EY analyzes cybersecurity risk disclosure
What are companies disclosing about their efforts to oversee cybersecurity risk? In this article, Ernst & Young analyzes cybersecurity-related disclosures in the proxy statements and Forms 10-K of Fortune 100 companies from 2018 to 2019, focusing on disclosure regarding board oversight, cybersecurity risk and risk management. Building on its similar analysis conducted for 2018 (see this PubCo post), EY detected “modest” enhancements in disclosures compared to the prior year—most significantly regarding board oversight practices—although the depth, detail and company-specificity of the disclosures continued to vary widely. Nevertheless, based on its observations of companies’ activities in the market, EY found that even these enhanced disclosures sometimes failed to capture all of a company’s oversight activities, such as third-party independent assessments or tabletop exercises designed to enhance preparedness. Given that many stakeholders have interests in cybersecurity risk preparedness and board oversight, EY advises, enhanced disclosure can serve to build “stakeholder confidence and trust as the cybersecurity risk landscape evolves and as technological innovations raise the stakes for data privacy and protections.”
How are companies approaching the new requirement for hedging policy disclosure?
At the end of 2018, the SEC dredged up its 2015 rule proposal regarding hedging disclosure (required by Dodd-Frank) and voted to adopt final rule amendments. The amendments mandate disclosure about the ability of a company’s employees or directors to hedge or offset any decrease in the market value of equity securities granted as compensation to, or held directly or indirectly by, an employee or director. As described in the legislative history of the related Dodd-Frank provision, the purpose of the requirement was to “allow shareholders to know if executives are allowed to purchase financial instruments to effectively avoid compensation restrictions that they hold stock long-term, so that they will receive their compensation even in the case that their firm does not perform.” As required, companies have now begun to include the new hedging disclosure in their proxy statements. To see how companies were approaching their responses to the new rule, comp consultant F.W. Cook examined the first 40 proxies that contained the new disclosure (covering the period from August 23, 2019 to October 4, 2019) and provides us with a number of observations that may well be helpful as we head into the new proxy season.
Are we misunderstanding the elements that lead to good governance?
What does good governance really mean? What does it mean to follow best practices? Are there really best practices that make sense for all companies? Do we tend to latch onto easily identified and measured structural features that may not really be effective for good governance and ignore qualities that may be more effective but are not as easily identified or measured? Do we even have a common understanding of the meaning of concepts central to governance? These are some of the questions addressed in an interesting paper, “Loosey-Goosey Governance Four Misunderstood Terms in Corporate Governance,” from the Rock Center for Corporate Governance at Stanford.
Corp Fin issues SLB 14K—it’s “ordinary business” again
Just in time for proxy season, the Corp Fin staff has issued a new Staff Legal Bulletin 14K on—what else—shareholder proposals and the “ordinary business” exclusion. The SLB attempts, once again, to provide some insight—following SLB 14I (see this PubCo post) and SLB 14J (see this PubCo post) which also address the “ordinary business” exclusion— regarding the staff’s interpretation of Rule 14a-8(i)(7), including:
company-specific significance of policy issues;
board analyses submitted in no-action requests to demonstrate that a policy issue raised by the proposal is not significant to the company; and
the application of “micromanagement” as a basis to exclude a proposal under Rule 14a-8(i)(7). Notably here, the staff attempts to explain the thinking behind its treatment of various climate change proposals submitted last proxy season.
In addition the SLB addresses “proof-of-ownership” letters.
GAO issues annual report on conflict minerals filings
Under Dodd-Frank, the GAO is required to assess annually the effectiveness of the SEC’s conflict minerals rules in promoting peace and security and to report on the rate of sexual violence in the DRC and adjoining countries. Recently, the GAO released its annual report submitted to Congress on conflict mineral disclosures filed with the SEC in 2018. The report is based on a random sample of 100 Forms SD, interviews with company representatives, DRC officials and other stakeholders, as well as reviews of government reports and fieldwork conducted at an industry conference. Any big changes? Not really. But, interestingly, in the GAO sample, only two companies indicated that they relied on Corp Fin’s 2017 guidance (discussed below) to avoid filing a conflict minerals report or providing an independent private-sector audit. With the 2017 guidance apparently not having much impact, is a revision of the conflict minerals rules to address the impact of the litigation (which held that the requirements violated the First Amendment) even a twinkle in the staff’s eye at this point?
NYC Comptroller’s Office initiates Boardroom Accountability Project 3.0 promoting adoption of the “Rooney Rule”
And speaking of the NYC Comptroller’s Boardroom Accountability Project, as I just did in this PubCo post on the Project’s push for proxy access, on Friday, Stringer announced the newest phase of the Project, Boardroom Accountability Project 3.0, an initiative designed to increase board and CEO diversity. The third phase of the initiative calls on companies to adopt a version of the “Rooney Rule,” a policy originally created by the National Football League to increase the number of minority candidates considered for head coaching and general manager positions. Under the policy requested by the Comptroller’s Office, companies would commit to including women and minority candidates in every pool from which nominees for open board seats and CEOs are selected. The announcement claims that the Project 3.0 represents “the first time a large institutional investor has called for this structural reform for both new board directors and CEOs.” Notably, the announcement also indicates that the Comptroller’s Office will “file shareholder proposals at companies with lack of apparent racial diversity at the highest levels.” The Comptroller’s Office characterizes the new initiative as the “cornerstone” of its Boardroom Accountability Project that “seeks to make meaningful, long-lasting, and structural change in the market practice so that women and people of color are welcomed in the door and considered for every open director seat as well as for the job of CEO.” Given Stringer’s success with his proxy access campaign, companies should pay close attention.
Does proxy access create leverage—even if no one uses it?
Thanks to thecorporatecounsel.net for catching this announcement from NYC Comptroller Scott Stringer and the NYC Retirement Systems, which reported that, since the inception of the Comptroller’s “Boardroom Accountability Project,” there has been a 10,000% increase in the number of companies with proxy access. Stringer began the Project in 2014 with proxy access proposals submitted to 75 companies. At the time, Stringer viewed the campaign as having been “enormously successful: two-thirds of the proposals that went to a vote received majority support and 37 of the companies have agreed to enact viable bylaws to date.” (See this PubCo post and this PubCo post.) So effective was the proxy access campaign that Stringer leveraged its success and the “powerful tool” it represented to “demand change” through the Boardroom Accountability Project 2.0, focused on corporate board diversity, independence and climate expertise. Now, five years later, the number of companies with “meaningful” proxy access has climbed from just six in 2014 to over 600—including over 71% of the S&P 500—all as a consequence, Stringer contends, of the Boardroom Accountability Project. But, you say, proxy access has hardly ever been used (see this PubCo post), so what difference it make? In Stringer’s view, it makes a big difference.
Mylan settles SEC charges for disclosure and accounting failures arising out of DOJ investigation
At the end of September, the SEC announced that it had filed a complaint in federal court charging pharma Mylan N.V. with failing to timely disclose in its financial statements the “reasonably possible” material losses arising out of a DOJ civil investigation. The DOJ had investigated whether, by misclassifying its biggest product, the EpiPen, as a “generic,” Mylan had overcharged Medicaid by hundreds of millions of dollars. According to the complaint, although the investigation continued for two years, Mylan also failed to accrue for the “probable and reasonably estimable” material losses, as required under GAAP, until the announcement of a $465 million settlement with DOJ. In addition, some of Mylan’s other allegedly misleading disclosure flowed from its omission to discuss the claims. The SEC alleged that Mylan’s risk factor was misleading because it framed the government’s misclassification claim as a hypothetical possibility, when, in fact, the claim had already been made. As a consequence of these failures, the SEC alleged, Mylan’s SEC filings were false and misleading in violation of the Securities Act and Exchange Act. Mylan agreed to pay $30 million to settle the SEC’s charges. While the SEC complaint makes the matter sound straightforward, in practice, deciding whether, when and what to disclose or accrue for a loss contingency can often be a challenging exercise.
Strine proposes to reform the corporate governance system
Who else but Delaware Chief Justice Leo Strine would bid his farewell to the Delaware bench with nothing less ambitious than a “comprehensive proposal to reform the American corporate governance system” laid out in a paper with longest title of any in recorded history: “Toward Fair and Sustainable Capitalism: A Comprehensive Proposal to Help American Workers, Restore Fair Gainsharing Between Employees and Shareholders, and Increase American Competitiveness by Reorienting Our Corporate Governance System Toward Sustainable Long-Term Growth and Encouraging Investments in America’s Future”? Strine offers up his always interesting ideas: for example, he advocates setting up board committees focused on the welfare of the workforce, imposing a tax on most financial transactions to be dedicated to funding infrastructure and research, curbing corporate political spending in the absence of shareholder approval and enhancing the fiduciary duties of institutional investors to consider their ultimate beneficiaries’ economic and human interests. And here’s another idea: Strine believes that the number of proxy votes each year is an “impediment to thoughtful voting” and leads to outsourcing of voting decisions by institutional investors to proxy advisory firms. Say on pay every four years? He has a plan for that too.
You must be logged in to post a comment.