The following update highlights recent corporate governance hot topics and trends for directors of public companies.
Board Oversight of Mission-Critical Risks
In June 2019, the Delaware Supreme Court allowed a Caremark claim to proceed, reiterating its standard for the duty of oversight. The plaintiff in the derivative suit, Marchand v. Barnhill, alleged that the directors of Blue Bell Creameries USA Inc. breached their duty of loyalty by failing to provide adequate oversight of food safety, a central compliance issue for the company.
The court held that the complaint pled facts sufficient to make a claim of bad faith in breach of the fiduciary duty of loyalty for failure to implement a system to monitor the company’s food safety performance compliance. As a monoline company that only produces ice cream, one of Blue Bell’s central compliance issues is food safety. Yet the Blue Bell board allegedly had “no committee overseeing food safety, no full board-level process to address food safety issues, and no protocol by which the board was expected to be advised of food safety reports and developments.”
Marchand does not represent a change to the duty of oversight established by Caremark and related cases: the requirement for boards to make a good faith effort to stay informed on the company’s “mission critical” compliance risks by first ensuring that a reasonable reporting system exists, then monitoring these reports. It is a good reminder, however, that while a plaintiff has to meet a high pleading burden to establish a claim for failure of oversight duties, all boards should ensure that they are taking appropriate steps to oversee key risk and compliance issues. Takeaways from Marchand include the following:
- Implement a board-level reporting system on mission-critical risks. The Delaware Supreme Court enumerated several failures at Blue Bell with respect to food safety, which supported an inference that there was no system of board-level compliance monitoring. These enumerated failures suggest practices that a board might consider in designing a compliance oversight program, including the following:
1. Regular processes or protocols that require management to keep the board apprised of mission-critical compliance practices, risks or reports (both favorable and unfavorable to the company);
2. Delegating oversight of specific mission-critical risks to a board committee and documenting this oversight in the committee’s charter; and
3. A schedule for the board or one of its committees to consider mission-critical compliance risks on a regular basis.
- Document reporting and board discussion on mission-critical risks contemporaneously. While board meeting minutes do not need to act as a meeting transcript, sufficient detail on the topics discussed can protect the board by demonstrating that it has undertaken appropriate oversight processes in good faith. The Delaware Supreme Court pointed to allegations that the board meeting minutes did not reflect discussion or reports on food safety as supporting an inference that the board had not made a good faith effort to implement and oversee a board-level reporting system on food safety.
Environmental, Social and Governance Oversight
Many investors are sharpening their focus on environmental, social and governance (ESG) issues, including sustainability, and are becoming more active in engaging with companies, such as bringing shareholder proposals. In a recent study by Clermont Partners of nearly 200 investors, 67% of respondents consider ESG factors when making an investment decision, up from 47% in 2018.
This focus on sustainability information creates a substantial challenge for public companies as sustainability reporting can be very costly and time consuming. There are innumerable organizations and initiatives that have ESG or sustainability reporting guidelines or frameworks, including the Global Reporting Initiative (GRI), International Integrated Reporting Council (IIRC), Sustainability Accounting Standards Board (SASB), the Task Force on Climate-Related Financial Disclosures (TCFD) and the Carbon Disclosure Project (CDP). There are also organizations that provide ratings of companies based on their level of disclosure and risk related to these issues, including MSCI, Sustainalytics and ISS.
In light of the increasing importance of ESG disclosures to investors, many company boards are engaging with management on sustainability efforts and disclosures. Questions for a board to consider in connection with ESG oversight may include the following:
- What steps are management taking to understand and monitor stakeholder concerns about the company’s sustainability and sustainability reporting?
- What are the company’s ESG ratings from the various rating agencies? Has management considered whether any of these ratings are (1) important to company investors and other stakeholders and (2) inaccurate or not representative of the company’s sustainability efforts?
- How are ESG considerations being integrated into business strategy? What ESG risks and opportunities have been identified in the short and long term, and how are these being addressed?
- What is the company’s culture and tone from senior management and how is that affected by ESG considerations?
- What information will the board receive regarding ESG issues (e.g., KPIs and other metrics) and how frequently?
- To the extent that the company is providing sustainability reports or reporting ESG metrics in other investor- or consumer-facing reports or SEC filings, are there appropriate internal controls with respect to how the reported metrics are defined and calculated?
- What are peer companies doing with respect to ESG issues and how are they reporting on these issues publicly?
Human Capital Management
A key element of investor focus on ESG issues is how company managers and boards analyze and oversee corporate culture and human capital management (HCM). For example, BlackRock’s Investment Stewardship policy statement for engagement on HCM states that: “In a talent constrained environment, we view a company’s approach to human capital management as a potential competitive advantage.” BlackRock has also stated, in its Investment Stewardship’s approach to engagement on human capital management, that it “expect[s] boards, acting as fiduciaries on behalf of investors and as those who help set the tone at the top, to be focused on the opportunities and risks associated with HCM.” There has been an increasing emphasis on workforce optimization and HCM matters more generally in addition to traditional board oversight of executive compensation. The Nasdaq Governance Center’s June 2019 report, Where Board & Investor Priorities Intersect, analyzes evolving disclosure practices in the S&P 100 most recent proxy statements. The report reveals that 51% of the companies disclose human capital management as a priority and 48% note board-level attention to HCM matters and provides sample disclosure.
HCM oversight considerations for the board may include the following:
- How does talent management factor into the company’s overall business strategy?
- How does the company measure HCM performance, and how are HCM objectives incentivized (for example, through executive compensation incentives linked to HCM performance metrics)?
- How will shifts in culture, workforce demographics and technology impact the company and its practices related to talent management?
- What is the company doing to mitigate risks associated with talent retention, and what policies should the company adopt to ensure a smooth succession with respect to key talent?
Audit Committee Oversight of Internal Controls
Several recent SEC enforcement and other actions have focused on issues with companies’ internal controls. These actions include the following:
- An SEC Section 21(a) Report that identified nine public companies that fell victim to email scams, losing nearly $100 million in the aggregate, and warned other companies that internal mistakes that made these attacks successful may indicate failure to maintain internal controls.
- A settled enforcement action against The Hain Celestial Group, Inc. over inadequate documentation of and accounting for end of quarter sales incentives, which amounted to a violation of the Securities and Exchange Act requirement that it design and implement internal control over financial reporting.
- A settled enforcement action against Hertz for inaccurate financial statements, including improper accounting methodologies and failures to accurately disclose certain items, all of which resulted in favorable impacts on the company’s financial statements. Among other things, the order found that Hertz had internal accounting controls violations.
Well-designed and properly implemented internal control over financial reporting at public companies is critical to protection of corporate assets and to the functioning of public securities markets. Audit committees play a key role in overseeing management’s processes for designing and implementing internal controls and are well positioned to influence “tone at the top,” which is a critical part of internal controls. Proactive steps an audit committee can take in overseeing internal controls include the following:
- Probe the tone at the top of the company through communications with management, internal audit and the independent auditor. Is management focused on long-term success rather than meeting quarterly expectations? Is management’s risk tolerance appropriate for the company? Are there well-established means for reporting employee concerns about financial reporting?
- In overseeing enterprise risk management processes, consider whether identified risks, in combination, raise any red flags regarding corporate culture and the control environment.
For a deeper dive on this topic, see Building Strength From (Material) Weakness: Audit Committee Oversight of Internal Controls in the July/August 2019 edition of The Corporate Governance Advisor.
Corporate Culture and Whistleblower Protections
One aspect of a healthy corporate culture is ensuring that employees have safe and effective ways to report concerns about company practices internally, including through anonymous reporting systems. Boards can gain important insights about corporate culture from reports on whistleblower and other complaints, including a view of whether employees feel comfortable raising complaints. An additional benefit of fostering a healthy culture of internal reporting is that it can promote compliance and facilitate early detection and remediation of potential securities law violations.
In February 2018, the U.S. Supreme Court overruled the SEC’s interpretation of the scope of the Dodd-Frank Act’s whistleblower protections, limiting the act’s additional protections to individuals who have reported the suspected misconduct to the SEC. A “whistleblower” is defined for the Dodd-Frank Act as a person who reports misconduct to the SEC, but the SEC had taken the position that the definition also encompasses employees who report internally. In Digital Realty Trust, Inc. v. Somers, the U.S. Supreme Court unanimously held that whistleblowers qualify to bring a claim for retaliation under the Dodd-Frank Act only if they have reported suspected misconduct to the SEC. The Court noted that the Dodd-Frank Act was intended to motivate individuals to report securities law violations to the SEC, including by permitting retaliation relief through litigation rather than administrative action and providing for a six-year statute of limitations. These protections are more generous than those under the Sarbanes-Oxley Act, which cover whistleblowers who report internally.
This decision may have the effect of encouraging employees to report a perceived securities law violation directly to the SEC without first reporting internally at the company. Companies can promote compliance, as well as attempt to prevent the need for employees to report to the SEC, through a healthy culture of internal reporting. From the board oversight perspective, a check-up on company whistleblower practices may include reviewing reports submitted to (1) confirm employees are aware of and use these channels and (2) identify any gaps to consider whether additional training or awareness-raising is needed.
Board Diversity: Increasing Representation of Women on Corporate Boards
Over the past several years, institutional investors and other stakeholders have called on companies to increase representation of women on their boards. Equilar’s Gender Diversity Index (GDI) continues to show that the percentage of women on Russell 3000 company boards is accelerating. While federal law does not impose specific requirements related to gender diversity on corporate boards, California passed a law in 2018 (SB 826) requiring public companies headquartered in California to have women on their boards (one by the end of 2019 and three by the end of 2021 for a company with a board of six or more directors), and many other states are now in the process of considering similar legislation.
On July 1, 2019, the California secretary of state published its initial findings regarding compliance with SB 826. The findings were based on a review period of January 1 to June 30, 2019 and identified 537 companies that the secretary's office views as subject to SB 826, as well as 184 companies that were in compliance with the requirements of the new law as of such date. In addition, according to a recent report published by the Wall Street Journal, as of July 2019, there are no longer any all-male boards among S&P 500 companies.
For boards that are considering refreshment, investors and other stakeholders will likely expect the board to undertake a deliberate process that ensures inclusion of diverse candidates. To assist in this process, nominating committees may want to consider engaging a search firm or else implementing internal processes to identify and include diverse candidates in the search.
Hedging Policy Disclosure Rules
In December 2018 the SEC adopted a new hedging policy disclosure rule as part of the existing corporate governance-related disclosure requirements in Item 407 of Regulation S-K. New Item 407(i) will require companies to disclose whether the company permits any employee, officer or director of the company to purchase any financial instruments or otherwise engage in transactions that hedge or offset, or are designed to hedge or offset, any decrease in the market value of equity securities of the company that the employees, officers or directors receive from the company as compensation or that they otherwise hold, directly or indirectly.
Compliance Dates. Generally, companies must comply with the new disclosure requirements in proxy statements with respect to the election of directors during fiscal years beginning on or after July 1, 2019. This means that for companies with a fiscal year ending in the second half of 2019, the disclosure will be filed in its first proxy or information statement filed after fiscal year-end, even if filed in late 2019. For calendar year companies, the disclosure must be included in annual proxy or information statements that are filed in 2020. For smaller reporting companies and emerging growth companies, compliance is delayed until proxy statements with respect to the election of directors during fiscal years beginning on or after July 1, 2020.
Scope of Disclosure. Companies may satisfy the disclosure requirement by providing a fair and accurate summary of the practices or policies or by disclosing the practices and policies in full. The disclosure must include the categories of persons covered and any categories of hedging transactions that are specifically permitted or specifically disallowed. If the hedging practices or policies apply only to some employees, officers or directors, the company is not required to disclose that it does not have practices or policies with regard to others. If the company does not have any such practices or policies, it must disclose that fact or state that hedging transactions are generally permitted.
Implementation. Many public companies have already adopted and disclosed hedging policies in their proxy statements. Boards should now work with management to compare the company’s existing practices and policies and disclosure against the specific requirements of new Item 407(i) to determine whether any new or different information is needed to comply with the new rule. Companies that do not have a hedging policy may wish to consider putting one in place as a matter of corporate governance and in light of the new disclosure requirements.
© 2019 Perkins Coie LLP