Joanne Gray, Editor of AFR's BOSS Magazine, shares her take on what lies ahead for boards.
Boards of directors are seeking dynamic solutions to navigate the evolving landscape surrounding their positions. While there is no panacea for the growing complexity of corporate governance and compensation issues…
Directors and officers of both public and private companies operate in difficult, complex, and evolving business, legal, and regulatory environments. Challenges and risk exposures are unavoidable, and the speed of change shows no sign of slowing. Accordingly, it is imperative that directors and officers stay abreast of issues impacting the risk landscape and continually analyze how best to protect themselves. The recently released NACD Board Leadership report prepared with Marsh, “Evolving Directors & Officers Liability Environment Emerging Issues & Considerations,” identifies core areas of change and associated insurance concerns for directors & officers (D&O).
Four areas being closely watched today are discussed below.
Securities regulations and resulting enforcement and claims will change over the course of President Trump’s administration, although the extent of the change remains to be seen. Deregulation for financial institutions and other organizations is likely. Although deregulation may ease the regulatory burden on businesses in an effort to stimulate growth, it could lead to a rise in resulting claims due a potential decrease in transparency and mandated corporate guidelines.
We may also see a shift in how government regulatory agencies handle purported wrongdoing—perhaps with the assessment of fewer corporate penalties while continuing to hold culpable individuals accountable. Based on some of the recent U.S. Securities and Exchange Commission appointments — including the SEC Chair and co-heads of the SEC Division of Enforcement —many expect that the agency will continue to aggressively pursue culpable individuals.
Generally speaking, activism is on the rise, including environmental activism, shareholder activism, and other forms. The first climate change-related securities class action was filed in late 2016, and more are expected to follow. Some anticipate that, as a result of the Trump administration’s withdrawal from the Paris Agreement, environmental activists’ drive to advance their agenda—whether through civil litigation, shareholder resolution initiatives, or other means—will increase. In addition, we expect there to be more initiatives driven by state regulatory actions and non-governmental organizations.
Increase in Securities Claims
According to NERA Economic Consulting, the number of securities class action filings in the first quarter of 2017 was significantly higher than in past years. The number for the first quarter of 2017 stood at 144 filings of federal securities class actions, which is up from 102 filings in the first quarter of 2016. If filings continue at this rate, we expect there to be close to 500 securities class action filings in 2017 alone, a 66 percent increase from 2016. The rise in filings can be attributed to several factors including, but not limited to: the increase in merger objection-related filings in federal court; the increase in the number of securities plaintiff firms; and, arguably, a race to the courthouse before any new regulatory changes are implemented.
Cybersecurity-related losses continue to be one of the most worrisome potential exposures for companies. Despite some significant recent cyberbreaches, the first traditional securities class action litigation against directors and officers was only recently filed. The complaint generally alleges that the defendants made materially false and/or misleading statements about the breach. It also claims failure to disclose material adverse facts about the company’s business and operations specific to data protection, and the discovery and potential impact of the data breaches.
On the other hand, there have been a number of derivative lawsuits filed against companies’ directors and officers for alleged mismanagement of cybersecurity incidents. To date, defendants in this type of litigation have largely been successful in getting these cases dismissed by invoking the business judgement rule, among other defenses. However, a notable, recent settlement of one of these derivative actions while on appeal will likely continue to fuel the plaintiff’s bar’s drive to pursue cybersecurity-related D&O claims.
While each of the above can be viewed as discrete risks, they each share a common thread: increased exposure to directors and officers. As a best practice, all directors should regularly review their D&O insurance program with their insurance advisors to ensure adequate protection in the wake of the increasingly risky environment in which we live. Directors and the officers of their companies should ask themselves probing questions about their insurance coverage:
- Does my D&O insurance program provide sufficient limits of liability?
- Am I protected by Side-A Difference In Conditions insurance? If so, are those limits sufficient?
- How will my D&O insurance coverage respond in connection with a regulatory investigation? Will I be covered to the extent there is an internal investigation associated with an external regulatory investigation?
- Does the selection of insurers on my company’s D&O “tower” make the most sense should I need to turn to the insurers for coverage?
- How narrowly tailored is the exclusionary language in my policies? How favorable is the severability language?
By reviewing these questions in conjunction with their insurance programs on at least an annual basis, directors and officers will be more adequately prepared for the scenarios outlined above.
Sarah Downey is the D&O Product Leader at Marsh.
Pay for performance in the context of CEO compensation means more stock awards granted at a higher value to incentivize long-term goals…
General Electric Co. announced CEO, Jeff Immelt, would step down as chief executive, effective August 1, and will retire as chairman…
According to Forbes, 73% of Americans have fallen victim to some type of cybercrime, 47% have had their personal information exposed, and 80% of businesses have had some type of cyber-attack. Because of the global reach of cybercrime, the FBI notes that no single organization, agency or country can defend against it. So, what are we to do?
Cyber experts remind us that doing the basics will protect us from most of the issues: make sure you are regularly updating software and hardware (to include wireless printers), limit administrator rights, and don’t use default passwords (make them unique and strong). Some experts recommend disabling your wireless when you are not home, placing your router in the middle of the house, disabling remote access, and activating your Wi-Fi firewall; these simple steps just might prevent a complex headache…
Robert P. Silvers is a respected expert on Internet of Things security and effective corporate planning and response to cybersecurity incidents. Silvers is a partner at Paul Hastings and previously served as the Obama administration’s assistant secretary for cyber policy at the U.S. Department of Homeland Security. Silvers will speak at NACD’s 2017 Global Board Leaders’ Summit in October and NACD’s Technology Symposium in July.
Cybersecurity breaches pose a growing threat to any organization. As we’ve seen in recent years, and indeed in recent weeks, the most sophisticated companies and even governments aren’t immune from cyberattack. Ransomware has become a global menace, and payment data and customers’ personal information are routinely swiped and sold on the “dark web” in bulk. Next-generation Internet of Things devices are wowing consumers, but they are also targets, as Internet connectivity becomes standard-issue in more and more product lines.
How do directors prepare for this landscape? Everyone now acknowledges the importance of cybersecurity, but it is daunting to begin to think about implementing a cybersecurity plan because it’s technical, fast-moving, and has no “silver-bullet” solutions. Most boards now consult regularly with the organization’s information security team, but the discussions can be frustrating because it’s hard to gauge readiness and where the organization really stands in comparison to its peers. Sometimes directors confide in me, quietly and on the sidelines, that their real cybersecurity strategy is one of hope and prayer.
There are steps directors can take now to prepare for incidents so that when they occur the company’s response is well oiled. With the right resources and preparation, boards can safely navigate these difficult and unforeseen situations. Three key strategies can assist directors as they provide oversight for cybersecurity risks:
- Building relationships with law enforcement officials
- Having incident response plans in place (and practicing them)
- Staying educated on cybersecurity trends
2. Building Relationships With Law Enforcement Officials
It’s no secret that relationships are central to success. Building the right relationships now, before your worst-case scenario happens, will help manage the situation. The Federal Bureau of Investigation is generally the lead federal investigative agency when it comes to cybercrime, and the United States Secret Service also plays an important role in the financial services and payment systems sectors.
Boards should ensure company management educates law enforcement officials from these agencies about the company’s business and potential risks. In turn, the company should ask law enforcement to keep it apprised of emergent threats in real time. There should also be designated points of contact on each side to allow for ongoing communications and make it clear whom to contact during an incident. This is critical to ensuring that the company has allies already in place in the event that a cyberattack occurs.
2. Having—and Practicing—Incident Response Plans
Directors should ask to see copies of the company’s written cyberbreach response plan. This document is essential. A good incident response plan addresses the many parallel efforts that will need to take place during a cyberattack, including:
a. Technical investigation and remediation;
b. Public relations messaging;
c. Managing customer concern and fallout;
d. Managing human resources issues, particularly if employee data has been stolen or if the perpetrator of the attack is a rogue employee;
e. Coordination with law enforcement; and
f. Coordination with regulators and preparedness for the civil litigation that increasingly follows cyberattacks.
An incident response plan is only valuable if it is updated, if all the relevant divisions within a company are familiar with it, and if these divisions have “buy in” to the process. If the plan is old or a key division doesn’t feel bound by it, the plan isn’t going to work. Directors should insist the plan be updated regularly and that the company’s divisions exercise the plan through simulated cyber incidents, often called “table-top exercises.” Indeed, table-top exercises for the board itself can be an excellent way to familiarize directors with the company’s incident response plan and its cyber posture more generally.
3. Staying educated on cyber security trends
As your board is building relationships with law enforcement officials and preparing an incident response plan, directors should also be educating themselves on cyber risk. Cybersecurity becomes more approachable as you invest the time to learn—and it’s a fascinating subject that directors enjoy thinking about. Do you know what a breach will look like for your company? What protocols do you have in place in case something happens?
According to the 2016–2017 NACD Public Company Governance Survey, 89 percent of public company directors said cybersecurity is discussed regularly during board meetings. Since a majority of directors in the room agree that cybersecurity is worth discussing, directors should collectively and individually prioritize learning the ins and outs of cyber risks.
One easy way to stay up to date on the latest is to ask the company’s information technology security team for periodic reports of the most significant security events that the company has encountered. This will give directors a feel for the rhythm of threats the company faces day in and day out.
Another option is for directors to take a professional course and get certified. The NACD Cyber-Risk Oversight Program is a great example of a course designed to help directors enhance their cybersecurity literacy and strengthen the board’s role in providing oversight for cyber preparedness. Consider these options to keep yourself as educated and informed as possible.
The more you can prepare individually, the better off you will be when you have to provide oversight for a cybersecurity breach at your company.
We all have participated in difficult conversations whether in our personal lives or our business lives. Many of us have been on the receiving end and some have had the task to deliver a difficult message. No matter which side you are on, these types of conversations can be filled with anxiety and some fear. For the person delivering the message, it could create such negative anticipation that you fail to communicate effectively what you want the person to hear. On the other hand if you are the person receiving the message, angst and negative anticipation may lead to a failure to reflect realistically about you and your performance.
If you are in a management role and have to deliver negative feedback to someone who works for you, here are a couple of tips to consider before moving forward.
- Develop the outcomes you are trying to achieve before you begin the conversation. Focus on solutions.
- Document all performance related conversations and share them with your employee.
- Try to have a conversation rather than a scripted event.
- Ask the employee to verbally review his/her performance before you give your own observations. If the person is missing the mark, ask additional questions to get the individual to focus on behaviors and outcomes.
- Always focus on the employee’s behaviors and outcomes and never make any personal attacks. Don’t allege intent; have a conversation so you can understand the other person’s point of view.
- In general listen more and talk less. Ground rules could include each person repeating back what they heard before making their own comments. This encourages active listening.
- Be prepared with specific past performance issues should the employee forget to remember situations. Provide focus assistance if the person is straying from the appropriate subject matter.
- Remind the employee of expectations at the time of an assignment and the measurements for success along with the actual results. This could include previous conversations in which their performance was called into question and what the results were from those conversations.
- Be open minded yourself to another person’s observations and perspectives
- In most cases if you are giving constructive feedback on a regular basis, difficult conversations are simply a continuation of the process and will not and should not be a surprise to the employee.
Relationships matter and while you don’t need to be best friends with people who work for you, you should always treat them respectfully and do everything you can to help them succeed. Part of your responsibility being a manager means holding people accountable, which can in turn lead to difficult conversations. As a manager, work on being honest and considerate, while providing encouragement for the individual to improve.
Management Resource Group, Ltd.
Champions of business women have been honored each year since 2001 by the prominent civil rights organization Legal Momentum with its Aiming High Award. Stephanie Drescher, global head, business development and investor relationship management at Apollo Global Management, is one of three honorees this year.
The seventeenth annual Legal Momentum Aiming High Awards were presented at a luncheon on June 15 in New York City.
In addition to Drescher, this year’s award recipients are:
- Brad S. Karp, chair, Paul, Weiss, Rifkind, Wharton & Garrison, and winner of the Man of Distinction honor
- Lisa Garcia Quiroz, senior vice president, president of the Time Warner Foundation, and chief diversity officer of Time Warner
Economics and psychology might seem like an unlikely academic pairing for a Barnard College undergrad, but it was a natural combination for Stephanie Drescher—and one that helped inform her career. By applying the analytical aspects of economics with an understanding of what drives collaborative work environments, she developed a keen sense of how to achieve optimal results within complex organizations.
Drescher has since distinguished herself as one of the most successful women in the global private equity industry. After spending the first 10 years of her career at JPMorgan Chase & Co. in a variety of roles, including serving on the boards of the firm’s private equity and venture capital businesses, she joined Apollo Global Management in 2009, heading the firm’s business development and investor relationship operations.
Founded in 1990, Apollo currently has $197 billion in assets under management, and Drescher has played an influential role in building the firm into the financial powerhouse it is today. Drescher recently reflected on her career and role as a mentor in a telephone interview.
How did mentorship position you for success in the financial sector?
Early on in my career, I saw many examples of women who were in leadership positions, and they were great role models for me. That was certainly one element of being able to see a path forward. Equally as important were men who throughout my career have served as mentors and sponsors. These people came to know me quite well and were crucial in helping guide me as I developed professionally.
One key piece of advice I received early on: think of yourself as the CEO of your own career and have a board of directors you can reach out to for advice as you encounter new challenges. That framework is one that I often share with others as they set out in their careers.
How does Apollo cultivate a collaborative atmosphere?
The first thing that comes to mind is our investment committee. Everyone is invited to contribute. If you are the most recent addition to the investment team, or you’ve been there since day one, everyone sits around one—now very big—table to discuss the investments. It’s a very deliberate way to create an opportunity for everyone to learn from one another, and evaluate each opportunity from different perspectives.
I think it’s a testament to the strength of our firm that we’ve been able to maintain such a productive, collaborative atmosphere even amid our tremendous growth. When I joined, we had fewer than 100 people and managed around $15 billion. Roll forward to today, and we’re managing upwards of $200 billion with more than 1,000 people on staff. Our core culture remains the same, which enables us to deliver best-in-class performance to our global investor base.
In your experience, are investors pressing more on diversity and inclusion issues?
It’s certainly a topic of increasing interest and conversation with our institutional investors. They have many choices as to where they invest their capital, and ultimately, they want to work with firms that are focused on doing their part in terms of diversity and inclusion.
How is Apollo working to fortify talent pipelines internally and in its portfolio companies?
We are proud of a number of initiatives that we started at Apollo. In 2014, we launched our veteran’s initiative, which encourages Apollo and its portfolio companies to recruit, hire, and retain veterans and their spouses. That has been a great success.
We also recently launched the Apollo Women’s Empowerment initiative, which I co-chair with our global head of credit. We have spent a great amount of time developing a steering committee with a number of initiatives to allow for development of our women networking, and engagement with industry groups, external leaders, and the community.
How do you serve as a mentor to young women?
It starts with a commitment to engage with the wider community, which is very important for all of us at the firm. A specific area of interest for me has been my involvement with the Young Women’s Leadership Network. It’s a group of all-girls schools in underserved communities that prepare their students for college. I think it’s just another way of ensuring that as we rise in our own careers, we look to lift those around us by serving as mentors, sounding boards, and role models.
Compensation and performance incentives have shined a light on what boards and companies value most in terms of performance and goals…