NACD Director Certification—Why and How

Later this year, after more than four decades as the nation’s leader in director education, NACD will blaze a new path by launching the first-ever certification program for board members in the United States. Here’s more on why and how.

Background

NACD was founded with the
objective of equipping directors with the knowledge they need to serve with
confidence in the boardroom. Just as with every other profession, directors
benefit from best practices, research-driven education, and shared experiences.
As fiduciaries overseeing enterprises, directors need to understand both the
companies they serve and the environment around them, as well as the particular
demands of their oversight and advisory roles.

Much of that preparation comes from a director’s own career experiences, combined with the “on the job” training they will have received while serving on a particular board. But today, given the pace of change in business conditions, shifting stakeholder expectations, and the growing number of first-time directors serving on boards, external director education is needed more than ever. That is why we developed a director education framework in 2015 to provide an established foundation that underpins the content for our thought leadership and for NACD’s 300 local and national director education programs.

Why Certification?

So why are we taking director education a step further now with a certification program? Ira M. Millstein, chair of the NACD Blue Ribbon Commission on Director Professionalism, noted in his 1995 pioneering article on the “professional board” that “while we should not hear any significant calls for requiring ‘official’ director certification in the United States, many US boards will do their own certification simply through the process of selection and periodic performance reviews. They will seek competent, credible, knowledgeable candidates who are capable of, and willing to, do their homework.” 

This informal process of
board certification has worked for many years, as has our long history of
providing director education and credentialing via our Fellowship program. But
today the expectations that directors must meet or exceed are greater than when
Millstein wrote his article. As a result, we are formalizing director education
with a nationally recognized credential that will serve as a seal of approval affirming
that new directors have the knowledge, skills, and abilities needed to serve
competently on a board. While we can never certify a director for his or her
ethics, we can certify competency in a baseline body of knowledge, bolstered by
additional continuing education requirements (which incidentally do include
ethics as part of the curriculum).

Here are four reasons why
we have taken this additional step in our evolution:

Exam-based certification is a way for directors to test and prove their growing knowledge. Our 2018–2019 NACD Public Company Governance Survey showed that 69 percent of respondents said that their board dedicates resources to continuing education, and 59 percent agreed that education is “necessary for director effectiveness.” The survey showed that directors on average are already devoting 20 hours per year to learning more about their responsibilities in the boardroom, but they lack formal evidence of their knowledge and competence. By providing formal testing and certification, NACD’s certificate will provide such evidence. Our many years of building a community of directors has enabled us to create a test by directors, for directors, based on the real issues encountered by boards that seek to be effective. Furthermore, thanks to ongoing advisory and evaluation work, we have reached a point in our evolution where we understand as never before the real issues facing boards. Our Board Advisory Services has guided more than 1,000 board self-evaluations since beginning formal evaluation services in 2000, and our membership community has passed the 20,000 mark. Had we developed tests earlier in time, they may not have had the same realism as the ones we are developing now. NACD’s store of knowledge, after decades of development, is now fully comprehensive. Our two dozen Board Resource Centers on topics ranging from audit committee issues to sustainability show the breadth and depth of what directors need to know. These resource centers did not emerge overnight; they build on more than a quarter of a century of convening Blue Ribbon Commissions and conducting surveys. For decades, NACD has been convening the brightest minds in governance to create the materials supporting this credential, informed by such resources. This new certification and the rigor it provides is in many ways a culmination of this work.Last but not least, certifying directors helps us live up to our “world class” status as we participate in a global community of directors where exam-based certification is already a practice. As the newly elected chair of the Global Network of Director Institutes (GNDI), I am familiar with the practices of the 20 other members of the GNDI. Many of them already have exam-based certification, and we can learn from their experiences—both positive and negative—now as never before.

How Will It Work?

Our first step in moving
toward certification has been—in collaboration with hundreds of board members
serving on the boards of all types of companies—to develop a comprehensive
overview of the knowledge, skills, and abilities (KSAs) that are required for
corporate directors to lead with confidence in the boardroom. Next, we are
working with select members of our community of more than 20,000 members to
help create an exam that verifies those KSAs. Exam registration also comes with
a comprehensive study guide that will help certification applicants prepare for
the test. 

To provide guidance and
direction for the new certification program, NACD has formed and is leveraging
a steering committee of highly experienced corporate directors and corporate
governance practitioners that includes these distinguished individuals:

Dennis Beresford, Former Chair
of the FASB; Former Director, Fannie Mae, Kimberly Clark, and Legg-MasonMichele Hooper, Director, PPG Industries,
United Continental Holdings, and UnitedHealth GroupGlenn Hubbard, Director,
Automated Data Processing (ADP), MetLife, and BlackRock Closed-End Funds; Dean
of Columbia Business SchoolSimon Lorne, Director, Teledyne Technologies; Vice Chair and
Chief Legal Officer, Millennium Management; Former General Counsel, US
Securities and Exchange CommissionBill McNabb, Former Board Chair and CEO, Vanguard;
Director of UnitedHealth Group; Executive in Residence at the Raj & Kamla
Gupta Governance Institute, LeBow College of BusinessMyron Steele, Former Chief
Justice of the Delaware Supreme Court; Partner, Potter Anderson & Corroon
LLPDona Young, Lead Director, Foot Locker; Member of the
Supervisory Board, Aegon, NV; Director, NACD

This is an impressive
group of some of the best minds in board governance, and I am honored that they
have agreed to devote time to this historic effort.

With directors like these
on our steering committee, our members who have volunteered to inform the test
development process, and with all the leading-edge resources NACD has developed
through the years, I sincerely believe we are creating a meaningful and
effective credential for directors.

I invite you to be part of one of the most important initiatives in NACD’s history to help elevate the profession of directorship, and to advance good governance in America. Visit www.NACDonline.org/Certification to learn more. 

Overseeing Disruptive Risk? Security Ratings Can Help.

On a global basis, directors and the companies
that they oversee are facing disruptions caused by geopolitical volatility,
economic slowdown, emerging technologies, cybersecurity threats, and climate
change, among other forces. The pace of change just keeps speeding up.

It is important to note that while disruptive
risks are one among main concerns for directors, their confidence in corporate
risk management is low. As risks continue to evolve, the way corporate
directors and their organizations handle them must evolve as well. This
disconnect between may belie their low confidence in overseeing these changing
risks.

In BitSight’s newest Cyber Risk Monitor report, respect risk expert and NACD member James Lam details five recommendations for directors to manage disruptive risk within their organization. Within this list, he offers that corporate directors should “ensure board-level risk metrics and reports are effective.”

As stated in the report, one unique aspect of
disruptive risks is that they are usually very subjective and, as a result, can
be full of the influence of cognitive biases. It’s critical that organizations
have objective, independent data that allows them to both report on and
understand the state of the company’s cybersecurity. In addition to traditional
security assessment practices (like penetration tests and questionnaires, for
instance), security ratings can offer an objective, quantifiable measurement of
an organization’s security posture that the board can understand in the context
of industry, region, or competitive peer group. 

When we look at disruptive risk—particularly
cyber risks or incidents—it’s no secret that organizations are being held to significantly
higher standards of cybersecurity outcomes than ever before. Regulatory bodies,
boards, and executive teams all are driving for better oversight and
accountability regarding data breaches and cybersecurity. Companies and their
leadership are seeking to prevent the inevitable backlash from customers,
business partners, and regulators that is inevitable when a breach occurs,
demonstrating their failure to meet cybersecurity industry-wide standards of
care.

Security and risk leaders are challenged with
trying to understand what constitutes a reasonable, industry-wide standard of
care when it comes to cybersecurity performance. What was good enough yesterday
may not be today, and will almost certainly not be good enough next year. Not
to mention, the traditional approaches to cybersecurity performance metrics are
limited in scope, focus only on a point-in-time, and are subjective in nature, not
comparative.

As a result, security and risk leaders are
forced to make important decisions about their cybersecurity programs based on
an incomplete set of data. This lack of visibility and context can often result
in ineffective spending and misalignment of resources, two areas of insight
critically needed to adequately protect any organization’s security.

Using security ratings to manage security performance helps security and risk leaders, and the directors who oversee their decisions, take a risk-based, outcome-driven approach to managing the performance of their organization’s cybersecurity program. Security ratings enable broad measurement, continuous monitoring, and detailed planning and forecasting in an effort to measurably reduce cyber risk. Using the Security Rating as this baseline metric of cybersecurity program performance, security and risk leaders finally have an objective, independent, and broadly adopted key performance indicator to continuously and efficiently assess security posture, set program goals, track progress, and report meaningful information to executives and ultimately to you—the board.

Looking to learn more? Download BitSight’s latest Cyber Risk Monitor Report, prepared exclusively for directors of companies.

Avoid Three D&I Pitfalls By Strengthening the Board’s Agenda

Boards are increasingly beginning to recognize diversity and
inclusion (D&I) as an important agenda item. Why? D&I is a field of
practice that requires board oversight as management teams expand D&I programs
and investors make gender and racial equity concerns a major engagement priority.
These conversations can present a unique challenge for boards that are often
comprised of leaders who lack D&I expertise themselves and struggle to make
their own composition more diverse.

To keep pace, corporate directors need to understand how the
D&I conversation is evolving and how to avoid key pitfalls in providing
effective oversight.

An Evolving Agenda 

As corporate D&I initiatives have matured, internal priorities
have also shifted. Having successfully established the business case for diversity,
most organizations are now focused on realizing and measuring progress against
their objectives. The conversation is becoming less about the reasons why D&I
goals are important, and more about the substance of how to achieve and measure
them.  There is also an increasing
recognition that the low-hanging fruit of basic policies and procedures, while
necessary, are insufficient to achieving lasting D&I objectives.  

As a result, the role of culture and leadership are
increasingly coming into focus. 

Without a supportive culture, any improvement in the
workplace can be difficult to sustain. To unlock the potential of diversity programs,
organizations are focused on creating a more inclusive culture where each employee
has a sense of belonging. At the same time, there is a recognition that leaders,
especially the board chair and CEO, have a critical role to play in creating
and modelling that culture.

Three Pitfalls for
the Board to Avoid 

While every organization will find itself at a different level of maturity, there are a few common pitfalls boards should seek to avoid in providing effective advice and oversight to management teams.

1.Settling for “HR as PR”.  Growing evidence suggests that management teams tend to invest in well-intentioned D&I initiatives that are easy-to-measure but fail to drive meaningful outcomes.  As boards provide oversight to D&I programs this is an important risk to monitor and probe.

In a desire to establish the right tone and signal commitment to D&I, companies often invest in one-off programs like bias training that are visible with easy-to-measure outputs (e.g. number of employees trained). However, there is substantial evidence that some of the most popular practices—such as mandatory unconscious bias training—fail to have any measurable impact and may even increase bias. (Some research suggests that anti-bias messages may unintentionally back-fire when employees perceive they are being told what to think.)

In some cases, public relations (PR) might
be necessary, as many would argue was the case with Starbuck’s decision to
close 8,000 stores to conduct anti-bias training. However, easy-to-report
training programs often fail to achieve their intended effect. This is
particularly true of compliance-oriented training focused on avoiding lawsuits rather
than improving workplace culture.  

So what types of practices actually work? Evidence suggests that less flashy investments like mentoring programs, diversity committees that include employees from across the firm and of varying backgrounds, and active, intentional recruiting programs can all help improve outcomes.  Evidence also suggests that enhancements to rewards, such as same-sex domestic partner benefits and fertility benefits, can improve outcomes. Additionally, flexible work policies, supported by the right culture and environment, are increasingly important elements of the employee value proposition.

While it’s not the board’s role
to identify specific initiatives that management undertakes, the board does
play a critical role in ensuring management has a D&I strategy, establishes
clear goals, and is tracking progress against them.

To that end, boards should ask
management the following questions:

How are you measuring the effectiveness of your D&I programs?Which ones are the most and least effective, and why?

2. Not Listening to Employees. One of the biggest mistakes boards make is not asking management for a direct line of sight into employee perceptions, beyond a grievance hotline, about the company’s culture and policies.

From a risk assurance perspective, boards need to understand whether the company’s culture is a strength or a liability. Organizations with a toxic culture are, by definition, not inclusive. They also face heightened legal and reputational exposures which can hide below the surface. For example, one large transportation company is facing discrimination lawsuits and reputational harm related to poor working conditions at an acquired warehouse.

Employee perceptions are also critical to understanding the effectiveness of policies. For example, one organization found that their flex time policy—intended to support women in leadership—had very low uptake because employees were worried that taking advantage of it would harm their chances of promotion. They found that the key to uptake was resetting perceptions of the policy and making flexibility the default, rather than the exception.

Culture is critical to understanding both
risks and upside opportunities related to D&I investments. And the only way
to get a clear view into the culture is to listen to employees through surveys
or other mechanisms such as collecting feedback during annual reviews.   

To obtain better visibility into the risks
and opportunities related to culture, boards should ask management the
following questions:

Do employees perceive the workplace culture to
be inclusive?How do employee perceptions compare with
competitors’ employee perceptions? How have perceptions changed over time?

3. Leading from Behind. Traditionally, boards have delivered little oversight of human capital issues below the C-suite, focusing primarily on executive compensation and CEO succession.  That is starting to change as investors scrutinize not only D&I, but also overall human capital strategy and risks.

As a result, the scope of board oversight is expanding to broader workforce issues, including diversity. Organizations are also examining broader social risks as investors evaluate companies’ “social license” to operate and their relationships with key stakeholders and communities.   

As the scope of these
conversation broaden, boards need to examine their own experiences and
expertise. Your board may need to fill 
gaps in providing effective oversight for these risks. 

Boards also have a significant opportunity to demonstrate leadership on D&I from the boardroom. When the board and executive committee publicly champion D&I—and commit to follow through on D&I objectives, regardless of their own makeup—it has a measurable impact on key talent outcomes, including employee loyalty and effort. To be successful, D&I initiatives require advocates and accomplices in places of power, including the board.

A recent study from Russell Reynolds found that when the board and executive committee champion D&I, a number of key human capital outcomes improved. Specifically, employees reported being:

25 percent more engaged;47 percent more creative; and 43 percent more likely to stay.

Improving the inclusiveness of the workplace and changing toxic cultures has also been shown to improve the health and general wellbeing of employees, particularly women of color and others traditionally left out of corporate management.

As boards look to
provide leadership on this issue to the broader organization, they should ask
themselves the following questions: 

What can we do to improve the diversity of our
board in 2019? What new skills and experiences do we need to
provide effective oversight? Do we have an expert in D&I that can help
expose blind spots? How can we signal our commitment to D&I to
the broader organization?

We see the best boards advancing the company’s D&I
agenda by focusing on the three following priorities:

Moving Beyond “HR as PR” to Gauge Program EffectivenessFocusing on the Employee Experience (Not Just Policy and Procedure)Modeling Inclusive Leadership for the Organization

As the D&I agendas for management teams and investors
evolve, boards need to update their agenda as well.

Michael Griffin is founder and principal of Spring Pond Partners, a research boutique that helps investors and organizations evaluate culture and human capital factors at issuers and their link to performance. He is a former chief research officer at CEB (now Gartner).

The author would like to thank Rebecca Adamson, founder of First Peoples Worldwide, and Jochebed Bogunjoko, investment associate formerly at Tiedemann Advisors, for their significant contributions to this article. Any errors or omissions are the author’s own.

Sustainability Reporting: Why Boards Should Care

A recent
survey of more than 500 public company directors noted that although environmental,
social, and governance (ESG) issues are currently a relatively low priority for
many boards, most directors would like their boards to become more proactive
and enhance ESG oversight. Specifically, 53.6 percent would like their board to
improve its understanding of the company’s current levels of ESG-related
performance, and 49.8 percent would like to ensure ESG issues are strongly
linked to the company’s strategy. This growing interest is likely due to
increased shareholder activism evidenced by high-profile proxy battles over
ESG-related topics and institutional investors proactively assessing ESG
performance of companies in their portfolios.

We often hear the assertion that corporate leadership is
needed to enhance civilization’s ability to address a litany of critical social
concerns. More often executives are called on to address environmental,
economic, and social challenges, and enable the general welfare of present and
future generations. While this may be a vague assertion to some, the reality of
ESG criteria is that the concept offers powerful differentiators for screening
investments and grounds the discussion in ways that can’t be ignored in
boardrooms and C-suites.

The above research suggests that the CEO’s level of
interest is crucial for companies to progress from passive interest in ESG to
an action-oriented perspective about sustainability issues.

With that critical transition in mind, two important
developments to watch are offered.

Further evidence sustainable
investing is on the rise. Sustainable-, responsible-, and impact-investing assets have
expanded to $12 trillion in the United States, up 38 percent from $8.7 trillion
in 2016. Much of this growth is driven by asset managers considering ESG
criteria across $11.6 trillion in assets, up 44 percent from $8.1 trillion in
2016. The top issue for these asset managers and their institutional investor
clients is climate change and carbon emissions. From 2016 through the first
half of 2018, 165 institutional investors and 54 investment managers
controlling $1.8 trillion in assets under management filed
or co-filed shareholder resolutions on ESG issues.Evidence of responsible investing
emerging as a source of outperformance. A recently
released study by an asset management company noted that during the period
from 2014 to 2017, responsible investing was generally a source of
outperformance in both the Eurozone and North America. In the Eurozone, all ESG
pillars and ESG score integration displayed positive returns, with the
governance pillar dominating. In North America, ESG investing during this same
period (2014 to 2017) also displayed positive returns, although the
environmental component was the biggest winner. The study also noted that the
massive mobilization of institutional investors regarding ESG investing in
Europe has impacted demand mechanisms, with a consequent effect on prices,
thereby triggering a performance premium.

These two developments warrant close attention. The world
is changing and investors are taking notice. That alone directs equity market
focus to companies committed to sustainable performance largely because they
are demonstrating an ability to adapt to changing business realities.

In addition to the previously mentioned developments, key
factors follow for interested companies to monitor going forward.

Competitors issuing voluntary reports. As more companies report voluntarily, peers must consider whether to follow suit. The Sustainability Accounting Standards Board (SASB) provides useful examples of companies reporting in accordance with its standards to illustrate the transparency and impact of such reports on risk management, long-term performance, and brand image.US Securities and Exchange Commission (SEC) mandates. The SEC has been petitioned to standardize and mandate ESG disclosures through rulemaking. However, to date the Commission has been content to let market forces determine what issuers report.Attestation of selected sustainability information is increasing. Attestation has a long way to go in North America as it continues to lag behind the European Union in the number of externally assured reports. Voluntary use of attestation services is a key factor to watch.Pressure from activist shareholders. Pressure comes in many forms. For example, activists apply pressure on boards to change their composition and management incentives in the proxy process. They use ESG screening criteria to drive investment decisions within their portfolios. Institutional investors (e.g., BlackRock, Vanguard) are communicating pointed messages to boards and CEOs regarding the importance of ESG-related issues. It bears watching their actions closely to see if their bite matches their bark.Convergence of frameworks. Because the SASB standards are tailored specifically to U.S. companies and SEC filings, it is likely that they will continue to gain traction in the United States. But there are other frameworks in use. The SASB, Global Reporting Initiative, and International Integrated Reporting Council have announced a two-year project to collaborate on standardization of sustainability reporting frameworks, as well as on frameworks that promote further integration between nonfinancial and financial reporting. Progress on this effort to harmonize frameworks and metrics can raise the level of investor interest.Disruptive industry developments. Dutch Royal Shell’s decision to tie executive pay to carbon emissions is an example of an industry-first commitment to link incentive compensation to climate change. The automobile industry also is investing heavily in hybrid and electric cars, and its attendant effects on the oil and gas and power industries is another example of pending disruption.

Exactly how the future of sustainability reporting will
unfold remains to be seen. Voluntary reporting and submission to attestation,
coupled with pressure from activists and the convergence of global reporting
standards, will provide a powerful mix of forces that could move the meter in
many boardrooms and C-suites.

The eight key factors listed above bear monitoring by your
board going forward, as new developments could nudge boards and chief executives
toward improving the relevancy and transparency of sustainability performance
to investors.

Why Humans Are Still Security’s Weakest Link

Although security leaders may be effective at reducing the impact of cyberattacks within their own four walls, board directors should be aware that malicious insiders are still one of the top two threats, according to our research. It is a fact that serves as a timely reminder for all organizations—protect yourselves from the inside out.

According to the Accenture Ninth Annual Cost of Cybercrime Study, organizations have experienced sizable increases in phishing and social engineering attacks, up 16 percent; ransomware, up 15 percent; and stolen devices, up 13 percent in just one year. These are all areas of concern that give credibility to the argument that humans are still the weakest link when it comes to an organization’s cybersecurity defenses. And with 71 percent being vulnerable to hacking groups using spear phishing, a 55 percent spam rate, and 669 million new malware threats in the last couple of years, a momentary lapse of concentration can prove highly damaging. The prospect of 200 billion connected things by the year 2020 means this vulnerability is only going to get worse for your company and its employees.

Today, the security function is largely
centralized and its staff are often excluded when new products, services, and
processes—all of which involve some sort of cyber risk—are being developed.
This siloed approach can result in a lack of accountability across the
organization and a misplaced perception that security isn’t everyone’s
responsibility—only 16 percent of CISOs in our survey said employees are
responsible for cybersecurity today.

At a granular level, even where
organizations regularly pressure test their resilience, people can invalidate
red and blue team exercises. They may have difficulty behaving like a real
adversary, or they develop “blue team fatigue” following a constant stream of
demoralizing attacks. Worse still, they may develop unhealthy divisions and
fail to communicate effectively before, during, and after an exercise.

As a result, the board should assume the
task of holding the c-suite accountable for putting people first as a security
priority throughout the organization.

Being
Accountable

To tackle insider threats and foster a
culture of accountability, boards should ensure that CEOs rally human
resources, talent development, legal, and information technology teams to work
closely with the security office and business units. Here are five ways
directors can suggest that their organizations take on this risk from within:

  1. Train and reinforce safe behaviors. New
    work arrangements—greater use of contractors and remote work—make the need for
    employee training more urgent. Yet, training employees to think and act with
    security in mind is the most underfunded activity in cybersecurity budgets. Immersive
    communications and gamified learning can create sustained behavior change that
    could drive greater security.
  2. Build cybersecurity champions.
    Cybersecurity champions can not only act as advocates for security across the
    organization, they can also provide feedback to the central team on the
    effectiveness of security programs. As with many other facets of culture, the
    board can lead the way by becoming cybersecurity champions.
  3. Reward “security-first” behaviors. In
    our survey, only 41 percent of companies indicated that they offer incentives
    for business leaders who are committed to cybersecurity. Rewards are one tool
    that boards can use to stimulate the desired cybersecurity hygiene behaviors
    throughout the organization.
  4. Maintain strong defenses. As well
    as standard data protection techniques such as encryption and rights management,
    user and entity behavior analytics (UEBA) systems can flag suspicious employee
    activity, such as unusual file transfers that could indicate criminal intent.
    Ask about whether or not the security team has these practices in place.
  5. Help people be prepared. Suggest that
    the security team become ready by running and testing for end-to-end
    effectiveness. Their practice should be monitoring activity continuously and
    vigilantly, using sophisticated techniques such as micro-segmentation for
    access control—keep the sensitive safe to achieve damage limitation in the
    event of a breach.

Creating
Security-first People

People are often unaware of cybersecurity threats, think they’re already protected by existing procedures, or underestimate the repercussions of a security breach. And while there is no single behavior that keeps people secure online, the vulnerabilities posed by humans can be effectively addressed.

Accenture has developed a Human
Vulnerability Assessment—a diagnostic tool based on a data-centric approach. It
identifies the highest priority areas to help people stay safe, the immediate
actions and interventions needed to improve their weaknesses, and offers
benchmarks to make comparisons across industries or geographies.

If you expect to fully protect your
high-value assets, keep “the people dimension” in mind.  When security behaviors are better monitored
and managed, people can be part of the solution, not the problem. 

Bob Kress is a managing director at Accenture Security where he is the co-chief operating officer and the global lead for quality and risk.

Investors Sound Alarm Bells On Climate. Are You Listening?

Let’s add the World Economic Forum to the list of organizations sounding a clarion call on climate change. Their recent risks report identifies climate change as one of the most severe risks that the world faces, and warns, “it is in relation to the environment that the world is most clearly sleepwalking into catastrophe.”

Investors heard the wake-up calls
early, and have been raising the alarm with companies. Over the past
decade, we have seen rapid growth in shareholder engagement on environmental,
social, and governance (ESG) issues in general, and on climate change in
particular.

One of the most important tools that investors have for engaging with companies on these issues is shareholder resolutions. In 2017 alone, investors filed a record 175 proposals on climate change with U.S. and non-U.S companies, with many of them receiving record-high voting support.

It is important to keep in mind that
investor attention to climate change is not motivated by social good or
altruism. As the owners of companies, investors, particularly long-term
investors, have a financial interest in ensuring that the board and management
can maintain corporate resiliency and build long-term value.

Shareholders file climate-related resolutions
for economic reasons. They want to be sure company executives and their boards
are doing all that they can to prepare for climate-related business and
economic disruptions, including operational impacts, regulatory shifts, supply
chain ripples, and potential reputation risks. By digging in and engaging on
these questions, investors are looking for climate-resilient strategies that
strengthen corporate performance and value creation.

Non-binding shareholder resolutions are hardly a new tool. In place for nearly a century under the U.S. Securities and Exchange Commission (SEC) Rule 14a-8, the process allows qualifying investors to submit resolutions that can be voted on by all company shareholders. It is a constructive, low-cost way for investors of all sizes to engage with company management and boards in a transparent way.

Unfortunately, this process is under
attack by interest groups painting these resolutions as driven by
investors with political agendas. We believe that this is incorrect, as it
implies that investors who file these resolutions are fringe or minor players.

In fact, Wall Street icons such as
BlackRock, State Street Corp., Fidelity Investments, Vanguard, and other large
institutional investors are among those who consistently support climate
resolutions. Collectively, these institutions manage over $16 trillion in
assets.

Additionally, from our perspective, to
say that climate resolutions are politically motivated is also untrue. While
climate change has unfortunately been politicized in this country, the business
and financial risks that it poses to corporate value are very real—and material.

Look no further than the recent National Climate Assessment showing that climate change is already impacting all parts of the United States. This report, which was developed based on contributions by 13 federal agencies, predicts that if significant steps are not taken to mitigate climate warming, the damage could shrink the country’s gross domestic product by as much as 10 percent by century’s end. That’s more than double the losses from the Great Recession a decade ago.

The business impacts are clear: In 2017, 73 companies on the S&P 500 publicly disclosed a material effect on earnings from extreme weather events, and 90 percent felt the effect was negative. Supply chain disruptions due to climate risk have increased 29 percent since 2012 according to Dow Jones.

In addition, the business case for proactive focus on climate and broader ESG issues is also strong. Academic and investment research—including studies by Bank of America Corp., Morgan Stanley, and JP Morgan—show that serious corporate attention to climate and ESG issues delivers higher stock returns, incurs lower capital costs, and lowers volatility risks.

So what should companies and boards
do when faced with investors who are looking to engage with them, including
through the shareholder resolution process, on climate change?

Previously, we wrote about the responsibility of the board to oversee material climate change risks and opportunities. The following suggestions build on those made in a previous article. 

  1. Engage. Research has consistently shown that boards and management make the best decisions when considering multiple perspectives. Rather than hesitate in the face of investors who are looking to engage on climate change, boards should remember that as owners of the company, investors, have an equal interest in the financial wellbeing of the enterprise, and have an important point of view to bring to the table. The sheer act of dialogue could serve to provide valuable information to boards and management and, importantly, generates goodwill. Ceres’ report Lead from the Top notes that shareholder engagement on climate and ESG is an important step to helping the board build its own fluency in these issues.
  • Disclose. Our economy and capital markets work best when companies engage in robust disclosure. Company management and their boards have critical roles in helping their companies provide the kind of climate risk disclosure that investors are requesting in shareholder resolutions. Frameworks like the recommendations from the Task Force on Climate Related Financial Disclosures (TCFD) provide an important starting point.

By partnering and engaging with
investors, boards can help ensure that companies are more resilient, prepared,
and profitable in navigating fast-changing global risks.

And being prepared is a win-win for
everyone.

Mindy Lubber is the CEO and president of Ceres. Veena Ramani is the senior director for capital market systems program at Ceres. Ceres is a sustainability nonprofit organization working with the most influential investors and companies to build leadership and drive solutions throughout the economy.

Overseeing the Intersection of Digital Transformation and Cybersecurity

We’ve all heard the buzz word “digital,” and I am often asked
questions about how to analyze and oversee the risks of enterprise-wide digital
transformation. While a possible nuisance to the person asking, my first answer
tends to be a question.

What do you believe it means for your enterprise to become
digital?

Only once your company answers that question can the
challenges and risks associated with a well-managed transformation be weighed.
Invariably, the answers to this question are unique and divergent. The answers
also, by necessity, should include insights into these added threads:

  • How do we manage digital transformation risks
    without taking our focus off cybersecurity?
  • What is the role that cybersecurity plays during
    digital transformation?

Cybersecurity and digital transformation are two areas that
are rife with risk, and are shaping challenges around enterprise risk
management (ERM) that are both divergent and orthogonal.

In order to reengineer the enterprise for digital
excellence, cybersecurity risks must be considered hand-in-hand with the risks
inherent in disparate digital infrastructures. Our consumers and stakeholders
expect mobility, with just-in-time, just-in-context service. They also expect
the digital experience to include interaction expected anywhere in the world
the consumer may happen to be located, while at the same time responding
immediately to changes in consumer behaviors.

No pressure, right?

Digital transformation is critical to most enterprises, but
how can the board successfully oversee these the management of these new risks?
First, the board should consider the operational changes that come with digital
transformation.

Defining
Enterprise-Wide Digital Transformation

To achieve the new digital paradigm, enterprises embrace new
technology models to deliver a digital experience for end consumers. These
models often require vast adjustments to the organization, business, and
technology operating models to be successful.

Consider this example. To meet consumer demands for digital
experiences, enterprises are embracing cloud services as a platform to
accelerate delivery of a product or service. This means that there is no physical
data center lurking in a corner of your corporate headquarters where your
technology operations team goes to provision, configure, and adjust wiring and
floor space. There are no blinky-lighted servers on site that developers and
the business historically have monitored.

What does this change bring?

  • Operating model change.
  • Technology model change.
  • New risks.

Continuing with the example, infrastructure-as-a-service
capabilities like the ones offered by Amazon Web Services (AWS), Microsoft
Azure, and Google Cloud Platform provide enterprises a “virtual data center,” an
environment where developers can begin to create code for a new product
immediately. This increases the speed to launching a new digital service.

What happens next? Everything changes again. The company
would now need a development operations (DevOps) team with combined software
development and information technology operations skills to shorten the systems
development life cycle (SDLC)—all while delivering features, fixes, and updates
frequently in close alignment with business objectives.

Where is the segregation of duties? Where is the old SDLC
waterfall process of requirements (design, build, test, then deploy software)
all run by separate teams with a set of controls that source documented
evidence?

Oh yeah, we don’t do that anymore as a digital organization.

Once an organization begins the process of digital
transformation, the technology operating and control models change, business
objectives have to adjust to consumers’ digital demands, and the roles and
talent requirments needed to function absolutely evolve.

We’ve seen too often that enterprises that rely on digital channels can be interrupted and burdened by cybersecurity missteps. Without an imperative to transform cybersecurity prior to operating the enterprise in a new digital format, disasters are bound to happen. As reported by Bloomberg, one example of many things that can go wrong with the shift to digital operations  was the breach at Uber Technologies. The company was utilizing a private Github repository—a cloud-based development resource—for its code. A careless developer left logon credentials of users open to bad actors, allowing them to access Uber users’ data on AWS.

While this is a fairly simple illustration of the disconnect
between digital transformation and cybersecurity practices, your cybersecurity
program and controls need to evolve to a new method of operating digitally and
provide an appropriate set of controls that enable strong risk management.

Don’t allow your management team to make the mistake of
accelerating digital transformation without first analyzing the readiness of
your company’s cybersecurity program to manage these new digital operating
models and domains.

Sequencing Digital
Change With Digital Cybersecurity

Cybersecurity risks and challenges are omnipresent, and the
risk and threat landscape continue to evolve at the pace of our digital
environments. Making the move to embrace digital operations only expands your company’s
attack surface.

While your company once was operating out of a data center
with its own server hardware, the move to the cloud means that the company’s
data operations may now be functioning in “rented,” multi-platform environments
such as native cloud, software as a service (such as Salesforce Cloud), or
outsourced, provider-managed environments.

One essential question that directors can ask the technology
and security leaders of their companies is, “Have we built new cybersecurity
capabilities to secure our increasing attack surface and the new digital
environments and channels?”

The answer in many cases is that your cybersecurity program has
not transformed digitally and could be unprepared for a new digital paradigm.

The previously effective cybersecurity program you had in
place was not purpose-built to enable a digital transformation. It was instead
built for a world of data-center centricity and simple service offerings
managed from a web application storefront—all solutions that are protected by
on-premise firewalls, endpoint security, denial of service security, content
filtering solutions, and a host of other appliances managed in the company’s data
center.

Therefore, it’s important to consider a risk assessment to
determine the readiness of the company’s cybersecurity program to secure its new
digital domains and environments—on premise and off.

The companies that build a digitally-transformed enterprise
that places the cybersecurity program first, will see greater success in
enterprise digital transformation. They are able to demonstrate to the market
that they are operating with a well-managed risk posture, and are able to move
faster to achieve safe, sound digital success.

Overseeing How the Risk
Is Managed: A Way Forward

Every enterprise believes that they have a winning strategy
to thrive within the new digital market, but the hard truth is that they will
not all be winners. Those that win will have a digitally enabled cybersecurity
threat and risk management platform operating in harmony with their digital
business strategy.

The risks of digital transformation and cybersecurity are
clearly impacted by ensuring the right sequence of digital strategies while
managing the risks during this transition. As board members, it’s our
imperative to ask the questions of enterprise digital readiness for
cybersecurity and having purpose-built cybersecurity for digital environments.

Here are my suggtestions for questions to ask your
management team to determine if the cyber- and enterprise-wide risks of digital
transformation are being properly conceived of and managed:

  1. How are we defining digital transformation for our
    enterprise with regard to the business and technology operating models?
  2. What are the cultural impacts on the personnel
    and teams affected by digital transformation? How are we considering the
    organizational risks as we require new talent and roles to operate digitally
    and manage risk during the transition to digital operations?
  3. Have we performed a risk assessment to determine
    the impact of the changes to the business, technology, and cybersecurity
    operations required to become digital? How is our attack surface expanding with
    the movement to digital operations and how are we managing the risk?
  4. How are we sequencing required changes to
    digital operating models for cybersecurity, technology, and the business?
  5. How are we measuring the effectiveness of our
    cybersecurity program with the transformation to digital? Are we making the
    right investments in cybersecurity to manage digital cyber risk?

Like the nuisance question at the beginning of this
statement, getting the right answers will be the key to sound oversight of a
successful digital transformation program at your company.

Tony Spinelli is CEO and
founder of S7 Advisors LLC, and is a board member of Blue Cross Blue Shield
Association, director of Peapack Gladstone Financial Corp., and board member of
Per Scholas. He previously served as chief information security officer at
Capital One Financial Corp. and has served on the board of advisors for several
organizations, including the National Security Agency, Cisco, Coalfire, and
IBM.

Newmont Mining Shares How It Improved Board Diversity

As the
deadline approaches for submissions to the second annual NACD NXT awards, produced
in conjunction with Deloitte, the March/April issue of NACD Directorship magazine features a cover story on why the board
of the global gold and copper miner was chosen as the large-cap company winner
for diversity and inclusion.

Newmont’s
15-year journey to achieve greater diversity and inclusion on what was once an
all-male board features interviews with Newmont Chair Noreen Doyle, who also
chairs the corporate governance and nominating committee; independent director
Veronica (Ronee) Hagen, who chairs the leadership development and compensation
committee; and director of global inclusion and diversity, Beatrice
Opoku-Asare.

The story
of the board’s evolution to its current composition is intended to provide to
other boards a prime example of how to practice inclusion—and commit to continuing
that practice. At the time the story was reported, Newmont’s 12-member board
was 58 percent female and ethnically diverse; five of the 12 directors live
outside of the United States where Newmont is headquartered. Setting targets
(not quotas) is part of Newmont’s story.

Newmont was chosen from a group of large-cap
company boards comprised of nominees Archer Daniels Midland Co., Estee Lauder
Cos., Eversource Energy, HP Inc., Prudential, Target Corp., and Union Pacific
Corp. Newmont board directors accepted their award at the first NACD NXT gala
hosted by author and Bloomberg TV anchor Emily Chang before the opening of the
2018 NACD Global Board Leaders’ Summit in Washington, D.C.

The 2019 gala is scheduled for September 23 in Washington, D.C., and will fall amid the 2019 NACD Global Board Leaders’ Summit. This year there are two added categories. In addition to large-, mid-, and small-cap public company boards, NACD NXT will recognize two private companies, one large and one small, and a nonprofit.

In all, six awards will be given. Nominees in
each category will be jointly announced by NACD and Deloitte in June and
winners in each category, selected by an esteemed judging panel, will be
revealed at the gala.

An excerpt of the story from the March/April
issue follows.

The leadership at the top of Newmont’s house has been integral to the continued diversification from the board throughout the company, which has been reinforced by a board-approved people policy. It reads, in part: “At Newmont, we value diversity and promote an inclusive work environment. We are on a journey to becoming an industry leader in global inclusion and diversity. We welcome employees from a wide range of cultures and races. We seek to maximize local employment and to increase diversity in our workforce to better reflect the communities where we operate. We desire a work environment where all employees feel valued and are encouraged to contribute to their fullest potential.”

One of those employees is Beatrice Opoku-Asare, the director of global inclusion and diversity. She originally went to work at Newmont in her home country of Ghana as an environmental scientist. Three years ago, when she was promoted to her current role, she recounted in an interview, she moved from Ghana to Newmont’s corporate headquarters in Greenwood Village, Colorado. She grew up among a majority population. Arriving in the United States, Opoku-Asare found herself well in the minority.

“Think about that,” Doyle implored.

Given her science background, Opoku-Asare describes her love of experimentation and data as being well suited to her role as diversity chief. She enthusiastically describes her current study of how technology can be deployed to better inform Newmont recruitment and hiring activities. She also is active in various BRGs. On Newmont’s “Voices” blog, she recalled her transition to the United States. “Sometimes it’s the most simple things that an employee like myself [moving from Ghana to Colorado]— like clearing out your sprinkler line before the onset of winter.”

Among Opoku-Asare’s responsibilities is the development of targets aimed at providing Newmont with objectives by which diversity outcomes can be measured. At the end of 2017, female representation had nudged up to 14.7 percent from 14.1 percent the prior year. In its Africa region, Ghanaian nationals represented 50 percent of the leadership and 87 percent of management. In South America, 47 percent of the regional leadership is national. In Peru, 94 percent of management are Peruvian nationals, and in Suriname, the percentage of Surinamese nationals is 64 percent. None of these gains, she noted would have been possible without the support of Newmont leadership including its board.

Ready to read more? Click here to read the March/April 2019 issue of NACD Directorship magazine.

What to Do With Pay If Taxes Go Much, Much Higher

Regulations and
taxes greatly influence executive pay design. While the current “typical”
program—salary, annual bonus based on financial results, and an annual equity
award dominated by performance-based shares—seems as comfortable as an old shoe,
it’s an evolving thing that adapts to meet dual goals of incentives and retention.

As the election
cycle begins to heat up for a 2020 showdown, lines are beginning to show in the
sand around monetary policy, trade, and income taxes. Compensation committees
need be forward-thinking about long-term implications of potential new laws so
they can act nimbly and with conviction when changes occur.

Our objective is not
to handicap the political environment and discuss what’s “likely” to occur.
Guessing right would be simple luck. In broad strokes, the tax ideas floated so
far by potential 2020 Democratic presidential candidates focus on raising taxes
for the wealthy as a mechanism to close the Federal deficit. That drumbeat will
get louder and more polarizing on the road to the 2020 general election and amid
mixed economic signals.

The ideas of candidates Bernie Sanders and Elizabeth Warren center on increasing tax revenue from capital gains. Bill Gates approached the notion more directly (albeit in a manner less politically appealing): “The big fortunes, if your goal is to go after those, you have to take the capital gains tax, which is far lower at like 20%, and increase that.”

Both ideas are similar in that they create a more even playing field between ordinary income and capital gains. That disparity is arguably at the heart of inequality of wealth distribution.

Boards first should be thinking and talking about the broader economic implications of the political environment on their business planning and strategy. Compensation committees should consider near-term and long-term implications for pay program design as part of this discussion.

A Dollar Today May Be Worth More Than a Dollar Tomorrow

Material changes to
the tax code should not be expected reasonably before 2022, and then only if a
Democrat is elected as president. If marginal income rates are certain to rise
materially, incentive awards that vest prior to the increase will have a higher
after-tax value than those that vest after the increase occurs.

Awards that deliver a
higher after-tax value may be desirable, similar to the end of 2017 when the
corporate tax rate—and the associated value of tax-deductible compensation—dropped
from 35 percent to 21 percent. Many boards took action at the end of 2017 to
bring forward compensation-related tax deductions. We would expect similar
actions if future individual tax rates are certain to rise.

Maintaining Sound Pay Principles Remains Paramount

The compensation committee
has a duty to make rational decisions about pay that align with performance. Pay
programs that deliver pay sooner and incentives for long-term strategic
execution that benefit the company must remain balanced. This could lead to
complexity in pay program design that generates taxable income for recipients
but maintains a connection to long-term performance of the company. This could
take many forms, such as:

  • Increased stock option usage, giving the
    recipient control over timing of income.
  • Shorter vesting of share-based awards with
    material holding requirements.
  • “Banked” awards, to trigger income tax
    quickly on a portion with future performance requirements for upside attainment.
  • A (short-lived) renaissance in Section 83(b)
    elections.

Increased Taxes Could Promote “Long-termism”

If wealth, estate,
and capital gains tax ideas come to fruition, an opposite and powerful
incentive to encourage long-term behavior could become a reality. Executive pay
above $1 million in a given year generally is no longer deductible, and if
corporate tax rates do not rise with individual rates, companies have less incentive
to accelerate pay-related deductions where available.

This should
stimulate discussion of much longer-term and estate-oriented pay structures for
senior executives. Ideas in this area include the use of various kinds of
trusts to encourage a reduction in personal balance sheets to defer wealth or
estate tax burdens, and a delay
versus acceleration of income recognition.

It is too early to
tell how this will shake out. How pay evolves is a result of many complicated interactions.
History teaches us that changes in the law are a major driver of that
evolution. Reaffirming the principles of the pay system when discussing
potential reactions to a new regulatory environment will be the key to having
comfort in the next wave of executive pay design.

Margaret Hylas is a consultant and Todd Sirras is a managing director of Semler Brossy Consulting Group. All thoughts expressed here are their own.

What to Do With Pay If Taxes Go Much, Much Higher

Regulations and
taxes greatly influence executive pay design. While the current “typical”
program—salary, annual bonus based on financial results, and an annual equity
award dominated by performance-based shares—seems as comfortable as an old shoe,
it’s an evolving thing that adapts to meet dual goals of incentives and retention.

As the election
cycle begins to heat up for a 2020 showdown, lines are beginning to show in the
sand around monetary policy, trade, and income taxes. Compensation committees
need be forward-thinking about long-term implications of potential new laws so
they can act nimbly and with conviction when changes occur.

Our objective is not
to handicap the political environment and discuss what’s “likely” to occur.
Guessing right would be simple luck. In broad strokes, the tax ideas floated so
far by potential 2020 Democratic presidential candidates focus on raising taxes
for the wealthy as a mechanism to close the Federal deficit. That drumbeat will
get louder and more polarizing on the road to the 2020 general election and amid
mixed economic signals.

The ideas of candidates Bernie Sanders and Elizabeth Warren center on increasing tax revenue from capital gains. Bill Gates approached the notion more directly (albeit in a manner less politically appealing):“The big fortunes, if your goal is to go after those, you have to take the capital gains tax, which is far lower at like 20%, and increase that.”

Both ideas are similar in that they create a more even playing field between ordinary income and capital gains. That disparity is arguably at the heart of inequality of wealth distribution.

Proponent Idea
Sen. Bernie Sanders For the 99.8% Act expands estate tax to 77 percent marginal rate for estates worth $1 billion or more
Sen. Elizabeth Warren Annual wealth tax: 2 percent on net wort
over $50 million, 3 percent over $1 billion
Sen. Brian Schatz Proposed Wall Street Tax Act would
introduce 0.1 percent tax on sale of stocks,bonds, and derivatives
Sen. Alexandria
Ocasio-Cortez
New 70 percent marginal rate on annual income over $10 million
Sen. Tammy Baldwin and
Rep. Bill Pascrell
Eliminate capital gains treatment for carried interest gains

Boards first should be thinking and talking about the broader economic implications of the political environment on their business planning and strategy. Compensation Committees should consider near-term and long-term implications for pay program design as part of this discussion.

A Dollar Today May Be Worth More Than a Dollar Tomorrow

Material changes to
the tax code should not be expected reasonably before 2022, and then only if a
Democrat is elected as president. If marginal income rates are certain to rise
materially, incentive awards that vest prior to the increase will have a higher
after-tax value than those that vest after the increase occurs.

Awards that deliver a
higher after-tax value may be desirable, similar to the end of 2017 when the
corporate tax rate—and the associated value of tax-deductible compensation—dropped
from 35 percent to 21 percent. Many boards took action at the end of 2017 to
bring forward compensation-related tax deductions. We would expect similar
actions if future individual tax rates are certain to rise.

Maintaining Sound Pay Principles Remains Paramount

The compensation committee
has a duty to make rational decisions about pay that align with performance. Pay
programs that deliver pay sooner and incentives for long-term strategic
execution that benefit the company must remain balanced. This could lead to
complexity in pay program design that generates taxable income for recipients
but maintains a connection to long-term performance of the company. This could
take many forms, such as:

  • Increased stock option usage, giving the
    recipient control over timing of income.
  • Shorter vesting of share-based awards with
    material holding requirements.
  • “Banked” awards, to trigger income tax
    quickly on a portion with future performance requirements for upside attainment.
  • A (short-lived) renaissance in Section 83(b)
    elections.

Increased Taxes Could Promote “Long-termism”

If wealth, estate,
and capital gains tax ideas come to fruition, an opposite and powerful
incentive to encourage long-term behavior could become a reality. Executive pay
above $1 million in a given year generally is no longer deductible, and if
corporate tax rates do not rise with individual rates, companies have less incentive
to accelerate pay-related deductions where available.

This should
stimulate discussion of much longer-term and estate-oriented pay structures for
senior executives. Ideas in this area include the use of various kinds of
trusts to encourage a reduction in personal balance sheets to defer wealth or
estate tax burdens, and a delay
versus acceleration of income recognition.

It is too early to
tell how this will shake out. How pay evolves is a result of many complicated interactions.
History teaches us that changes in the law are a major driver of that
evolution. Reaffirming the principles of the pay system when discussing
potential reactions to a new regulatory environment will be the key to having
comfort in the next wave of executive pay design.

Margaret Hylas is a consultant and Todd Sirras is a managing director of Semler Brossy Consulting Group. All thoughts expressed here are their own.