Positioning Independent Risk Management to Succeed

Jim DeLoach

Jim DeLoach

Effective chief risk officers are concerned with what the institution may not know. They must occasionally offer a contrarian point of view at crucial decision-making moments when a given strategy, transaction, or deal is under scrutiny or is likely to expose the organization to unacceptable risk. If they do not, who will?

In many organizations, board risk oversight is enhanced when the board and executive management are supported by an effective independent risk management function. Positioning the chief risk officer (CRO) (or equivalent executive) and the independent risk management function to deliver to expectations requires an understanding of how the CRO role can succeed. Let’s explore how to support this essential role.

Key Considerations

While not all CROs are alike, there are factors that offer the board a discussion framework for positioning the CRO (and independent risk management) to succeed.

1.) Inculcate an “everyone is responsible for risk” culture.  If the board, senior management, and operating personnel believe that the CRO is the only position within the organization concerned with risk, the game is over before it begins. Ideally, front-line business unit, process, and functional owners should also be risk owners, or the first line of defense when it comes to identifying, sourcing, managing, and monitoring risk.

2.) Integrate risk into opportunity pursuits and decision-making processes. Striking the appropriate balance between the organization’s market-making and control-related activities is fundamental to what a CRO attempts to achieve. It typically begins with formulating and documenting a risk appetite framework approved by executive management and the board, and integrating that framework into operations. From there, risk considerations are incorporated into decision-making processes, performance evaluations, compensation decisions, and the discipline of monitoring the impact of changes in the business environment on the risk profile.

3.) Clearly define the CRO position. Two distinct CRO roles exist in practice. While there are variants, an understanding of these two roles provides a context for framing the positioning conversation:

  • The “champion” CRO advances and enables the organization’s risk management framework (and supporting methodologies, tools, and techniques), and plays the roles of coordinator and integrator to ensure consistency in application across operating units and functions. The champion CRO plays such roles as educator (as a provider of insights); facilitator (of risk assessments and formalization of risk mitigation plans); and consultant, communicator, and reporter. The champion CRO supports evaluations of enterprise risks and provides transparency into the capabilities around managing the priority risks across the institution.
  • The “line of defense” CRO undertakes the activities of the champion, but also is authorized to play a combination of other roles. These roles include evaluator; initiator; approver (of policies and risk response design); escalator (of significant issues to executive management, including the CEO, and, through appropriate channels, the board); vetoer (of activities affecting compliance with established internal policies); and arbitrator (of disagreements between operating and functional units affecting risk management). The line of defense CRO may not be authorized to assume all of these roles, but clearly reaches beyond a champion CRO with escalatory and/or veto authority.

The key is for the board and CEO to have a mutual understanding of the CRO’s role and function. In heavily regulated industries, such as financial services, the line-of-defense CRO is likely the preferred option. If the focus is primarily on understanding and coordinating an organization’s fragmented risk management efforts and reporting on the state of risk management, a champion CRO might work.

4.) Position the CRO to deliver to expectations. To serve as a second line of defense, a CRO must have sufficient stature with business-line leaders and across the organization. Stature comes from the authority, compensation, and direct reporting lines that command respect. In short, for business-line leaders to collabo­rate effectively with the CRO, they must view the CRO as a peer. This positioning is accentuated if the CRO:

  • Reports to someone who has strong influence on the organization, such as the CEO or executive committee (with administrative reporting to an appropriate C-level executive);
  • Has direct access to a standing committee of the board (i.e., through dotted-line reporting); Engages in mandatory, regularly scheduled executive sessions with the board or a standing committee of the board;
  • Provides periodic reports and escalates issues to executive management and the board; Has influence on compensation practices incenting the desired risk management behaviors; and
  • Is sufficiently resourced with an adequate support staff.

5.) Undertake a strategic focus. Consistent with the premise that risks must be owned by the lines of business and functional activities that generate them, the CRO generally operates in a strategic oversight role with authority vested by the executive committee (or a designated risk management committee), the CEO, and/or the board (or a committee of the board). The CRO’s focus must be on understanding enterprise risk, monitoring changes in the risk profile, and aligning risk with tolerance. Therefore, the board needs to ensure that there is an appropriate risk focus. The CRO role should not be perceived as a check-the-box compliance function that forces the business to follow rules imposed on it, as opposed to linking risk and opportunity effectively when creating and protecting enterprise value.

6.) Foster effective board communication. The CRO should have open and free access to the appropriate board contact. For line of defense CROs, the board must be vigilant in ensuring that there is nothing constraining the CRO from reporting to it when significant risk issues arise. To that end, a formalized escalation process should exist, such as written procedures and agreements requiring escalation of any significant issues raised by the risk management function that are being argued by business-line executives, even in circumstances where the CEO resolves disputes between the first and second lines of defense.

In summary, there is no one-size-fits-all approach to the CRO role. Positioning the CRO function within the organization is more than defining the role itself. The depth and breadth of the CRO’s relationships with senior executives and business-line and functional leaders have a significant impact on the CRO’s effectiveness. The stronger these relationships, the more effective the CRO will be in realizing the intended value proposition. As expectations increase, the need for more sophisticated risk professionals grows.


Jim DeLoach is managing director with Protiviti, a global consulting firm. 

Women Working Together

I recently attended the California Women Lead’s “California’s 100 Most Powerful Women” conference in Torrey Pines. This was a first-time event for this nonpartisan organization and an engaging example of “girl power.” We had leaders from government (think Betty Yee, the California State Controller), Geisha Williams, whose promotion to the President and CEO position at PG&E was announced the first morning of the conference, plus entrepreneurs, business leaders, and state senators — a wonderful sampling of the women in our state. So what does that all mean? What did we accomplish?

It means that the private sector and the public sector have much to learn from each other; we all conceded that point. It means that this invitation-only network is the first in the nation to coalesce public- and private-sector women leaders into an ongoing network solely devoted to making their state better. And it  also means that there was enough energy, horsepower, and enthusiasm in that room to do so.

What did we accomplish? Time will tell, but the first meeting accomplished a definite and common interest in working together. And that’s a pretty good first step.

At Roundtable, Directors React to Trump Election

While President-elect Donald Trump worked last week with his transition team from the Trump Tower, directors met just blocks away at the Harvard Club of New York City, to address how in the aftermath of his election boards should begin preparing for what could be sweeping regulatory, tax, and social change.

(Left to right) Robert Klatell, Steven Kreit, and Laurie Shahon

(Left to right) Robert Klatell, Steven Kreit, and Laurie Shahon

Leading the discussion were EisnerAmper’s Chief Risk Officer Peter Bible and Steven Kreit, an audit partner with the firm. While the directors disagreed on the order and priority of policy changes, there was consensus around one point: Uncertainty will rule. Bible and Kreit suggested directors focus on in the near term and shared recommendations directors might take to remain agile in the face of politically driven risks.

How can a director prepare? Boards must engage deeply in strategy in the coming months. Anthony Buonaguro, president of the New Jersey NACD chapter and director of Enclave Homeowners Association, ignited a debate on whether or not boards will develop investment strategies focused on continued investment abroad.

Anthony Buonaguro

Anthony Buonaguro

“It resonated with me that we’re facing several years of uncertainty,” Buonaguro said. “Is this going to make boards more conservative? Usually there are two ways that people handle uncertainty: forge ahead as usual, or freeze. If it’s the latter, it’s not good for the economy or stocks. What are boards supposed to do to revamp strategy?” Kreit answered: “You have to put pen to paper and identify scenarios, then plan for them. Will you hit the scenario that happens? Possibly—or not. But if boards don’t strategize, they’re not going to get anywhere.”

NACD Directorship Publisher Christopher Y. Clark asked participants to suggest calls to action. Shaun Higgins, director of Aryzta AG and Carmine Laboratories, reiterated the importance of establishing strong enterprise risk management (ERM) practices. “I think you go into the board meeting and make strategic planning your number one ERM priority,” Higgins said.

Andrea Bonime-Blanc

Andrea Bonime-Blanc

Andrea Bonime-Blanc, CEO, founder, and director of GEC Risk Advisory LLC, jumped in: “I think the answer is to know what your top strategic risks are that need to be focused on.” Regarding specific risks, Bonime-Blanc said that when assessing the election’s implications, “We must pick the top five risks to integrate into business planning and factor U.S. geopolitical risk into our own strategic planning in a way that we never have had to before.”

The EisnerAmper hosts shared their near-term advice. “I can’t find a better reason for your companies to have ERM systems and processes in place,” Kreit said, noting that this is not the time for “mail-in” board members.

“I think this is a great time to start thinking about whether the people you have in the boat with you are the people you want to have in the boat with you,” Kreit said.

To see the full list of participants, please click here

What We Know

Kreit addressed what can be readily understood from the election. “There’s talk about what is going to happen, but no one really knows,” he said. “Board members should really be prepared for anything. Start thinking about some of the concepts Trump has been talking about, what some of his main areas of focus have been.” Work with management to address how the following, possible policy changes might impact business:

  • Anticipate inflation and its impact on cash flow and management, equity valuations, and borrowing abilities. While an initial jump in equity markets was seen, according to Bible, “the debt market got $1 trillion knocked out of it,” a sign of anticipation of inflation. Companies should begin scenario-planning for changes in borrowing ability.
  • Expect early review of tax policy. The dominance of the Republican party across Congress and the executive branch indicate the probability of perhaps even speedy tax reform.
  • Repeal or replacement of the Affordable Care Act. Some changes will come to the policy, and companies should be prepared to address its impact on their workforce.
  • De-regulation and repeal of the Dodd-Frank Act. Bible and Kreit anticipate the repeal of at least some Dodd-Frank provisions, and, at a minimum, a review of leadership at the Consumer Financial Protection Board.
  • Changes are coming to trade. One of the major planks in the Trump platform was a general desire to repeal trade agreements and impose tariffs on China and Mexico, as well as opposition to the Trans-Pacific Partnership. Bible and Kreit underscored the fact that one of the American executive branch’s unilateral powers is to control foreign commerce, which could lead to trade wars “that could trigger a recession,” Bible cautioned.

Kreit also outlined the timeline of key power changes in the White House and Congress:

  • December 19, 2016: The Electoral College convenes to vote.
  • January 3, 2017: The 115th United States Congress convenes.
  • January 6, 2017: Congress declares the president-elect.
  • January 20, 2017: Presidential inauguration marks the beginning of the Trump administration.
  • March-September 2017: Congress anticipated to debate raising the debt ceiling.
  • September 30, 2017: The U.S. government’s fiscal year ends, opening the door for Congress to address budgetary and fiscal matters.

These dates could serve as important milestones for developments impacting their companies.

“Back when we were determining a topic for this discussion, one thing I think we could all agree on was that this election could change the course of the country—and, potentially, the world,” Bible said in summation. “I felt very strongly that we should have this type of dialogue for one reason, and that’s because board leadership is essential for success. It’s a brave new world.”

A second post reporting from this roundtable will address longer-term concerns raised by directors.

Have You Noticed?

Ashley Marchand Orme

Ashley Marchand Orme

The times, they are a-changin’. And so are we.

NACD’s Research team, headed by Director of Research Friso Van der Oord, has been hard at work making changes to significantly enhance how you experience our content. We heard your feedback, and—with our members as our central focus—we’ve released new, practical types of content and reorganized our closets to help you find what you need, when you need it. Let’s begin with our reorganization.

NACD Resource Centers

We’ve curated the best NACD content on the most universal board governance topics in NACD Board Resource Centers. These resource centers include our best thought leadership, most practical tools, recent expert analysis, and upcoming events. Their content gets refreshed monthly. We now have resource centers available on the following topics, with more to come in the next 6 months:

Board Insights Portal

In addition to Resource Centers, NACD also debuted its Board Insights Portal in the last year. Here, you can find our most recent publications, blogs and articles.

This page also features three drop-down menus that allow you to search for our research and insights by committee type (for the three traditional committees), by topic, or for benchmarking data by company type.

Director Essentials

Among the publications you’ll find in our Resource Centers and Board Insights Portal are a new publication type called our Director Essentials series. This new series offers “essentials” guides for boards on key governance issues, outlining core responsibilities of boards, tactics they can adopt to strengthen oversight and questions they can ask to inform the dialogue with management

Director FAQs

Another new content type is the Director FAQs. These two- to three-page briefs answer the most common questions we receive from our members. Topics include:

Blue Ribbon Commission Reports

We also recently built a dedicated page this year to highlight the findings of the 2016 Blue Ribbon Commission Report on Building the Strategic-Asset Board. This page also includes an executive summary of the report, additional resources related to the report, and links to all other BRCs that NACD has produced over the last decade.

Enhanced Search Function

A cross-departmental team of NACD staff have also worked to improve our website’s search function. We cleared out our old or redundant pages and ensured that our most relevant content appears when you search your favorite governance terms on our site. So now, if we’ve published it, you can more easily find it.

What This Means for You

We hope that these changes will help you and your board to better identify specific resources to frame your boardroom discussions, diagnose an issue, and outline possible solutions. We only ask that you continue to provide us with feedback about your experience finding or using our content. Please offer your comments below, or send an email to me (AMOrme@NACDonline.org) or Friso (FVanderOord@NACDonline.org).

You may also click here for more information on how to gain access to NACD’s exclusive boardroom intelligence.

The US Election: Implications for Companies and Boards

DJ Peterson

DJ Peterson

This is the third of a three-part series looking at the global economy and uncertainty in 2016 and 2017. In the first post, the challenges of slow growth in developed and emerging markets was addressed. The second post explored how political entrepreneurs such as Donald Trump have exploited voter anger over limited economic opportunity and the perceived inability of institutions and elites to solve problems.

On November 8, American voters extended a series of striking political surprises and rebukes that in 2016 began with the June referendum on Brexit and in October Colombians’ rejection of a peace deal with rebel forces. Looking forward, the success of Donald Trump raises questions about what will happen next in Europe when voters go to the polls in Italy, the Netherlands, France, and Germany in the coming months. Populism, nationalism, anti-globalism, and authoritarianism seem to be on the rise and time-honored principles and institutions are being weakened as a result.

In the corporate boardroom, disruption usually is thought of in terms of innovation, technology, and the competitive landscape—it is looked at as both opportunity and risk. And while board members are sometimes challenged to address economic disruption in business, political disruption is even more difficult to grasp and manage. Are board members asking the right questions? Are we creating the right scenarios?

Not surprisingly, NACD’s member surveys, as a well as discussions at the 2016 NACD Global Board Leaders’ Summit, reveal that a top concern of board members and corporate executives is how to navigate the tremendous economic and political uncertainty in the world today. A breakdown of broad-based consensus on free trade is a related concern.

Several megatrends driving the political disruption we are seeing include:

  • diminishing economic opportunities for the middle and working class;
  • a sense that urban elites—in government, the media, and business—are distant and not very concerned about the “average person”;
  • social media, which tends to play up societal challenges and divides;
  • and political entrepreneurs who look to capitalize on these trends of unrest.

This has played out on the trade issue. While lower barriers to international movement of goods and services help boost growth, the benefits are diffused throughout an economy while job loses often attributed to trade deals (wrongly or rightly) are concentrated in working class communities—making political mobilization easier. Social media, meanwhile, has helped reduce a complex policy issue to caricatures.

How might these trends impact long-term business and economic success in the United States in the coming years? Expectations are that the new Trump administration, together with the Republican-controlled Congress, will repeal a host of Obama-era laws and regulations, cut and simplify corporate taxes, and appoint business-friendly judges to the courts. These moves would be a boon for many sectors.

But Donald Trump’s populist appeal has also been derived from his willingness to blame countries for having unfair trade advantages; to publicly name and shame firms for sending manufacturing abroad; to criticize large mergers for concentrating economic power; and to target executives for opposing him. We don’t expect such appeals to end once Trump is power. He is likely to use such tactics from the bully pulpit of the presidency to bolster his position and “tell it like it is” personal brand.

Economic populism is one area where activists on the left are likely to be cheered by Donald Trump’s presidency. They certainly have been willing to name and shame companies for actions that they see as out of line with public interests.

This is where board oversight is important.

Directors can pressure test management’s assumptions about the political implications of their actions. Directors should urge management to consider what the political risk implication of the company’s actions are. For example, how will decisions about outsourcing operations, finding tax advantages overseas, or cutting job-training programs and hiring foreign workers be perceived? Will they land the company in the headlines?

Directors can ask management questions about strategy as well:

  • How are we identifying trends and disruptions that may affect the business?
  • Are we integrating political assessments into risk management—regarding, for example, currency, regulation, or supply chain strategy?
  • Are political risks considered as part of our strategic planning processes?
  • Are we considering a range of scenarios and market impacts for a country or an issue?
  • How are we monitoring and reassessing developments? Do we have good information?

Focusing the board lens on the bigger picture, in today’s populist, volatile political world, companies can no longer merely defend themselves against risks and criticize government policies and social activists. Rather, public-private cooperation is needed now more than ever.

At the 2016 NACD Global Board Leaders’ Summit, participants heard about conscious capitalism—shorthand for the many ways companies can make money by doing good for societies they are embedded in. Many proactive business leaders are looking for opportunities to be a part of the solution to the challenges spurning the disruption—from raising hourly wages to hiring and training refugees, to investing in underserved communities and making healthier products. Fostering long-termism is another way that companies can contribute to this aspect of the movement.

Many such initiatives are the results of a CEO’s passion and they often get relegated to the corporate social responsibility portfolio. It’s not hard to name firms and executives that get kudos for one socially responsible initiative but come under withering criticism for major failings in other aspects of their business.

For conscious capitalism to be a meaningful response to recent geopolitical disruption, incentives and priorities must be changed throughout the organization. This is stimulating a rethinking of corporate governance—the core values, norms, and rules that drive corporate behavior. Directors can help ensure long-term, conscientious response to populist pressures on businesses by asking: What is our ultimate mission? What are we doing to help solve today’s problems? How do we maintain and enhance our social and political license to operate?


DJ Peterson founded Longview Global Advisors in 2013. Longview Global Advisors is a consultancy that works with clients on a range of tasks that include strategic planning, market intelligence, thought leadership, and executive positioning. Business leaders and investors turn to Longview Global Advisors for a relevant worldview, and Peterson helps them monitor and make sense of the political, economic, and social trends they care about.

NACD Survey Examines Current State of Nonprofit Boards

Data from the World Bank show that if the global nonprofit sector were its own country, that country’s GDP would represent the sixteenth largest economy in the world. In 2013, the most recent year for which data were available, the nonprofit sector contributed $905.9 billion to the U.S. economy, which is representative of nearly 5.4 percent of U.S. GDP. The nonprofit workforce also accounted for nearly 10 percent of U.S. employment, according to the Bureau of Labor Statistics’ latest calculation.

npsurveyNonprofit organizations frequently are managed by an impassioned group of people with a focused mission or social objective. Often equally passionate are the organization’s board of directors, elected to oversee the organization and ensure its long-term viability.

Nonprofit boards, however, aren’t beholden to the same regulations from the government and listing requirements that their public company peers are, nor do their organizations experience the same pressures from investors that their private company peers do (though, in some ways, a nonprofit board may have to cater to donors in a similar way that private companies cater to their investors). Though all company and organization types face some similar challenges, it can be reasonably expected that the governance landscape for nonprofits might evolve differently than that of private and public companies.

NACD recently analyzed the current state of nonprofit governance in its latest 2015-2016 NACD Nonprofit Governance Survey. The survey report was based on the responses from more than 600 directors serving a variety of nonprofit boards that have 16.4 members on average—much higher than the 8.9 directors on public company boards and the 7.6 directors on private company boards.

Director Recruitment

On the subject of director recruitment, 49 percent of respondents identified “experience specific to the organization’s mission” as the most sought-after attribute a new director could offer the board. A significant portion of respondents also gave priority to leadership experience (34%) and financial expertise (22%). Other sought-after attributes for director candidates include fundraising experience and commitment to the mission.

Related findings include:

  • 80 percent of respondents report that their boards use personal networking to identify new director candidates.
  • 20 percent of respondents from large nonprofits indicate their boards use search firms to identify potential board candidates, up from 12 percent in 2014.

Fundraising

A distinct aspect of nonprofit board service is the expectation that directors will actively participate in fundraising efforts for the organization. Sixty-eight percent of respondents indicate their organization engages in fundraising as a part of their business model. Yet, 51 percent of all nonprofit survey respondents say they feel unsure about the organization’s expectations for them to fundraise.

Related findings include:

  • 54 percent of respondents from organizations that do engage in fundraising indicate that there is a documented fundraising strategy for the board.
  • 34 percent of respondents say their boards have a fundraising committee.

Information Flow

A strong majority of nonprofit respondents are satisfied with the quality of information provided to them on corporate performance (86%) and on strategy (84%). However, paralleling private and public company trends, nearly a fifth (19%) of respondents would prefer more information on the organization’s strategy—both short- and long-term objectives.

Related findings include:

  • 60 percent of respondents report that their board does not receive enough cyber-risk information from management.
  • More than one-third of respondents reported they are dissatisfied with the quality of information provided to the board on risks related to technology (37%) and cybersecurity (48%).

For more research and analysis on the current state of nonprofit boards, please click here to access the full 2015–2016 Nonprofit Company Governance Survey.

Cross-Border Information Flows: Existing and Developing Challenges

In this digital age, an organization’s ability to collect, analyze, aggregate, associate, and securely share data around the world is mission-critical. However, an increasing number of laws have been adopted across the globe regulating and restricting the transfer of information, ranging in type from data privacy-focused regulations to national security-focused regulations.

web-meyer

Joan Meyer

michaelegan_bmckenzie

Michael Egan

Regulatory restrictions can present significant challenges for global organizations, as they could directly impact business transformations (e.g., new cloud sourcing arrangements, the collection of mobile and Internet data, big data analysis projects, and the like) and corporate compliance initiatives (e.g., auditing, monitoring, internal investigations, e-discovery, whistleblower hotlines, and other similar compliance undertakings).

Knowing what these restrictions are, how they impact the business, and how the organization is addressing compliance are key to the board’s oversight of data management practices, which are an increasingly fundamental business element.

Knowledge is Power

Because regulations are increasingly impacting how information may be collected, used, and transferred, it is essential for directors and executives to understand these regulations and to apply best practices. By doing so, boards can help their organizations mitigate the risk of exposure to regulatory noncompliance, in particular as the potential penalties for noncompliance become increasingly material. To accomplish this, boards must ensure that their organizations are informed of the five W’s of data to stay ahead of the compliance curve:

  • Who – Who are we, who are our data subjects, and who has access to our data?
  • Where – Where do we keep our data and where do we transfer our data?
  • Why – Why do we collect and transfer this data?
  • When –When are we retaining data and for how long, and when do we share it with others outside the organization?
  • What – What solutions do we have in place to safeguard regulated data and what elements are in place address any local requirements, including cross-border transfer requirements?

Data Privacy-Related Cross-Border Transfer Restrictions

Outside of the United States, many jurisdictions, including those in the European Union, regulate the collection, processing, and transfer of personal data via comprehensive data protection laws that cover a broad range of personal data and activities related to such information, including its collection, use, and transfer. Considering the ubiquity of data collection for marketing, commerce, and employment purposes, these regulations have significant implications for a broad range of businesses.

Personal data covered by these regulations is often broadly defined to include any information relating to, or that could be linked to, an identified or identifiable individual, including the following:

  • Name
  • Email address (including work email address)
  • Title
  • Telephone number
  • Payment card information
  • IP address

These regulations often restrict the transfer of such personal data across international borders unless certain conditions are met. The first question in the analysis is often whether the data is being transferred to a jurisdiction that provides similar or “adequate” protection for personal data.

If the answer is “no,” then investigate whether:

  1. adequate safeguards have been put in place or some other justification for the transfer can be relied upon; and/or
  2. whether a derogation applies (e.g., the data subject has consented to the transfer or the transfer is required for the performance of a contract).

It is important to note that accessing personal data remotely in a different jurisdiction from the one in which it is stored is often viewed by foreign regulators as a transfer to that other jurisdiction (e.g., viewing data stored in Germany from a computer in the U.S.). It is also noteworthy that United States’ legal protections for personal data frequently fail to meet the “adequacy” standards of authorities in more highly regulated jurisdictions, such as those in the European Union.

Data Privacy-Related Cross-Border Transfer Solutions

There are several solutions for organizations that need to transfer personal data across borders to countries that may not be deemed to provide “adequate” protection to personal data by certain foreign authorities, such as the United States. Boards should ask management teams to verify that one or more of the following solutions is in place to comply with applicable cross-border data transfer restrictions:

  • Consent – Where appropriate, ensure that the data subject has given his/her voluntary and unambiguous consent to the proposed transfer. It is important to note that this option may not be available for employee data in certain jurisdictions in which employees are generally not seen as able to provide voluntary consent to their employers, such as in Germany or France.
  • Data Transfer Agreements – Review whether or not contractual provisions designed to provide adequate protection to the personal data transferred are utilized by the organization both for internal cross-border transfers between affiliated entities and for transfers to third parties (e.g., the EU Standard Contractual Clauses).
  • Binding Corporate Rules – Determine whether the organization should adopt enhanced internal personal data protection policies and procedures within the group of companies, referred to as Binding Corporate Rules, and have those approved by the applicable regulators in order to rely on them as a solution.
  • EU-U.S. Privacy Shield Framework – For transfers of personal data from the European Economic Area to the United States, determine whether the recently approved EU-U.S. Privacy Shield Framework, which provides that organizations self-certified to the Framework are deemed to provide “adequate” protection to personal data by the European Commission, may be an appropriate solution.

These solutions will likely continue to evolve, along with the various regulations that impose the restrictions, in order to address the ever-changing digital marketplace. For example, under the new European General Data Protection Regulation (GDPR), which comes into effect in May of 2018, requirements around what constitutes valid data subject consent will have more prescriptive conditions and any new decisions by the European authorities deeming that a non-EU jurisdiction provides “adequate protection for personal data” will likely be subject to more rigorous requirements (although existing “adequacy” decisions will be grandfathered). The penalties are also increasing, with fines for violating the GDPR going up to EUR 20,000,000, or 4 percent of the total worldwide annual turnover of the preceding financial year, whichever is higher. Furthermore, beyond data privacy-related cross-border transfer restrictions, boards should also be aware that there may be additional potentially applicable cross-border transfer restrictions on organizations, including those related to national security or state secrets.

Given the significant financial and regulatory burdens for non-compliance, boards need to understand how these cross-border transfer regulations may impact their organization and stay informed of their organization’s compliance position, and any risk decisions made related thereto, when it comes to both current and future data collections and uses.


As a partner at Baker & McKenzie LLP, Michael Egan advises clients across a range of industries regarding the legal aspects of global privacy and data protection, data security, information technology, and related restrictions on data collection and transfer. Joan Meyer chairs the North America Compliance, Investigations & Government Enforcement Practice Group at the firm. 

Resiliency & Re-engagement is Being Done Differently

Building Resiliency

Building employee resiliency through change has gained popularity. In the last two years our clients have shown increased in interest in running Resiliency Programmes.  As organisations get more savvy as to what Resiliency Programmes have the capacity to deliver, there is a demand for more than a static one off Workshop addressing the fundamentals of ‘how to be more resilient’.

Organisations want Resiliency Training Tools that their employees can use to increase emotional resiliency in the short term but also have long term outcomes, action plans and measurable results. 

The major trend we have seen is Resiliency Programmes that are being offered organisation wide, to both those who will be outplaced by change, and to those who will ultimately retain their roles.

While resiliency was previously seen as a support tool for those who were leaving, it is now increasingly being used for all employees in recognition of the impact of change throughout the organisation and of the value in retaining talent.  

A large client of ours recently ran an organisation wide Resiliency Programme for over 900 people. There was ‘a job for everyone’ at the end of the organisational change, and the programme was offered on a voluntary basis to all employees.

As a result the Resiliency Programme was not about building goodwill amongst those leaving the organisation – instead it was a sustained shift in leadership thinking to equip all employees with the tools to build personal resiliency and performance effectiveness.

Building Re-Engagement

Studies have shown that in change processes employees often may have low engagement scores due to low morale from having lost co-workers, fear of who may be made redundant next, an increased workload and limited buy-in to the new team, leader or business structure.

This can result in lower engagement from these change survivors – the very people that the organisation wants to fully engage. The question is then: how do we build Re-Engagement with these individuals?

We use a brilliant and very innovative Online Pathways tool called Talent Navigator. It enables us to take a dynamic snapshot of the employee’s, Values, Motivators, Talents and their Career Pathways. 

Career Engagement Benchmarking research showed that on-the-job development opportunities, increase engagement by up to 30% and by giving employees a clear idea of career pathways and succession opportunities within the organisation also assists with ongoing, employee engagement, and talent retention.

Talent Navigator provides a tangible step by step guide to help employees plan their career path within the organisation. It identifies Values, Talents and Motivators and enables employees to build a picture around their career progression.

Our tools give the employee control of their Career Pathway, as well as allowing their managers to have coaching conversations with their team.

Coaching conversations are an important step in the Re-Engagement process.

It enables managers to take a proactive role in their team’s development and to gain an understanding of where their team’s strengths and interests lie. It shows employees that there is an interest in developing their skills and investing in their career within the new organisational structure and that they are valued.

Experts Provide Guidance to Directors in Light of Brexit

kimberlysimpson

Kimberly Simpson

The NACD Atlanta Chapter recently hosted an expert panel to discuss what directors should know and, more importantly, what they should be asking of management about the impact of Brexit on their corporations. The panel was moderated by Ambassador Charles Shapiro—former US ambassador to Venezuela and current president of the World Affairs Council of Atlanta—and featured Jeremy Pilmore-Bedford, consul general from the British Consulate-General in Atlanta; Mary Shelton Rose, PwC East Region advisory leader and leader of PwC’s US Brexit Response Office; and Lynn Clarke, CEO of MetroKitchen.com and director for ABARTA, Inc., Kahiki Foods, Inc., Visii.com, and the NACD Atlanta Chapter.

The takeaways from the event fell into three categories.

Takeaway 1: The Brexit outcome is uncertain, but a more moderate outcome is likely to prevail in the European Union.

To assist directors as they consider how to approach discussions about Brexit, the panel highlighted possible outcomes of the Brexit vote. Clearly, the path that would leave the least uncertainty is the one under which Britain retains access to the European single market through a series of bilateral agreements. However, a model where Britain does not continue to benefit from any part of the single market is also possible. Since the panel met, a UK court ruled that the British government requires parliamentary approval to trigger the process of exiting the European Union (EU), which adds additional complexity and uncertainty to the situation, and could give pro-EU lawmakers more opportunity to influence the direction of the exit.

While some may believe that other EU countries may want to punish the UK for Brexit by offering unfavorable trading terms, the panel seemed to agree that cooler heads will likely prevail as EU member countries focus on Britain’s role as a significant trading partner for the EU. According to Pilmore-Bedford, an upside of Brexit that is often overlooked is that Britain could begin to negotiate its own free-trade deals beyond Europe with growing countries like India.

Takeaway 2: The UK is trying to mitigate uncertainty.

Britain is attempting to mitigate some of the uncertainty about possible outcomes through outreach to companies. For example, British Prime Minister Theresa May recently met with top executives from such companies as Amazon, Goldman Sachs, IBM, and Morgan Stanley in an attempt to reassure investors.

UK officials like Pilmore-Bedford are quick to remind companies that the free movement of labor between Britain and the EU will continue until 2019 at a minimum. Also, the British government is working to enact laws that enhance legal stability for businesses. Still, with no crystal ball in hand and uncertainty even among those closest to the situation, the panel made clear that directors and management must remain vigilant.

Takeaway 3: Directors must exercise due diligence now.

Panelist Lynn Clarke showed the audience a jar of Marmite, a much-loved Unilever product in the UK. She cited an example of how, in the current climate in the UK, otherwise routine operational decisions can have significant impacts on a company’s reputation and bottom line. In the case of Marmite, Unilever decided to raise the price of Marmite in the UK, ostensibly to compensate for the sharp drop in the pound’s value following the Brexit vote. Behemoth grocery chain Tesco reacted by removing the product from its website. Analysts and consumers criticized the price hike, particularly since Marmite does not contain ingredients from outside of the UK. Clarke suggested that companies must exercise additional caution in how business is approached in the UK during this tumultuous time.

In addition, directors may pose a number of questions to management to prepare for Brexit’s impact, depending on the type of operations the company has in Europe:

  • Strategic Planning: Have we included flexibility in our planning to allow the company to react to scenarios as they unfold?
  • Investment: Do we want to consider either moving forward with investments or holding off on investments related to UK operations or acquisitions?
    • Clarke, on the board of a UK tech start-up, noted that start-ups in the UK may move to the EU to access existing seed-funding programs.
  • Pricing and Margins: Will we be affected by margin compression from goods sold to/from the UK? Should we modify our prices?
  • Talent: Have we assessed the likely impact of Brexit on talent sourcing to and from the UK should migration be restricted?
  • Supply Chain: How well do we understand our suppliers’ financial positions? Do we know which of our critical suppliers are most vulnerable to price fluctuations?
  • Investors: How will we communicate the financial and strategic effects of Brexit and how we plan to mitigate them to investors?
  • Pension Plans: Will there be concern about pension plans (underfunding, for example, due to asset devaluation)?
  • Technology: How will all of the above affect technology/systems as changes are needed to HR systems, VAT systems, regulatory systems, etc.?

PwC expert Mary Rose Shelton emphasized that preparing for Brexit will give directors the opportunity to explore less emphasized areas of the company such as the supply chain, human resources outside of the US, and European and other overseas operations. Given that the greatest certainty at this point is that uncertainty will reign for some time to come, smart directors will begin asking the right questions now, helping their companies adapt to conditions as they evolve. Please reference NACD’s recent publication The Board’s Role in Brexit Oversight for additional questions boards can consider in response to Brexit.


Kimberly Simpson is NACD’s first regional director, providing strategic support to NACD chapters in the Capital Area, Atlanta, Florida, the Carolinas, and the Research Triangle. Simpson, a former general counsel, was a U.S. Marshall Memorial Fellow to Europe in 2005.

The Three Elements of a Successful Coaching Engagement

Hundreds, perhaps even thousands, of resources were published in 2016 alone reviewing the benefits of executive coaching – in peer-reviewed journals, in personal and business blog posts, and in the media. In recent years, coaching has become a buzzword, something that many organizations offer to employees who are identified as having a high potential to succeed.

Despite its popularity, executive coaching is often misunderstood in terms of how it differentiates from performance management and other leadership development offerings. The International Coach Federation (ICF) defines coaching as “partnering with clients in a thought-provoking and creative process that inspires them to maximize their personal and professional potential, which is particularly important in today’s uncertain and complex environment.”

As a development process, it can be hard to define what coaching is as it happens largely behind closed doors. The coaching process is highly personal, and structured to meet the needs of both the leader taking part as well as the sponsoring organization. Different leaders focus on different goals; different approaches or methodologies are effective for different leaders; and different coaches are needed for different leaders.

In seeking to understand more about executive coaching directly from its providers, a team from the Harvard Business Review developed an online questionnaire that was distributed to coaches and consultants throughout the country. The 140 individuals who responded to the survey provided feedback and insight into their own practices and the realities of coaching. In reviewing the feedback from the survey, there are three factors that are critical to the success of a coaching engagement:

Coaching Engagement

Level of motivation of the executive. According to the survey, executives who get the most out of coaching are those with a fierce willingness to learn and evolve – these individuals are often referred to as “coachable.” I frequently use Prochaska and DiClemente’s Stages of Change, also called the transtheoretical model, to assess an individual’s readiness to engage in intentional behavior change. In this model, there are five stages ranging from pre-contemplation (not intending to take action, may be unaware that their behavior is problematic) to maintenance (have made overt and conscientious changes and are actively working to prevent relapse of ineffective behaviors). Leaders who are motivated and prepared to make changes are more likely to advantage of the opportunities offered in coaching.

Chemistry between coach and leader. The relationship and dynamic between the coach and the leader is critical to ensuring success. Allowing the leader the opportunity to meet several coaches in person, or to consider their biographies, allows the leader to make the determination of which coach is best suited to working with them. There are many factors that are involved chemistry on the part of the coach – background, advanced degrees or training, expertise or niche, etc. This alliance will allow the coach and leader to build trust and rapport.

Commitment from top management to developing the leader. The final key element to a successful coaching engagement is support and commitment from the organization. There must be a desire to develop and retain the leader who is taking part in coaching; at the same time, there must be alignment on the goals and objectives that the leader is undertaking during the coaching program. Conversations with key stakeholders, such as the leader’s manager or Human Resources business partner, ensure buy-in and support.

These elements are just three of the many factors that are critical to support the coaching engagement. Others include utilizing appropriate assessments to understand personal leadership capabilities and environmental dynamics; creating an individual develop plan with actionable or SMART goals; and having an underlying methodology or process to follow, with milestones to track progress.

What other factors have you found to be important? Please share in the comments below!