most lenient investors with respect to the executive pay of their investee companies, according to the research firm Proxy Insight.
These standards can be deployed by checklist, and boards can be audited for compliance to the specifics of the adopted standards. But, more importantly, the very existence of these standards lends them authority through expressive force. What they express—or signal, in behavioral economic parlance—is intent, goodwill, and values. Signaling is valuable in the court of public opinion.
Personal Protection Strategies
As reported in NACD Directorshipmagazine earlier this year, activists often wage battle in the court of public opinion to garner public support when mounting an attack against a company. Emphasizing the personal risks, the Financial Times reported in August that “Corporate names are resilient: when their images get damaged, a change of management or strategy will often revive their fortunes. But personal reputations are fragile: mess with them and it can be fatal.”
Make no mistake: this risk is personal. A director’s damaged personal reputation comes with material costs. Risk Management reported in September that the opportunity costs to the average corporate director arising from public humiliation were estimated at more than $2 million.
Among the many governance standards, pay issues are the third rail of personal reputation risks. “If companies don’t use common sense to control pay outcomes, [shareholders have to question] what else is going on at the organization and the dynamic between the chief executive and the board,” an asset manager with Railpen Investments told the Financial Times recently. Clawbacks may be the most disconcerting pay issue because the tactic places directors personally between both the investment community and regulators.
Governance standards just over the horizon may give boards succor, and reputation-risk-transfer solutions may have immediate benefits. Since 2014, the American Law Institute (ALI) has been developing a framework titled, “Compliance, Enforcement, and Risk Management for Corporations, Nonprofits, and Other Organizations.” Members of the project’s advisory committee include representatives from Goldman Sachs & Co., HSBC, Google, Clorox, and Avon Products; diverse law firms offering governance advisory services; law schools; regulators including the Department of Justice; and representatives from a number of prominent courts. According to the ALI, the project is likely to hold an authority close to that accorded to judicial decisions.
The ALI work product remains a well-protected secret, but the project is expected to recommend standards and best practices on compliance, enforcement, risk management, and governance. It can be expected that the ALI standards will reflect the legal community’s newly acquired recognition of the interactions between the traditional issues of compliance, director and officer liabilities, and economics; and the newer issues of cognitive and behavioral sciences. Such governance standards will likely speak to the fact that while director and officer liability will be adjudicated in the courts of law, director and officer culpability will be adjudicated in the courts of public opinion.
Insurance Solutions Available Now
Boards that qualify for reputational insurances and their expressive force can mitigate risks in the court of public opinion. An NACDDirectorshiparticle noted earlier this year, “ . . . these reputation-based indemnification instruments, structured like a performance bond or warranty with indexed triggers, communicate the quality of governance, essentially absolving board members of damaging insinuations by activists.”
Given the increased personal reputational risks facing directors and the long-term financial consequences arising, it may be time for an omnibus revisit of the adequacy of both director compensation and company-sponsored D&O risk mitigation strategies in the context of an enhanced, board-driven approach to governance, compliance, and risk management.
Following the guidelines of the ALI’s project once they are published is a rational strategy. After all, the work product will be one that will have already been “tested” informally in the community comprising the courts of law, and will be designed to account for the reality of the courts of public opinion. And no firm today has natural immunity to reputation damage—even Warren Buffett’s Berkshire Hathaway appears to be in the ISS crosshairs. Reputational insurances which, like vaccines, boost immunity, are available to qualified boards to counter all that is certain to come at them in this upcoming proxy season. And for those who insist on both belts and suspenders, hazardous duty pay may seal the deal.
Nir Kossovsky is CEO of Steel City Re and an authority on business process risk and reputational value. He can be contacted at firstname.lastname@example.org. Paul Liebman is chief compliance officer and director of University Compliance Services at the University of Texas at Austin. He can be contacted at email@example.com.
Cybersecurity is more than a technological issue—it’s a business issue. In a BoardVision video moderated by Judy Warner—editor-in-chief of NACD Directorship magazine—Mary Ann Cloyd, former leader of PwC’s Center for Board Governance, and Zan M. Vautrinot, former commander of the Air Forces Cyber Command and current director of Symantec, Ecolab, and Parsons Corp., discuss effective cyber-risk oversight, addressing the following questions:
How can boards communicate with management about cyber risk?
How does cyber risk fit into discussions about risk appetite?
Here are some highlights from that conversation.
Judy Warner: For directors, I think one of the greatest challenges around the issue of cyber is how to engage in an informed conversation with management. And how do they become informed about their oversight roles as they relate to cyber?
Zan Vautrinot: One of the things that was absolutely clear about the private sector and corporate leadership is that they understood how to have a discussion about risks and strategy. The only thing different with cyber is that some of the technology and some of the solution sets are slightly different, but the conversation is the same. It is a discussion about a particular kind of risk and how it relates to the kind of business you are [in].
Warner: Mary Ann, from your perspective, how does that conversation take place, or start to take place, at the board level? And is it a conversation for the full board or a specific committee?
Mary Ann Cloyd: I guess I always say it depends. I never want to be so prescriptive as to tell somebody what they need to do because every board and every committee is different. However, I do think that, given the magnitude of how this affects so many businesses, it’s not a technology issue. It’s a business issue. So, with that, where would you oversee any other business issue at your board? And I’m guessing that a lot of it would belong at the full board, with parts of it delegated down to a committee.
Warner: The NACD recently published a handbook on cyber-risk oversight, and one of the discussions is around risk appetite and where does cyber fit into that equation today. And I know, Mary Ann, you have said we need to think of cyber as any other risk.
Cloyd: I think you bring up two interesting things. [I]n fact, we did a small publication [at PwC’s Board Leadership Center] earlier this year, and we called it “Defining Risk Appetite in Plain English.” What prompted it was I had a director come to me and he said, “Mary, we’re doing our off-site strategy session and we always talk about risk appetite. Do you have a good pre-read that I could give to the board so that they can understand what risk appetite means?” So we did this to really put in plain English, in four pages or less, what the dialog is between management and the board, and how you develop and define your risk appetite. And, to me now—as you have so beautifully put this, Suzanne—cyber is just another part of that risk discussion and how it fits into your overall strategy.
Vautrinot: Right. And if you have already had a discussion about your strategy and those things that are most important to you as a corporate entity, is it the data that is unique that you’ve collected—the information and the access to that information—that makes your corporation unique? Is it the technology or your research and development? Is it your insight into financial transaction or merger and acquisition? Is it [about] manufacturing processes or distribution processes?
Every board and every management team knows what is most important to them being successful as a corporation. It is likely that those things are the areas that [the board] would want to focus on with assessing cyber risk. If you look at that area and say this is what is most important to us as a corporation, and this is the technology that we depend on to do that activity, now I can say that is sufficient or it is insufficient relative to the amount of risk I am willing to accept in that area. There may be other areas that aren’t core to the business, and so you are willing to accept a different amount of risk or put different systems in place that kind of sandbox it—[systems] that put a fence around, or that separate or provide different controls to allow [the lower-risk] activity to run more openly, whereas [higher-risk areas are] much more controlled and much more precious.
We sometimes all wish we could go back in time to advise ourselves on how to approach a new challenge or community given the knowledge and experience we have today. For the 2015 NACD Directorship 100 (D100), each honoree was asked to do just that. D100 directors were asked to provide a short, written response to this question: “What is the best advice you would give to a first-time director?” The D100 editorial team received responses from most honorees and they ranged from pithy maxims to stories about the challenges of staying independent.
A portion of the responses from the Class of 2015 D100 directors follows. Profiles of D100 honorees can be found in the November/December issue of NACD Directorship magazine.
Gary E. Anderson
Chemical Financial Corp., Eastman Chemical Co.
“I found that the best way to [contribute] was to frame appropriate questions dealing with the topic at hand. It doesn’t matter what the issue is, whether on corporate strategy, short-term tactics, succession planning, compensation, or risk management. The use of appropriate questioning also can work at home with the family!”
Avnet, Southwest Airlines
“I fully embrace the Southwest Airlines and Avnet way of doing business: treat your people well and they will be equipped and motivated to treat your customers extraordinarily well, and that will produce distinguished rewards for your shareholders. Everyone is important, in every nook and cranny of the business, and every decision at the board level should involve the question, ‘How will this affect our people, our principles, and our culture?’”
“Know your shareholders. What are their expectations? Is the company meeting them?
“Know your colleagues. Diversity of views, backgrounds, and experience enriches the company bottom line. Learn where your colleague’s views differ from yours. Understand why. Have courage and join them in candid discussion.
“Know your management team. Do they live their values? Are they delivering results?
“Be involved in NACD, as governance is a learned skill and doing it right keeps our private enterprise system strong.”
Betsy D. Holden
Diageo PLC, Time Inc., Western Union Co.
“The best advice that I received as a new director was, first of all, choose wisely. Select an industry and company that you are really interested in, a management team that you believe in, and a board where your skills and experiences are relevant and will add value.
“Secondly, what really differentiates the best directors is how they interact with management and the other directors. Good directors are confident and courageous, and challenge management in a positive, constructive way…They understand that chemistry is the intangible that drives board effectiveness and they really listen to and treat other directors with respect.”
Nancy J. Karch
Genworth Financial, Kate Spade & Co., Kimberly- Clark Corp., MasterCard
“Some of the best advice I received as a new director was to accept that this role is different than anything I had ever done, and to have patience to learn the ropes. [A director] is an advisor, a member of a peer team, a leader on governance matters, a decision maker on some matters—[it’s] a mix unlike anything else. Plus, as in any job change, one is entering a new culture, and in the case of a board, both a company and a board culture. So be patient.”
Bemis Co., Delphi Automotive
“The best advice I received was pertinent to me both as a director and as a chair/CEO. That is: ‘Tim, be yourself, remember that is what got you here.’ [That advice] caused me to think about hard work, integrity, ethics, and striving to make the proper decisions.
“It also reminded me that as my career evolved from working summer jobs in automotive plants to the boardroom of BorgWarner, I listened to, learned from, and developed relationships with people from all levels of society. This has become a valuable tool in the boardroom. Each time ‘a sticky issue’ is discussed, I remember to think back to my previous experiences and express what I think is the proper approach.”
Sarah E. Raiss
Canadian Oil Sands, Commercial Metals Co., Loblaw Cos., Vermillion Energy
“The best advice I received came from a very seasoned director. He said that I should find a person or two on the board that I could best relate to and either ask them to be my ‘board buddy’ or just make them my ‘board buddy’ without even asking. This person would help me understand current board dynamics, help me understand the history as necessary, and provide feedback on the value I brought to the board. I have used this technique on every board to which I am appointed, [and it] has allowed me to be more productive and a valuable contributor more quickly. I am most appreciative of my ‘buddies.’”
Molina Healthcare, Park Ohio Holdings Corp.
“Three people gave me great advice when I decided to accept board positions at Molina Healthcare and Park Ohio. The first was Mary Molina, the company’s chair. It was simple but profound: ‘Remember the mission. It is the cornerstone of our corporate culture.’
“The second came from Ed Crawford, chair and CEO of Park Ohio. He said, ‘Act with integrity at all times and have the courage to do the right thing.’
“The third was from my husband, Bruce Kulp, former general counsel of Ford Europe. He counseled me to listen, get as much information as possible, trust in the power of common sense, and to always think strategically.
“Lastly, the people you deal with in management and the board are human. They have families. They have good days and bad days. Kindness is powerful, even in the boardroom.”
Olympia J. Snowe
Aetna, T. Rowe Price Group
“One of the key components of executing critical judgment is ensuring an ongoing evaluation of how the company’s short term goals enhance its strategy for creating long-term value. That requires early and extensive director engagement in the shaping of the strategy, greater understanding and knowledge of business operations, and constant assessment and management of the risk.
“In this era of deeper investor involvement, it is more essential than ever for boards to communicate to shareholders the extent to which the independent directors are vigorously exercising their due diligence towards maximizing the value of the enterprise.”
Ronald D. Sugar
Air Lease Corp., Amgen, Apple, Chevron Corp.
“Select your boards carefully…You should be mindful of geography, meeting schedules, and be prepared to put in whatever time is necessary. And when trouble comes, you must be committed to see things through—whatever it takes.
“In well-run companies, board meetings enter a predictable rhythm, and are fairly routine. It has been said that in routine times, the quality of a board doesn’t really matter—until suddenly those moments when it matters enormously. Such ‘moments’ might include a significant market shift, a technology disruption, a planned (or unplanned) management succession, a serious regulatory or litigation threat, an environmental or safety crisis, a significant acquisition, a hedge fund activist campaign, or a hostile takeover attempt. In those moments, the board’s collective wisdom, perspective, and mature judgement can make—or break—a company.”
David A. Wilson
Barnes & Noble Education, CoreSite Realty Corp.
“The best advice came from the counsel I engaged for [a] special committee. He noted the fiduciary duties of directors formed a foundation but not the entire structure. The greatest challenge I will ever confront as an independent director, he said, is ‘independence.’ He was speaking not of the independence necessary to meet SEC and NYSE thresholds. Rather, he spoke of the independence of mind, thought and action.
“What our attorney never told me was how challenging it may be to hold fast when you are in the minority, but how critical it is to our governance system that you do.
“Polonius may have been a pompous fool, but I still find value in these words: ‘This above all: to thine own self be true, And it must follow, as the night the day, Thou canst not then be false to any man.’—William Shakespeare, Hamlet, Act 1 Scene III.’”
Review the full list of D100 honorees at NACDonline.org/Magazine, and take a few moments to consider who you might nominate for inclusion in our tenth anniversary list. A call for nominees will be issued to all NACD members in early 2016.