Compliance Program Oversight—The Board’s Overlooked Role

It’s long been axiomatic that an effective compliance program cannot exist without a strong ethics and compliance culture, which in turn requires the proper “tone from the top.” Yet, when most companies think “top,” they think C-suite. After all, tone starts with the CEO, right? And the C-suite is where you find many CCOs, or the executive to whom the CCO directly reports. Also, that’s where decisions are made about staffing the compliance function, allocating funds to implement the program and the host of other operational matters that determine whether the program is robust, minimalistic or non-existent. Often overlooked, however, is the crucial role of the board of directors. Most directors have a general understanding that their fiduciary duties include compliance oversight. After all, it’s been more than 20 years since the Delaware Court of Chancery held in its famous Caremark decision that directors could, in certain circumstances, be determined to have breached their fiduciary duty and, therefore, be liable for company losses due to compliance program failures. Later, the Delaware Supreme Court in Stone v. Ritter held that a director’s failure to implement and oversee aspects of a compliance program could constitute an unindemnifiable breach of the duty of loyalty. But how well do boards really understand their compliance program obligations? And to what extent do many boards devote time and effort to ensuring that their performance would pass muster under the microscope of hindsight when (not if) a compliance breach occurs? Is it enough for them to know that someone in the company has been given the title of CCO? Is it enough to allocate 30 minutes...

The Quiet Demise of Director Meeting Fees

As director duties have become increasingly burdensome and complex, companies have responded with variations on, and additions to, the traditional fee arrangements. It is now common to see equity awards of various descriptions, deferred fee arrangements, fee differentials between committees and between regular members and chairpersons, and minimum stock ownership requirements, just to name a few alternatives. On the other hand, meeting fees, while still utilized by a substantial minority of companies, may be on their way out. Every company’s board of directors is different, and director compensation packages are as varied as the boards themselves, making it difficult to identify “best practices” trends in this area. However, it appears that many companies are responding to the increasing complexities of board service by increasing the total size of the director compensation package through higher retainers and equity grants, for example. Their rationale is that the number of meetings can vary dramatically from year to year, depending on the extent to which the company may be facing significant events, such as business combinations, activist investor overtures, internal or external investigations and shareholder litigation, all of which have become regular realities of day-to-day corporate existence. Furthermore, a compensation model that depends heavily on meeting fees and thus generates significant fluctuations in annual total compensation may draw the attention of proxy advisors and institutional investors. For these reasons, many companies believe that increasing the size of the total compensation package and eliminating meeting fees recognizes these variations in director workload and affirms the company’s long-term expectations of its directors’ overall commitment. Of course there are limits on how high director compensation packages...

Mixed Enforcement Messages (and What’s in a Name?)

Not long ago I wrote about a speech by Andrew Ceresney, Director of the SEC’s Division of Enforcement, at the Directors Forum 2016 in San Diego. In his speech, Mr. Ceresney made a point of noting the SEC’s continuing commitment to pursue “gatekeepers” who fail to comply with their legal and professional obligations. (See this Doug’s Note.) This follows the now infamous Yates memo, which highlighted the Department of Justice’s modified prosecution procedures designed to hold individuals (rather than, or in addition to, corporations) accountable for perceived violations. (See this Featured Article.) Now come recent comments by Lara Shalov Mehraban, an Associate Director in the SEC’s New York Regional Office, at a recent Practicing Law Institute conference, as reported by Stephen Joyce in Securities Law Daily, a Bloomberg BNA publication. Mr. Joyce states that Ms. Mehraban attempted to allay concerns about the SEC’s enforcement posture toward directors and other gatekeepers: “Enforcement isn’t second guessing good-faith decisions by the board, but rather bringing cases where directors have either taken affirmative steps to participate in fraud or enabled fraudulent conduct by unreasonably turning a blind eye to obvious red flags.” Ms. Mehraban stated that cases involving directors remain “rare,” and typically result when there is a “significant departure from normal corporate governance and appropriate conduct.” Even so, she went on to state that outside directors are “key gatekeepers” who must “take concrete steps to learn all of the relevant facts and ensure that the company cease filing annual and quarterly reports until they are satisfied with the accuracy of the filings” any time they learn of information “suggesting that the company...

Beefing Up Director Compensation Disclosures

With calendar year companies currently in the midst of drafting their proxy statements, it is time to consider the often overlooked director compensation disclosures. Changes in director compensation arrangements. Director compensation continues to increase in amount and complexity as companies strive to keep up with directors’ increasingly burdensome duties. For example, boards are now taking a more active role in overseeing risk management, which is particularly challenging in this era of unrelenting cyber intrusions. And the role of the compensation committee continues to expand as executive compensation becomes even more highly regulated by the recent spate of SEC rulemaking. Companies have responded with variations on, and additions to, the traditional arrangement: cash retainer and meeting fees. It is now common to see equity awards of various descriptions, deferred fee arrangements, fee differentials between committees and between regular members and chairpersons, and minimum stock ownership requirements, just to name a few alternatives. These changes warrant careful and thorough disclosure regarding the reasons for the changes, how the new arrangements work and how they mesh with the company’s overall policies and goals. The Calma decision. In addition, it is now common knowledge that in 2015 the Delaware Court of Chancery held in Calma v. Templeton that the decision by the Citrix Systems, Inc. board of directors to grant equity compensation to its non-employee directors was subject to the entire fairness standard of review, rather than the lesser business judgment rule. At issue was the Citrix board’s compensation committee grant of restricted stock units to the non-employee directors under its equity incentive plan, which covered several classes of participants, including non-employee directors,...

Overboarding–How Many Directorships are Too Many?

Every so often, the issue of “overboarding”—meaning directors serving on too many boards—pops up in the news or in corporate governance circles. On January 21st, a Wall Street Journal article by Joann S. Lublin entitled How Many Board Seats Make Sense? once again highlights that concern. As Ms. Lublin points out, pressure to reduce the number of seats held by any one director has been applied from multiple directions for a number of years. Perhaps the best known view on this subject comes from ISS, whose voting guidelines will, beginning in 2017, recommend a vote against or withhold for a director sitting on more than five public companies boards, as compared to its current six-board guideline. Other well-known proxy advisors and institutional shareholders (for example, CII, BlackRock, TIAA-CREF and CalPERS, to name a few) have similar, though slightly different, guidelines. Limits on directorships are now widely accepted as appropriate corporate governance, particularly among large cap public companies. For example, Ms. Lublin cites a Spencer Stuart survey stating that 77% of S&P 500 companies have adopted policies that limit board memberships, up from 71% in 2010. These policies generally take the form of: specific numerical limits on the number of board seats, requirements for directors to obtain approval from the board or the applicable board committee (usually the nominating and corporate governance committee) before joining another board, or sometimes before taking on another key board committee assignment, or some combination of the foregoing. Though such limitations are not new and are relatively widespread, this statistic from the National Association of Corporate Directors referenced by Ms. Lublin caught my eye: “Directors...

Addressing Cybersecurity in Board Committee Charters

As boards of directors have become more focused on their fiduciary duties to oversee cybersecurity, new governance practices have begun to develop. For example, many companies have shifted cybersecurity oversight from the audit committee, which has more than enough other responsibilities, to the full board or to a risk oversight committee formed for that purpose. (See this Doug’s Note.) These changes require that boards (and legal departments) reconsider the litany of duties contained in the applicable board committee charters so that they are accurately realigned and nothing falls through the cracks. Also, the question often arises as to how much detail to put in the relevant charter (whether audit committee, risk oversight committee or otherwise) regarding the cybersecurity responsibilities. Alternative approaches… There are essentially three different ways to go when identifying board or committee cybersecurity oversight responsibility: A short statement declaring responsibility for risk oversight generally; A short statement specifically noting oversight responsibility for cybersecurity, privacy, data security and the like; or A separate, detailed list of cybersecurity-related duties. Recommendation… Companies with even moderately complex operations or business lines should frequently reassess risk oversight within the board committee structure. For many companies, the dramatic increase in the duties audit committee must perform, along with the increased focus on risk management, warrants consideration of a separate risk oversight committee. But no matter the board structure, the prominence of cybersecurity concerns in today’s world suggest that cybersecurity duties should be highlighted. By doing so, boards and management make cybersecurity a point of emphasis in every meeting and bring specificity to those oversight duties. Furthermore, they ensure that there is a clear...