With the start of the new year, we are aware of the challenges that executive researchers face in 2019. As these changes continually impact the profession, AESC provides executive researchers a way to claim their spot as the repository of technological knowledge within their firm with the Certificate in Executive Research (CER) program, AESC events, and exclusive reports and insights.
Since the passage of Say on Pay under the Dodd-Frank Act in July 2010, greater attention has been paid to executive compensation in an effort to bring transparency and oversight to the total compensation of executives of U.S. public companies…
A group of institutional investors and advisors, cumulatively representing $3.3 trillion in assets under management and advisement, recently sent a letter to every public company included in the S&P 500 index seeking expanded CEO pay ratio disclosures in proxy statements.
The letter-writing campaign has 48 signatories, including Scott Stringer, the New York City Comptroller, Thomas P. DiNapoli, the New York State Comptroller, and representatives from CalPERS, CalSTRS, and the ALF-CIO.
The group states that
the signatories to the letter favor pay ratios that indicate that companies are
making investments in their employees and that CEO compensation is set within
the parameters of the company’s overall compensation philosophy. The group
believes that supplemental disclosure will help investors put the pay ratio
information in the context of the company’s overall approach to human capital
The group also mentions in its letter that pay ratio disclosure is useful for say-on-pay voting decisions. While that may be true, one recent study by Pearl Meyer and NACD notes that “not one institutional investor has ultimately admitted to using the CEO Pay Ratio outcomes in their voting decisions thus far.”
The letter lists the
following as examples of supplemental information that the group found useful in
assessing pay ratios:
of the median employee’s job function
- Breakdown of the workforce by job function
and/or business unit
- Geographic location of the median employee
- Country-level breakdown of global employee
- A breakdown of full time vs. part time
- Use of temporary or seasonal employees
- Use (or non-use) of subcontracted workers
- Tenure and experience of the workforce
- Workforce education levels and skillsets
- The company’s overall compensation philosophy
- Employee compensation mix (benefits and
- Alignment of CEO pay practices with pay
practices for other employees
While the group recognized that some of the information is
already included in companies’ form 10-K annual reports or sustainability
reports, the group asserts that providing the information in the proxy
statement as a supplement to the pay ratio disclosure would provide useful
In the letter, the group states that it has seen voluntary
disclosure of the above examples to varying degrees. We agree that last year
some companies voluntarily disclosed a few of the items, and we would not be
surprised if a few of these items continue to be disclosed voluntarily.
For example, some companies disclosed job function
disclosure (such as the median employee is a locomotive engineer, a help desk
technician, or a factory worker). We also have seen companies include the
geographical location (such as disclosing that the employee is in a
manufacturing facility in China or a store in the United States). Disclosure of
the use of temporary or seasonal employees is also fairly common. However, many
of the other examples identified by the group in the letter likely have been
disclosed in proxy statements by very few companies.
With commentators and advisors often suggesting to companies to “keep it simple” and to stick to the required information as opposed to including supplemental disclosure, it remains to be seen whether companies will heed the request from this group for expanded pay ratio disclosure in the proxy statement.
Many calendar year-end companies are preparing now for their second year of CEO pay ratio disclosure as they evaluate whether under SEC regulations they must use a new median employee in “year two,” or whether they can retain the “year one” median employee. This makes it an opportune time for the compensation committee to discuss with management whether any of the expanded disclosures urged by this coalition of institutional investors and advisors are sensible for their particular company.
To facilitate this discussion, the committee may want to
review with management the reactions, if any, from investors, employees, the
press, and other constituencies to the company’s year-one disclosures, as well
as any subsequent applicable feedback it received from shareholder or employee
As the year ends, many of us head into a period of reflection and planning. “How did 2018 go? Did I achieve everything I wanted to? How can I make 2019 my best year yet?” This thinking inevitably leads to developing New Years’ Resolutions. Everyone knows the default goals that are set on January first; eat healthier, start exercising, read more, etc. Often coming in further down the list of most frequently set goals is to get a new job. With over 30 years of experience, Career Partners International (CPI) Coaches know how to not only advise in getting a new job, but also in getting a better position to advance your career and make more money. Here are a few tips to make 2019 the most prosperous year yet for your career.
Up-Level Your Mindset
If you’re looking to not only find, but also attract a better job with higher compensation in 2019, an up-level in your mindset is required.
First, you must start with believing that you’re worthy of a higher paying job that you enjoy. You do this by taking inventory of where you’ve been and what you’ve done. Carve out some time on your calendar and do a “Year in Review” by looking at projects you worked on and individuals with whom you collaborated. Utilize the STAR method; Situation, Task, Action and Result. Document these activities and events so you realize (and remember!) all you’ve accomplished in one year! This exercise will also help you prepare for the inevitable behavioral interview questions “Tell me about a time when you had to…”
Once you’ve taken inventory and are feeling confident in what you have to offer, it’s time to assess why you and your unique skill sets/experience are valuable to your future employer. Any up-level in responsibilities and compensation will require you to consider the business and how your position will make an impact. Doing your research online and through your network about the organization will give you more confidence in an interview, allowing you to ask contextual questions about the organization – and how your role fits into their short- and long-term success. Knowing about their business and what their biggest challenges and opportunities are will position you as high-value and will differentiate you from other candidates vying for the same role.
– Brenda Stanton, Vice President Keystone Partners, Boston, MA
Cultivate Your Network
Over 50% of the people we work with find their next role through their networks. The holiday period is the perfect time reach out to your network and reconnect with people. They are more likely to have time to chat and it is an opportunity for you to share with them what you are doing and what your plans and ambitions are for 2019. This may be as simple as calling those who have helped you to say thank you or making time to catch-up for a coffee. It’s a great time to start or continue those conversations which may open new opportunities.
– Jannine Fraser, Managing Director The Career Insight Group, Australia
Negotiate a Job Offer
Job offer negotiations are rarely easy. But job market complexity creates opportunities for people who can skillfully negotiate the terms and conditions of employment. Every situation is unique, but some strategies, tactics and principles can help you address many of the issues people face in negotiating with employers. Before you even begin salary negotiations with a prospective employer, you need to find out how much the job is worth – take the time to research salaries before you begin discussing pay. Being informed about the competitive job market will help prepare you to make your case.
Don’t underestimate the importance of likability; this sounds basic, but it’s crucial. This is about more than being polite; it’s about managing some inevitable tensions in negotiating, such as asking for what you deserve without seeming greedy. Don’t just state your desire for a higher salary but explain precisely why it’s justified, based on the value you can bring to the firm. It helps to consider the whole deal; to many people, “negotiating a job offer” and “negotiating a salary” are synonymous. But much of your satisfaction from the job will come from other factors you can negotiate. Focus on the value of the entire deal; job responsibilities, location, flexibility in work hours, support for continued education, and so forth. Finally, understand the constraints the employer may have and try to determine where they may have flexibility, whether it be in salary, benefits, time off, or work schedule flexibility. And remember, once you have received the offer, you don’t need to accept (or reject) it right away. A simple “I need to think it over” will allow you the time to fully assess the offer and determine if more negotiation may be warranted.
– Rob Croner, Vice President of Senior Executive Services at CCI Consulting, Blue Bell, PA
Put on Your Strategic Thinking Cap
I’m often asked by clients to assist with developing critical leadership skills. Strategic thinking usually tops the list, as companies need strategists to bring long-range thinking connected to achieving the organization’s strategy. More importantly, strategists create a road map to achieve an objective, and put a concrete plan in place that can be implemented successfully. This demonstrates the value of their strategic ideas and sound judgment. The best, most strategic leaders bring others along with them, giving them a clear understanding of why the strategy makes sense and how others can participate and contribute to get the work done. One of the ways to make yourself more visible and promotable in your organization right now is to consistently find ways to connect the work you do every day with the overall strategy of the organization.
You make yourself more valuable to your employer when you have a clear understanding of where the business is evolving and how you can best contribute your skills in making that happen. Learn, understand, and anticipate what the future may hold for your business, and get out in front of it with additional learning so you can provide those insights to your leadership team. Consider a certification or accredited professional development program to develop your strategic thinking skills. You will be on your way to a promotion in no time.
– Claire Edmondson, Vice President Client Solutions, CPI Twin Cities, Minneapolis, MN
Do visions of a better job and higher salary in 2019 automatically translate into seeking a position outside your current company? Maybe not. Are there internal executive coaching programs that you could explore to broaden your horizons and contribution to the organization? With so much focus currently on talent development and retention, companies are getting increasingly creative to keep their best talent. Have you completed your Annual Review yet, with your accomplishments for 2018 and goals for 2019? Would that include going from Manager to Director; Director to VP? What action plans can you and your manager put in place (additional training, cross functional responsibilities, a mentor, professional certification, etc.) to ensure an increased level of responsibility and subsequent compensation?
Ask yourself, “What would need to change for this to be my perfect job?” and then see what, in fact, may be negotiable with your current employer. Perhaps you go from a fixed to a variable compensation plan, tied more to individual performance? Maybe you work from home 1 or 2 days per week to help alleviate a time-consuming commute? Have an ongoing, open dialogue with your manager and check your company’s intranet for training opportunities, succession planning options & internal job openings.
Before you succumb to “the grass is always greener on the other side,” take a look inward to your current organization. The opportunities may surprise you.
-Bill McCann, Executive Search Consultant at CCI Consulting, Blue Bell, PA
Evaluate Your Priorities
Very few of us are truly self-aware. We are shaped by many things – our experience, our views, our fears – and it’s difficult to see yourself as others see you. From a career perspective, being self-aware means understanding your real (not your self-perceived) strengths and what you have to offer in the workplace. It also means being honest with yourself about what truly makes you happy at work. For example, pushing yourself to achieve a senior level role when you know that many of the tasks and responsibilities of that job have little appeal to you, is only going to make you unhappy and stressed. Similarly, taking on a level of financial responsibility that requires you to do a job you hate just to earn the money you need sets you off on a path of misery for a large part of your life. Consider also that, if you are a free spirit, the benefits and possibilities of working within a large corporate organization may well be offset by how constrained you will feel when your life at work means following a rigid set of rules and processes.
Of course, it can be hard to be honest with ourselves, but in the context of career planning it can be life-changing. Really knowing yourself and what makes you happy is the foundation of making a great career plan and to getting your life and work in balance.
– Lynne Hardman, CEO Working Transitions, London UK
Career Partners International specializes in providing the most efficient talent development and career transition services in the world. Our coaches have a wide range of experiences and work with people in all phases of their careers. No matter what your current role is, you have the opportunity to get a better job in 2019. Happy New Year!
On December 1, Meng Wanzhou, the chief financial officer (CFO) of Chinese telecommunications giant, Huawei Technologies, was arrested by Canadian authorities at the request of the United States. Meng is reportedly accused of fraud and conspiracy to defraud U.S. financial institutions regarding U.S. sanctions on Iran. Huawei maintains that it has complied with all laws where it operates, including U.S. export controls and sanctions laws, and Chinese authorities are expected to dispute the U.S.’s long-arm jurisdiction over one of its citizens. Just one day after the arrest, President Donald Trump floated the idea that the current tariff freeze between China and the United States could be extended to allow for continued negotiations, and the following day, President Trump and China’s President Xi Jinping agreed to a 90-day truce in the trade war.
Meng’s arrest was nothing short of shocking, as we don’t normally see C-Suite executives arrested by foreign jurisdictions; we don’t normally see such an arrest occurring the same day the presidents of the two applicable countries are meeting and discussing trade issues; and we don’t normally see allegations that international high-profile executives conspired to commit fraud in connection with U.S. sanctions laws.
As for the basis of Meng’s arrest, prosecutors allege that she used Hong Kong-based telecommunications equipment seller Skycom Tech Co.Ltd. to evade the United States’ overarching sanctions against Iran between 2009 and 2014. Skycom allegedly sold equipment to several telecommunications companies in Iran, including an attempted sale of American made computer equipment to an Iranian mobile operator. Skycom is allegedly a subsidiary under the control of Huawei.
Although there may be a political component to these particular circumstances as President Trump reportedly stated that he would intervene in the U.S. Justice Department’s case against Meng if it would serve national security interests or help achieve a trade deal with China, these circumstances highlight potential pitfalls inherent with cross-border transactions as well as recent trends in enforcement that directors of companies should be aware of.
- There is a heightened focus on cross-border cooperation. Meng was arrested by Canada at the request of the United States while she was en route from Hong Kong toMexico. Meng had reportedly been avoiding the United States for months and was arrested as she was changing planes in Vancouver. The enforcement arm of the United States is as long as the extradition treaties it has with other countries allow—and those treaties are numerous. While the U.S. government must still have a basis in law to enforce its regulations on foreign actors, simply avoiding the country will not be an effective way to avoid enforcement as long as other countries are willing to assist the U.S. with that enforcement—as Canada has done here. It remains to be seen how countries like China will react to this long-arm jurisdiction and how this will affect directors and officers of U.S. companies.
- There is a heightened focus on individual liability for company actions. Over the last few years, the U.S. Department of Justice has made announcements demonstrating its intention to focus on individual liability in the corporate context. In this instance, Meng was arrested for her conduct as a top executive at Huawei and as a director of Skycom. She is accused of fraud and conspiracy to commit fraud in connection with U.S. sanctions laws. It is still unclear what the full scope of the allegations will be but at this early stage, they appear to be based in part on statements that Meng made to financial institutions about the relationship between the two companies. This demonstrates the Justice Department’s stated focus on individual liability and the importance of properly vetting statements that will be made by top-level executives and directors of companies to third parties. The use of fraud charges to enforce sanctions laws also demonstrates the range of laws the United States has at its disposal to pursue individuals and companies whom it believes to be engaged in wrongdoing. The arrest of Meng as a method for potentially punishing her employer also demonstrates the creativity the U.S. government is willing to employ to achieve the goal of enforcing its laws abroad.
- There is an increased focus on Chinese companies (and companies doing business with Chinese companies). The current administration has increased its rhetoric and enforcement efforts involving China because of its stated view that China engages in unfair trade practices to the detriment of the United States. The arrest of Meng as a strike against Huawei appears to be indicative of the administration’s view that the United States can “win” a trade war against China. In addition to targeting individual actors for corporate actions, the United States clearly intends to enforce the tariffs it has imposed, even on Chinese companies. The administration has strengthened its review of Chinese investment in U.S. technology companies, banned U.S. government use of Huawei and ZTE technology (resulting in an effective ban of such products on companies who contract with the U.S.government), encouraged Americans not to buy Huawei phones because of concerns over espionage, and overseen major penalties against Huawei’s competitor, Chinese technology company ZTE, for violating U.S. sanctions laws.
- Political changes sometimes have direct effects on individual and director liability. The United States and China recently have been engaged in a trade war. This summer, each country imposed tariffs on the other, to the detriment of both American and Chinese industries, and in some instances, the stock market. Most recently, immediately following Meng’s arrest, the stock market again dropped, with Hong Kong, Tokyo, Shanghai, and U.S. stock futures all falling. Some reports indicate that Meng’s arrest was the Administration’s attempt to gain another bargaining chip in the evolving trade war. Huawei’s significant connection to the Chinese government—Meng’s father, Huawei’s founder, was a former engineer in China’s People’s Liberation Army—may have contributed to the decision to pursue an enforcement action against her individually.
- Companies must understand the evolving trade and sanctions laws. Effective November 5, 2018, the United States re-imposed sanctions on Iran that had previously been lifted in 2015 under the Joint Comprehensive Plan of Action on Iran’s nuclear program. The measure puts back into place secondary sanctions on non-U.S. entities that continue to engage in certain Iran-related transactions.In addition to the primary sanctions on Iran, which broadly prohibit most commercial activity between the United States and Iran, the United States also imposes secondary sanctions on non-U.S. entities (and individuals) who do certain business in Iran. Trade and sanctions laws can be complex and ever-changing, but the U.S. government expects domestic and foreign companies and their directors and officers to understand and abide by them.
As leaders of American companies wade into a risky future, corporate directors and management should work closely with trusted partners to better understand the growing risks inherent in cross-border business.
In the stormy seas of modern markets, effective corporate governance can seem like Ithaca to Odysseus: a noble goal impeded by a litany of extraordinary obstacles. From technological innovation and population growth to resource constraints and climate change, a host of modern challenges are reshaping the competitive landscape of every industry, and the risk oversight responsibilities of corporate directors are evolving accordingly.
Mismanagement of these issues can have significant impacts on a firm’s financial outcomes and those of its peers. They can disrupt business models or even entire industries, they can create public relations crises, they can result in regulatory action—or they can do all three at once. Increasingly, a broad swath of stakeholders—from employees and key suppliers to customers and local communities—want to know how companies are managing environmental, social, and governance (ESG) issues.
Shareholders, too, have joined these ranks—although they may take a narrower view as they increasingly monitor corporate sustainability risks and opportunities. As the chairman of Vanguard, one of the world’s largest asset managers, noted in a 2017 letter to the boards of public companies, “directors are shareholders’ eyes and ears on risk.” Therefore, in this evolving competitive environment, ESG-related risk management is not just an operational responsibility for executives and their teams but also a governance issue that falls under the purview of the board’s oversight. Indeed, a board’s “sustainability literacy” is of growing concern to investors.
In their oversight role, boards—or, often, their audit or risk committees—must satisfy themselves that a company’s risk management approach is:
- Strategically aligned: this involves knowing which ESG factors are most relevant to the company’s business model;
- Appropriate to the organization’s risk appetite: this involves having comfort that the probability, magnitude, and timing of each issue’s impacts have been rigorously interrogated; and
- Present and functioning: this involves performance data through which the effectiveness of risk responses may be monitored.
The industry-specific standards recently issued by the Sustainability Accounting Standards Board (SASB) can help directors more effectively assess each of these key considerations. By viewing sustainability through the lens of financial materiality, the SASB standards identify the subset of ESG factors—six per industry, on average—that are reasonably likely to impact a company’s financial condition or operating performance. They are, therefore, fit to be incorporated into an organization’s enterprise-level risk assessments and discussions of strategy. And because they establish best-practice performance metrics, they can also be used for monitoring risk responses to inform an evaluation of residual risk. SASB’s Materiality Map, which can be seen here, illustrates the dimensions and key ESG factors to improve risk oversight.
As investors and their governance teams increasingly engage with directors and management around ESG-related issues, the SASB standards can help boards become more conversant on key, industry-specific sustainability factors. They can also help keep the lines of communication open beyond direct engagement through conventional channels, such as financial filings, sustainability reports, websites, and others. For instance, Nike provides an index of ESG-related performance indicators based on SASB standards on the investor relations page of its website, as well as in its sustainability report.
Such sustained and consistent communication about these issues is growing in importance—for example, of the 79 percent of investors who believe climate change is a significant risk factor, 61 percent believe enhanced reporting is the top priority for companies. For this reason and others, investors and companies alike have begun to embrace the recommendations of the Task Force on Climate-Related Financial Disclosures (TCFD), which have received public expressions of support from more than 450 companies with a combined market capitalization of over $7.9 trillion. Meanwhile, nearly 400 investors managing more than $22 trillion in assets have also done so. Notably, the TCFD specifically and repeatedly cited SASB standards as a practical tool for implementing its recommendations. This is because the standards, by design, help companies move their sustainability efforts “from principles to practice.”
As a result, although the SASB standards were designed primarily to fulfill investor expectations for consistent, comparable, and reliable data on ESG performance, they can also help directors respond to an evolving set of risk oversight responsibilities. Indeed, recent regulatory activity has indicated that boards may need to sharpen their ESG-related risk oversight. After the Securities and Exchange Commission issued cybersecurity guidance suggesting that boards play a strong role in overseeing cyber risk, a recent “red flag” enforcement order called out a financial services company’s board for failing to “administer and oversee” cyber risk. Meanwhile, the Federal Reserve reprimanded a commercial bank’s board for its “lack of inquiry and lack of demand for additional information,” which the Fed said led to “pervasive and serious compliance and conduct failures” related to customer welfare.
As corporate management and boards wrestle with a growing array of ESG frameworks and demands from ever-widening groups of stakeholders, the SASB standards can serve as a vital tool for achieving focus—in their reporting, their performance management, and their risk oversight. After all, effective decision making requires useful information—regardless of whether you’re an investor making a buy, sell, or hold decision or a director looking to identify, assess, and monitor the ESG-related issues most likely to affect your core business strategy and ability to manage risks and opportunities.
As directors attempt to navigate the shifting sands of competitive, regulatory, and capital market landscapes, new challenges are likely to call for new—or renewed—priorities. For example, in a recent NACD survey, most public company directors indicated they would like their boards to take more action to enhance ESG oversight and also identified strengthening oversight of risk management as a top improvement priority in 2019. With investors’ “eyes and ears” increasingly attuned to ESG issues, practical application of the SASB standards can be indispensable as boards modernize their risk oversight toolkits and help their companies proactively tackle tomorrow’s challenges today.
Matthew Welch is president of the Sustainability Accounting Standards Board (SASB) Foundation.
Driven by increasing media coverage and inquiries from employees, a growing number of employers are evaluating whether—and how—to integrate responsible investment approaches into their retirement plans.
The potential benefits of integrating environmental, social, and corporate governance (ESG) approaches into retirement plans are twofold. First, doing so can lead to stronger risk-adjusted returns for retirement plan participants’ and beneficiaries’ assets. Second, participant surveys and evidence show that employees—especially younger ones—tend to save more for retirement when offered investment options that reflect their values. Given the strain that societal aging and longer retirements are putting on pension assets in many advanced markets, strategies that increase retirement savings are critical.
Fiduciaries may wish to examine including responsible investment options within their organization’s retirement plan. However, as their respective committees review and consider recommendations to the board (and shareholders, if necessary or appropriate) on establishing or changing retirement plans, many organizations deal with questions about integrating ESG investment approaches into their retirement plans.
Recent research by Mercer Investment Consulting and the World Business Council for Sustainable Development focuses on three key areas of concerns for many organizations as they consider implementing ESG approaches into retirement plans:
- Regulations. In most regions of the world, understanding and acceptance of ESG’s significance in long-term investment performance is generally increasing among financial regulators. In the United States, by contrast, recent policy shifts by the Department of Labor have resulted in a notable lack of clarity around whether and how plans governed by the Employee Retirement Income Security Act of 1974 (ERISA) can consider ESG factors in investments, a challenge the US Government Accountability Office (GAO) has acknowledged directly. Until such issues are addressed more definitively, US retirement plan fiduciaries may have a (potentially unwarranted) belief that their responsible retirement initiatives could face added regulatory scrutiny.
- Responsible Investment Performance. A common perception among investors is that considering ESG factors in decision-making necessarily involves sacrificing some measure of investment performance in the pursuit of values alignment. However, studies show ESG integration approaches to investing can produce positive or, at worst, neutral outcomes. For example, studies by the US GAO have found a neutral or positive relationship between ESG considerations and financial returns compared to otherwise comparable investments. Another study by the US Department of Labor found incorporating ESG factors into investments typically produced performance comparable to, or better than, investments that did not incorporate ESG.
- Fiduciary Duty Considerations. A fairly common element of fiduciary duty across major jurisdictions is duty of loyalty, which requires that the retirement plan is run solely in the best interests of beneficiaries and participants in the plan. A secondary, but nonetheless essential, fiduciary duty requirement is the prudent person rule. The Organisation for Economic Cooperation and Development defined the prudent person rule as requiring retirement plan fiduciaries to invest on beneficiaries’ behalves with the care, skill, prudence, and diligence under the circumstances then prevailing that a prudent person acting in a like capacity and familiar with such matters would use in the conduct of an enterprise of a like character and with like aims.
While our staff are not lawyers, it is our belief that responsible retirement approaches are not in conflict with either of these two core fiduciary duties—rather, such approaches can enhance them. For duty of loyalty, given that ESG integration practices are generally employed by investors seeking to broaden the scope of investment analysis to include material ESG risks that may not be evident in financial statements, ESG integration is focused on improving investment outcomes for participants and can therefore be interpreted as acting solely in plan participants’ and beneficiaries’ interests. Similarly, it makes sense that a prudent person would consider as many material data points as possible, and therefore ESG integration (or the consideration of material non-financial data in making investment decisions) aligns with the prudent person rule.
Integrating responsible investment approaches into corporate retirement plans represents an exciting opportunity to align the interests of plan sponsors, participants, and beneficiaries in potentially enhancing plan participant outcomes.
Max Messervy is a senior associate and responsible investment consultant at Mercer Investment Consulting.
India, the world’s largest democracy, last year declared that “privacy is the constitutional core of human dignity” and is pursing a national data protection law. In Europe, the General Data Protection Regulation (GDPR) has already been put into effect, while California took the lead this summer in the United States to pass its own data privacy law. Even China and Vietnam have passed cybersecurity laws that include stipulations for the storage of user data.
As nearly every commercial and social transaction has become linked to the Internet of Things, the definition of privacy has evolved as well. NACD and Baker Tilly Virchow Krause LLP recently cohosted a roundtable discussion with directors and industry experts in Philadelphia, Pennsylvania, to assess the board’s role in data privacy oversight in light of the current regulatory environment and the growing expectations of consumers and investors. The discussion resulted in five key takeaways for how to think about data privacy as a whole and what concrete steps boards can take to improve oversight of data privacy programs:
1. Data now belongs to the data subject, not the entity in possession of the data. Although a national data privacy law has not yet been implemented in the United States, the European Union and the state of California have taken the lead in adopting regulations that give consumers a right to control their own data. “There has been a fundamental shift in thinking around who really owns data,” said Baker Tilly Partner David Ross. “In the United States our [corporate] perspective has always been, ‘If I have the data, then it’s mine and I can do whatever I want with it.’ Then the Europeans started saying that the data subject really has the rights to control the data and how it’s used.” As consumers globally demand a greater right to privacy, boards should preemptively prepare for further data privacy regulations both internationally in the United States.
2. Data privacy and cybersecurity are not synonymous terms, although they are intertwined. Baker Tilly Partner Jeff Krull distinguished data privacy from cybersecurity this way: “Privacy is protecting people’s data in compliance with the law. Cybersecurity is whether or not you have the right mechanisms in place to keep that data from being breached.” Krull emphasized that there is a heavy legal component to data privacy and a heavy operational component to cybersecurity. “You can have a great privacy program and get breached one hundred times over. You can also have a terrible privacy program and a great cybersecurity program, and even though your data might not get breached, you may not be in compliance with the law.” If directors properly understand the distinction between these terms, they will be better equipped to oversee how data privacy and cybersecurity programs are implemented at their companies.
3. Directors need to have a fundamental understanding of the data privacy landscape, not necessarily an expertise. The 2018–2019 NACD Public Company Governance Survey indicates that only half of public company directors (52%) believe they personally have enough understanding to provide effective cyber-risk oversight, although slightly more (58%) believe their boards collectively have enough understanding to do so. “If you’re going to be a true expert in cybersecurity or privacy, you have to be out there doing it day in and day out, because six months from now what you know may be obsolete,” said Krull. “The key is to get access to the right information when you need it to make a strategic decision. If you don’t think you have the right expertise, it’s really hard to set an appetite for how much risk you’re willing to accept.” Roundtable participants discussed hiring outside advisors, using an advisory board, or taking certification courses to ensure directors have access to this expertise.
4. Management responsibilities for cybersecurity and data privacy programs should be clearly defined so directors know who to go to for information. According to Krull, the board’s first step is to decide where on the management team primary responsibility for cybersecurity and data privacy lie. “Boards should assign direct lines of responsibilities to specific members of management who will report to the board on cyber and privacy and have the authority, responsibility, and accountability to oversee cybersecurity and privacy for the organization as a whole in alignment with the board’s cyber and privacy objectives and risk appetite,” said Krull.
Just as the chief information security officer (CISO) has become a staple C-suite position, attendees discussed how there will likely be a similar trend with the adoption of chief privacy officers, although the approach currently varies by industry. “I’m a chief privacy officer, which at my company means anything that has even a little data—including email—is my responsibility. So, it’s good to have a centralized person to handle data protection,” said one director. “However, the CISO and I are [attached] at the hip because I don’t have the technical knowledge and he doesn’t have the legal knowledge.” Regardless of whether of or not a chief privacy officer is currently in place at their organizations, boards should ensure responsibility for cybersecurity and data privacy is properly assigned to members of management, accounting for the strong link between the two domains.
5. Gap assessments around the data privacy and cybersecurity programs can be used to develop a plan to address program risks. Krull and Ross suggested boards take a calculated approach to assessing their data privacy and cybersecurity programs by defining their acceptable risk envelope with regards to privacy. This usually starts with identifying the critical data pools, including where the data is stored, the size of the data, and how sensitive it is. Then management should rank the data in order of importance according to the potential risks posed to the organization and develop a program to address the most high-risk data first. “With our clients, we adopt the attitude of eliminating the most risks in the most efficient way, because you’re never going to eliminate all the risks due to the high cost,” said Krull. Setting goals over the next 12 months for what the program should look like and using metrics to measure success can help ensure accountability.
In conclusion, the strength of the company’s data privacy program will directly impact its reputation and bottom line. As more regulations regarding data privacy come into force, and as consumers demand more control over their data, boards need to be agile in defining their companies’ data privacy programs in this rapidly changing environment. Boards should conduct a gap assessment of their data privacy programs and ensure responsibilities are delegated appropriately to management, with the ultimate goal of creating a risk culture where the board, management, and employees understand the reasons behind protecting data and work as a collective to do so.
Disruptive innovation has a clear impact on the half-life of companies’ business models, and industry disruption and digital transformation present opportunities and risks that are shaping—and speeding up—business model changes.
To gain perspective on this important area of board oversight, Protiviti met with 20 active directors during a dinner roundtable at an August 2018 NACD event to discuss the board’s oversight of industry disruption and digital transformation. Here are some important takeaways from that discussion.
Evaluate digital readiness. Digital leadership requires a certain state of mind. Digital leaders change the way an organization acts and thinks in everything it does. To be successful, digital leaders must prepare their organizations to compete in the digital age. They must also assess how advanced digital know-how is across the company. Is the organization a follower or a leader? If it is a beginner or a skeptic, does the board encourage management to advance its digital maturity? Can management identify and act on strengths and weaknesses across the business in the context of the digital vision, mission, and strategy?
Management can have the best possible strategy, but the organization can’t execute if it is not digital-ready. It is also difficult to formulate a viable strategy if the organization is not digital-ready. It helps if the company benchmarks itself against the competencies at which digital leaders excel to better understand the path to achieving digital readiness. Protiviti offers a framework to help organizations conduct this assessment.
Understand what transformation entails. To probe management for answers to questions about the company’s advancement as a digital entity, directors should prioritize digital familiarity and literacy in their own development as well as ensure they have access to digital-savvy experience. True digitalization starts at the core. The board, therefore, must transform itself before it can offer effective oversight of the organization’s digital journey. Just as a strategy that attempts to layer technology on an analog business doesn’t work, neither can a board consisting solely of directors who grew up in the analog age contribute effective oversight without substantive steps toward digital literacy and digital savvy.
One option may be to form an innovation committee with technology, digital, and transformation experts as members. Another is to include directors with the requisite technology expertise on the board to complement the directors who grew up in the analog age. Yet another option is to engage outside advisers to inform the board with relevant perspectives.
Focus on resiliency and agility. In the digital era, good governance may need to be different than even five years ago. Boards need to sharpen their focus on innovation initiatives and on changing the organization’s mindset concerning digital initiatives. People and culture are the keys to success in digital transformation. If an organization has effective digital leadership, enhances the digital capabilities of its people, and creates a corporate culture that incentivizes and empowers creativity and innovation, it will become a truly digital organization. Changing the mindset also requires effective communication by management of a compelling narrative regarding the company’s focus on digital transformation and the need for change.
The board can play an important role in fostering a resilient and agile mindset by allocating sufficient agenda time to discussing the company’s innovation strategy and culture and encouraging open discussion on direction and progress. This requires constructive engagement with management and broader, more diverse perspectives regarding how the organization should embrace digital culture opportunities. The dialogue should be supported with appropriate innovation-specific metrics that tell the full story of how the strategy is performing, what the return on investment is, and how effective the company’s innovation culture and capabilities have become.
Keep an eye on the customer experience and competitive advantage. How can directors ensure that management has its act together, has the right team and competencies in place, and is taking the organization down the right path? A customer-centric approach to digital strategy breeds confidence that the organization is making the right moves.
Success in executing on digital initiatives is about knowing the company’s limitations and avoiding procrastination on making the difficult decisions to address those limitations. A strong focus on the customer is a powerful driver for moving forward. For example, data strategy and legacy infrastructure issues (e.g., technical debt) are examples of difficult problems that are often ignored. But with a commitment to enhancing the customer experience and commanding customer loyalty, companies can overcome this inertia and do what it takes to remain competitive.
Ensure there is a compelling plan that fits market realities. The board needs to ensure that management formulates a viable plan for managing business disruption and transformation and executes that plan. This isn’t easy given the uncertainty in determining the appropriate technologies to embrace, new products and services to offer, strategic supplier and distribution channel partners to engage with, and changes to make in the business. Under the auspices of the board, management must measure and monitor progress. As noted earlier, a digital readiness assessment can help by clarifying the organization’s strengths and weaknesses so that management knows where to focus on its journey to digital maturity.
Consider humane digital transformation. A clear and coherent strategy is needed to address worker dislocation and displacement. That was a critical issue during the NACD event, which no one took lightly, and several participants continued to discuss it after the roundtable concluded. Currently, the answers are elusive.
For a more complete look at this roundtable, including key takeaways, read Protiviti’s full summary of the event.
Out of work for longer than a year? If so, you are part of the so called “long-term unemployed” folks. This is obviously not a fun place to be. While things seem to be improving on the employment scene, we still have a high percentage of long-term unemployed workers; 20.3% of total unemployed people are classified as long-term unemployed.
What to do? We’ve put together a few tips for people in this position:
- Self Assessment: If you’ve been out of work for 12 months, you may be a bit beaten up. You may be emotionally drained, you may be financially strapped, you may have taken on some habits that are not supportive, and/or you may have strained relationships with people you really care about. The first step is to take a look at your current situation and deal with what you need to deal with. Job search is much like building a structure; you need a solid foundation. Seek out the appropriate professional as needed.
- Career Transition or Outplacement: Did you have access to these types of services when you left your last organization? If yes, when was the last time you had contact with your consultant? If it’s been a while, it’s time to reach out to your consultant to reconnect and find out if you still have access to your services. Reputable organizations may extend support beyond original program timelines. When you reach out, be clear about how your consultant can help you. If you did not have access to Career Transition services, then it may be worth hiring a Career Coach to assist with the process.
- Value Proposition: What do you bring to employers that will help them drive revenues, increase margins, cut expenses, improve diversity; you get the idea. In this situation, you need to be very clear about how you will benefit the organization. Write out your key accomplishments. Sometimes, it helps to think of differentiators. If we brought the top 10 candidates for a position into one room (of course you are one of them), what do you bring to the table that many of the other candidates wouldn’t bring?
- Activity Evaluation: What have you been doing up to this point? How are you spending your time? It’s time to make a critical evaluation of what you’ve been doing with your days. Have other activities entered your life and taken up chunks of time? While this can sometimes be healthy, it’s important to put in the job search time to make things happen. Have you sent 100’s of resumes and gotten few interviews? Then it may be time to look at your application packages. Are you getting interviews, but not getting to the offer stage? Then it may be time to look at your interviewing skills. In times of high unemployment, the percentage of people that land in a new position through someone they know increases. Are you spending time reconnecting with old connections? How about connecting with people that you don’t know through introductions?
- Focus Your Search: At first, this may seem counter-intuitive. Why would it be beneficial to cut down on the number of job applications or eliminate some possibilities? It turns out that if you focus your search on what you’re really interested in, your network now knows how to help you. If you’re very clear about what you want to do, you can now ask for introductions to people that do that work and are in organizations that are of interest. Think back to your “Value Proposition” and find the work and organizations that would benefit most from what you do.
- Volunteer: Volunteering is a good way to get back in the game. People who have been out of work for an extended time have likely lost contact with some connections. Volunteering also introduces you to a whole new set of connections. Various studies have shown that volunteering shortens job search times by 7% to 27%. Be sure to pick something that you truly enjoy and that uses skills that you want to use in the workplace rather than thinking about the outcome of getting a job. You may also want to set a cap on the amount of time you commit to volunteering. It’s easy to have this component dominate your job search activities without careful planning. Doing an internet search for “your city” and “volunteer” should bring up websites where you can browse various opportunities or contact your local library.
- Career Change: In some cases, it may be advisable to consider a career change. Some people may already have some ideas about what they would like to do, others may be uncertain. One suggestion if you are not sure is to take an assessment. Another suggestion is to visit your neighborhood library and wander the books. Take note of where you are drawn. There may be something work related that is worth exploring. Once you have a target, find and talk to people that are doing the work. Ask questions. What’s it like to do the work on a daily basis? Do they recommend education pieces, or can you get into the work with your current skills? If you can’t do the work right away, are there stepping stones that will get you closer to your target?
- Be OK with It: You are basically the same person as when you were working. In fact, you may be more valuable to an employer now. Reflecting on your current situation may allow you to bring a certain grounding when you do land in a new role. You bring much to the table. Don’t allow the fact that you have not been in a paid position for an extended period of time diminish the you that you are. Be ready to explain what you’ve been doing, which can be going on a sabbatical or spending extended time with your family if that is what you’ve been doing. Do so with your head held high.
Hopefully, this provides some thoughts and ideas for moving forward. Remember that everyone needs help in some form or another from time to time. Job search is a roller coaster of a ride. If you get stuck in one of the dips, reach out to someone you trust who can listen, provide support, and help you regain your momentum. And if you’re not inclined to do so because you don’t want to impose, simply think of how you would feel and what you would do if someone in your situation came to you for help.
Written by Steve Cutler, Consultant at Cenera, a CPI Firm