A few weeks into the Trump presidency, it is tempting to obsess about the political rhetoric and soundbites coming out of Washington, DC. While the first month of this new administration is certainly unprecedented in style, method, and message, the real cumulative impact on business remains unclear.
The combination of the chaotic start, the many political appointee vacancies across key departments and agencies, conflicting policy views between a Republican White House and Republican-controlled Congress on key issues, and ongoing investigations makes it challenging for businesses to respond and separate signal from noise.
Nevertheless, a recent pulse survey conducted by the National Association of Corporate Directors (NACD) offers some early insight into how companies and their boards are starting to navigate this new political environment.
1. A small majority of respondents (51%) is positive or very positive about the possible impact of the new administration on the growth prospects for their companies in the next 2 years. Almost 29 percent of respondents rated the possible “Trump effect” on business as either negative or very negative.
The differences in outlook are likely influenced by the relative dependence of individual companies on the benefits of international trade, the expected industry benefits of deregulation and infrastructure spending, and perceptions about the impact of a changing US leadership role in the global economy and security architecture.
2. Corporate tax reform, deregulation, and trade protectionism are the most highly ranked “policy” topics that respondents plan to discuss at their next board meeting. That’s not surprising since the (gradual) effect of policy changes in these three areas can significantly alter cost and revenue projections for business. The big question for many boards and executive teams will be whether the potential
fallout from trade protectionism (actions by the United States and possible retaliation by its trading partners) would offset any gains from a reduced tax and regulatory burden.
Trump’s unorthodox approach of injecting himself in the daily business of individual companies and their decisions seems to concern fewer respondents. Only 13 percent plan to discuss reputational exposure and management at their next board meeting.
3. Fifty-one percent of companies are now reassessing core assumptions about the impact of new and proposed policies on their strategic growth plans, which is an important exercise when so many key variables are moving or likely to move in the near future (for example, corporate tax rates, inflation, value of the dollar, interest rates, and import/export barriers).
Also, in response to the speed and ferocity with which consumers in this very polarized environment now react to corporate actions, many business leaders are beginning to proactively communicate the authenticity of their brand and their company’s contributions to society. More than 44 percent of respondents report that their companies are now reaffirming their core values and commitments to key stakeholder groups.
4. Only 25 percent of respondents decided to introduce scenario planning exercises to adapt to changes in the operating environment. Of that group, 85 percent are considering discontinuous scenarios based on major swings in key economic indicators, while 76 percent are scenario planning different outcomes from the planned overhaul of the US corporate tax system. Other macro-issues, for which boards will use scenario-planning in the coming months, include the possible repeal of the Affordable Care Act, the commercial fallout of trade protectionism, and the impact of significant geopolitical crises.
If used effectively, these scenario exercises can help open the minds of decision-makers—corporate directors included—to different signals, and prepare for surprises that directly affect the business strategy. Leading companies actively monitor for such signposts that would trigger course corrections in their strategic pathway.
To help corporate directors sense and respond to changes in this operating environment, NACD continuously assesses and interprets the impact of emerging issues. Every week we post our most recent analyses in our Emerging Issues Resource Center. Stories are accessible to all members.
With an expected regulatory downshift under the incoming Trump Administration, standard-setting for business conduct may move from the government to the corporate sector, with shareholders and socially conscious directors driving the trend in myriad areas, from industry-specific concerns such as animal welfare to broader issues such as climate change. To be sure, we will continue to see proxy resolutions in the dozen general categories that have become hallmarks for activists, but the rise in attention to social issues by activists seems inevitable (See Figure 1).
Corporate leaders and major shareholders alike are recognizing the role that social issues can play in corporate value. In 2016, corporate leaders and prominent investors issued “Commonsense Principles of Corporate Governance,” a collaborative document containing a key message: “Our future depends on…companies being managed effectively for long-term prosperity, which is why the governance of American companies is so important to every American.” Among their recommendations was the suggestion that boards pay attention to “material corporate responsibility matters” and “shareholder proposals and key shareholder concerns.”
As revealed in the NACD Resource Center on Board-Shareholder Engagement, proxy resolutions can play a role in raising board awareness of key issues. Although shareholder resolutions rarely win by a majority, and even then are only “precatory” (non-mandatory), they do raise boards’ awareness of issues and can spark change over time. Many of today’s governance practices began as failing proxy resolutions but ended up as majority practices, with or without proxy votes.
Take for example proxy bylaw amendments, which have only been fair game for proxy votes since spring 2012 (thanks to a new rule that removed director nominations from the list of topics disallowed for shareholder resolutions). That season saw only three proxy access resolutions at the largest 250 companies, and only one got a majority vote. Fast forward to spring 2016 when 28 companies had such votes, and nearly half succeeded in getting a majority vote. By December 2016, proxy access had been adopted by a majority of Fortune 500 companies, as Sidley Austin reports. Those early proxy access resolutions lost their early battles, but in the end, they won the larger war. The same could happen over time to social resolutions over the next four years.
Directors Want More Dialogue on Social Issues
Interestingly, directors seem to be intuiting that they will need to step up on social issues this year.The 2016-2017 NACD Public Company Governance Survey, which features responses from 631 directors surveyed in 2016, reveals a significant finding in this regard. When asked to judge the ideal amount of time to be spent on various boardroom topics, directors ranked five topics as highest in terms of needing more discussion time:
director succession; and
corporate social responsibility.
One in three respondents said they would like more time devoted to discussing the “social responsibility” topic. For all issues other than these five, fewer than a third of respondents said that the topics merited more board attention. While this is a relatively new question, NACD has asked similar questions in the past, and this is the first time our respondents have ever ranked social issues so highly as a “need to know” topic.
A Gravitational Pull to Social Issues With a Strategic Slant
So what lies ahead for the next proxy season in the social domain? Aristotle is attributed with coining the phrase “nature abhors a vacuum,” a theorem in physics aptly applied to the likely vacuum in new corporate rule-making in 2017. USA-first trade rules aside, we believe that shareholder activists may try to fill the break in Dodd-Frank rule making with their own social agendas.
As we go to press, attorney Scott Pruitt is slated to head his institutional nemesis, the Environmental Protection Agency, while Governor Rick Perry, former leader of oil-rich Texas, is in line to direct the Department of Energy. Neither man is likely to crack down on carbon-based fuels, so if shareholders want carbon reduction, they will need to redouble their own efforts—and indeed that seems to be the plan.
According to the environmental group Ceres, quoted in an overview by Alliance Advisors, LLC, U.S. public companies will face some 200 resolutions on climate change in 2017, up from a total 174 such resolutions during 2016. This prediction may be conservative. According to Proxy Monitor, in 2016 the 250 largest companies alone saw 58 environmental proposals—meaning that nearly one out of every four large companies faced one.
In other developments, As You Sow, a community of socially engaged investors, has already announced 46 of its own proxy resolutions, including three on executive pay. All the rest are on social issues, including climate change (11), coal (10), consumer packaging (5), and smaller numbers of resolutions in a variety of other social issues, including antibiotics and factory farms, genetically modified organisms, greenhouse gas, hydraulic fracturing, methane, nanomaterials, and pharmaceutical waste. The gist of many of these resolutions is to ask for more disclosure, including more information on the impact of current trends on the company’s strategy and reputation. For example, the “climate change” resolution in the Exxon Mobile proxy statement asks Exxon to issue a report “summarizing strategic options or scenarios for aligning its business operations with a low carbon economy.”
Similarly, the Interfaith Center on Corporate Responsibility has already announced the filing of five shareholder resolutions for the 2017 proxy of its longtime target Tyson Foods on a variety of issues, including one on the strategic implications of plant-based eating. Sponsored by Green Century Capital Management, the resolution seeks to learn what steps the company will take to address “risks to the business” from the “increased prevalence of plant-based eating.”
In the same vein, at Post Holdings, which holds its shareholder meeting January 28, a shareholder resolution from Calvert Investment Management asks for disclosure of “major potential risks and impacts, including those regarding brand reputation, customer relations, infrastructure and equipment, animal well-being, and regulatory compliance.” Note that animal welfare is only one factor here; Calvert is making a business case for the social change.
In this digital age, an organization’s ability to collect, analyze, aggregate, associate, and securely share data around the world is mission-critical. However, an increasing number of laws have been adopted across the globe regulating and restricting the transfer of information, ranging in type from data privacy-focused regulations to national security-focused regulations.
Regulatory restrictions can present significant challenges for global organizations, as they could directly impact business transformations (e.g., new cloud sourcing arrangements, the collection of mobile and Internet data, big data analysis projects, and the like) and corporate compliance initiatives (e.g., auditing, monitoring, internal investigations, e-discovery, whistleblower hotlines, and other similar compliance undertakings).
Knowing what these restrictions are, how they impact the business, and how the organization is addressing compliance are key to the board’s oversight of data management practices, which are an increasingly fundamental business element.
Knowledge is Power
Because regulations are increasingly impacting how information may be collected, used, and transferred, it is essential for directors and executives to understand these regulations and to apply best practices. By doing so, boards can help their organizations mitigate the risk of exposure to regulatory noncompliance, in particular as the potential penalties for noncompliance become increasingly material. To accomplish this, boards must ensure that their organizations are informed of the five W’s of data to stay ahead of the compliance curve:
Who – Who are we, who are our data subjects, and who has access to our data?
Where – Where do we keep our data and where do we transfer our data?
Why – Why do we collect and transfer this data?
When –When are we retaining data and for how long, and when do we share it with others outside the organization?
What – What solutions do we have in place to safeguard regulated data and what elements are in place address any local requirements, including cross-border transfer requirements?
Data Privacy-Related Cross-Border Transfer Restrictions
Outside of the United States, many jurisdictions, including those in the European Union, regulate the collection, processing, and transfer of personal data via comprehensive data protection laws that cover a broad range of personal data and activities related to such information, including its collection, use, and transfer. Considering the ubiquity of data collection for marketing, commerce, and employment purposes, these regulations have significant implications for a broad range of businesses.
Personal data covered by these regulations is often broadly defined to include any information relating to, or that could be linked to, an identified or identifiable individual, including the following:
Email address (including work email address)
Payment card information
These regulations often restrict the transfer of such personal data across international borders unless certain conditions are met. The first question in the analysis is often whether the data is being transferred to a jurisdiction that provides similar or “adequate” protection for personal data.
If the answer is “no,” then investigate whether:
adequate safeguards have been put in place or some other justification for the transfer can be relied upon; and/or
whether a derogation applies (e.g., the data subject has consented to the transfer or the transfer is required for the performance of a contract).
It is important to note that accessing personal data remotely in a different jurisdiction from the one in which it is stored is often viewed by foreign regulators as a transfer to that other jurisdiction (e.g., viewing data stored in Germany from a computer in the U.S.). It is also noteworthy that United States’ legal protections for personal data frequently fail to meet the “adequacy” standards of authorities in more highly regulated jurisdictions, such as those in the European Union.
Data Privacy-Related Cross-Border Transfer Solutions
There are several solutions for organizations that need to transfer personal data across borders to countries that may not be deemed to provide “adequate” protection to personal data by certain foreign authorities, such as the United States. Boards should ask management teams to verify that one or more of the following solutions is in place to comply with applicable cross-border data transfer restrictions:
Consent – Where appropriate, ensure that the data subject has given his/her voluntary and unambiguous consent to the proposed transfer. It is important to note that this option may not be available for employee data in certain jurisdictions in which employees are generally not seen as able to provide voluntary consent to their employers, such as in Germany or France.
Data Transfer Agreements – Review whether or not contractual provisions designed to provide adequate protection to the personal data transferred are utilized by the organization both for internal cross-border transfers between affiliated entities and for transfers to third parties (e.g., the EU Standard Contractual Clauses).
Binding Corporate Rules – Determine whether the organization should adopt enhanced internal personal data protection policies and procedures within the group of companies, referred to as Binding Corporate Rules, and have those approved by the applicable regulators in order to rely on them as a solution.
EU-U.S. Privacy Shield Framework – For transfers of personal data from the European Economic Area to the United States, determine whether the recently approved EU-U.S. Privacy Shield Framework, which provides that organizations self-certified to the Framework are deemed to provide “adequate” protection to personal data by the European Commission, may be an appropriate solution.
These solutions will likely continue to evolve, along with the various regulations that impose the restrictions, in order to address the ever-changing digital marketplace. For example, under the new European General Data Protection Regulation (GDPR), which comes into effect in May of 2018, requirements around what constitutes valid data subject consent will have more prescriptive conditions and any new decisions by the European authorities deeming that a non-EU jurisdiction provides “adequate protection for personal data” will likely be subject to more rigorous requirements (although existing “adequacy” decisions will be grandfathered). The penalties are also increasing, with fines for violating the GDPR going up to EUR 20,000,000, or 4 percent of the total worldwide annual turnover of the preceding financial year, whichever is higher. Furthermore, beyond data privacy-related cross-border transfer restrictions, boards should also be aware that there may be additional potentially applicable cross-border transfer restrictions on organizations, including those related to national security or state secrets.
Given the significant financial and regulatory burdens for non-compliance, boards need to understand how these cross-border transfer regulations may impact their organization and stay informed of their organization’s compliance position, and any risk decisions made related thereto, when it comes to both current and future data collections and uses.
As a partner at Baker & McKenzie LLP, Michael Egan advises clients across a range of industries regarding the legal aspects of global privacy and data protection, data security, information technology, and related restrictions on data collection and transfer. Joan Meyer chairs the North America Compliance, Investigations & Government Enforcement Practice Group at the firm.