Join Us at the Fall 2017 GRC Forum, featuring NC Attorney General Josh Stein

You recently received an email invitation to our upcoming Governance, Risk & Compliance Forum. The GRC Forum is a half-day, interactive event devoted specifically to the issues faced by risk and compliance personnel at companies in all industries and at all stages of GRC development. The Fall 2017 session will be held on Thursday, September 28 at the Duke Mansion in Charlotte. We’ll start with coffee and breakfast at 8:15 a.m. The three presentations will run from 9:00 a.m. until noon. There is no charge for attending, and attendees are expected to be approved for compliance certification and continuing legal education credit. Topics to be covered. The GRC Forum and related GRC Blog generally address topics related to assessing, enhancing and maintaining an enterprise-wide governance, risk and compliance function. Specific topics to be discussed at this upcoming Fall 2017 session will include: Session I:  Update on the current state of corporate social responsibility, including CSR reporting and corporate America’s response to the Trump administration’s withdrawal from the Paris climate accord. Session II:  A discussion of cybersecurity breach response policies and plans, including background on current data privacy and security laws in the U.S., the EU’s new comprehensive data protection law and the EU Network Infrastructure Security Directive, critical components of a comprehensive plan, and practical tips on how to create, draft, train on and implement a plan. Session III:  Remarks by North Carolina Attorney General Josh Stein on compliance and public protection, followed by Q&A. Who should attend? GRC touches a variety of professionals, including: compliance officers risk management officers boards of directors legal departments CFOs, internal auditors and...

Revisiting Rule 10b5-1 Trading Plans

I am sometimes surprised by the number of insiders who trade in their company’s stock outside of Rule 10b5-1 trading plans. It is often said, with some accuracy, that executive officers, directors and other insiders always possess material nonpublic information (MNPI) due to the very nature of their jobs. And in fact, many insiders are able to actually create MNPI merely by deciding to initiate a strategic change or direct a financial decision. If that is true, or at least arguable under the glare of 20/20 hindsight, then trading outside of a trading plan is a dangerous proposition. The question, then, is, “Why take the chance?” A trading plan provides an easily implemented affirmative defense against insider trading claims, and courts have consistently deferred to valid trading plans, even under questionable circumstances. Furthermore, it is well-known that the SEC is vigorously pursuing insider trading violations of all shapes and sizes. (See this Doug’s Note.) For that matter, why doesn’t every company require that its insiders trade only under a trading plan? The elements of a trading plan. An enforceable trading plan must satisfy the following requirements: The insider was not aware of any MNPI at the time it was adopted. It specifies a non-discretionary trading method. The insider may not exercise any subsequent influence over how, when or whether to make purchases or sales. The insider must enter into the plan in good faith and not as part of a plan or scheme to evade the insider trading prohibitions. That sounds easy, so what’s the problem? Honestly, I’m not sure. Some companies may feel that prohibiting trades outside of...

Introducing a Fresh Perspective on Governance, Risk and Compliance

With the fifth anniversary of Doug’s Note fast approaching (and more than 250 posts and 250,000 reads in the rearview mirror), it seemed like a good time to consider where to go from here. Where, as it turns out, was to create a companion blog devoted to governance, risk and compliance, which are among the hottest issues in corporate America these days. Parker Poe’s GRC Blog reflects the joint contributions of our GRC team, co-led by Jane Lewis-Raymond, former chief compliance officer and general counsel of a large public company, and by me. Together, we provide more than 50 years of experience counseling public and private companies of all shapes and sizes on compliance program design, risk assessment, enterprise risk management, crisis management, remediation and training. Essential to the blog’s success are the contributions of our larger GRC team, which consists of attorneys whose practices focus on such key areas of corporate compliance as: Anti-Bribery & Anti-Corruption Antitrust & Consumer Protection Criminal & Regulatory White Collar Compliance Crisis Management Cybersecurity & Data Privacy Employment Environmental Government Contracting & False Claims Act Compliance Immigration SEC Reporting & Compliance Tax Trade Compliance Our GRC Blog includes insights on such matters as creating a compliance culture, ensuring compliance with the Federal Sentencing Guidelines and the DOJ’s program evaluation guidance, the interplay of compliance professionals, executive management and boards of directors, balancing GRC goals against the realities of budget and personnel constraints, and a whole lot more. Recent posts include, for example: Take-aways from the recent global ransomware attack (click here), The board of directors’ role in compliance programs (click here) , Where...

Thwarting Shareholder Activism Through Engagement

As the 2017 proxy season draws to a close for most companies, it is obvious that shareholder activism remains alive and well, though the actual number of public activist campaigns appears to have tapered off slightly as compared to recent years. Activism takes many forms, ranging from takeover proxy battles to proxy access proposals to single-issue social welfare proposals. Particularly noteworthy is an apparent trend among institutional investors to target small and mid-size companies, perhaps believing (perhaps correctly) that these companies are ill-prepared to resist their forays. Companies have a wide array of defensive techniques at their disposal, depending on the nature of the activist’s approach, one of which is effective shareholder engagement. The good news is that more and more institutions are welcoming, and even encouraging, engagement with their portfolio companies. And while small and mid-size companies still sometimes struggle to get the attention of major institutions, this has become less problematic now that shareholder engagement is standard practice in corporate America. Although many of the governance benefits of shareholder engagement are widely known, often overlooked is its ability to thwart shareholder activism. Better communication between the company and its major shareholders reduces misunderstandings about management’s strategy or the reasons behind its latest moves. Misunderstandings, in turn, may lead to activism, or a willingness to side with activists. Strong relationships with traditionally non-activist institutional shareholders (by far the larger percentage) have the ability to actually deter activist behavior before it even happens, or to nip it before it gains too much momentum. For example, many activist shareholders own a relatively small percentage of the target company, particularly as compared...

Compliance Program Oversight—The Board’s Overlooked Role

It’s long been axiomatic that an effective compliance program cannot exist without a strong ethics and compliance culture, which in turn requires the proper “tone from the top.” Yet, when most companies think “top,” they think C-suite. After all, tone starts with the CEO, right? And the C-suite is where you find many CCOs, or the executive to whom the CCO directly reports. Also, that’s where decisions are made about staffing the compliance function, allocating funds to implement the program and the host of other operational matters that determine whether the program is robust, minimalistic or non-existent. Often overlooked, however, is the crucial role of the board of directors. Most directors have a general understanding that their fiduciary duties include compliance oversight. After all, it’s been more than 20 years since the Delaware Court of Chancery held in its famous Caremark decision that directors could, in certain circumstances, be determined to have breached their fiduciary duty and, therefore, be liable for company losses due to compliance program failures. Later, the Delaware Supreme Court in Stone v. Ritter held that a director’s failure to implement and oversee aspects of a compliance program could constitute an unindemnifiable breach of the duty of loyalty. But how well do boards really understand their compliance program obligations? And to what extent do many boards devote time and effort to ensuring that their performance would pass muster under the microscope of hindsight when (not if) a compliance breach occurs? Is it enough for them to know that someone in the company has been given the title of CCO? Is it enough to allocate 30 minutes...

A Compliance Calendar Tip: Update for T+2

A few weeks ago, the SEC finalized rules to shorten the standard settlement period for securities transactions from three business days (T+3) to two business days (T+2). Amended Exchange Act Rule 15c6-1(a) will prohibit a broker-dealer from entering into a contract for the purchase or sale of a security (subject to certain exceptions) that provides for payment of funds and delivery of securities later than two business days after the trade date (known as “T”), unless otherwise expressly agreed to by the parties at the time of the transaction. (See this Doug’s Note.) The shift from T+3 to T+2 will be effective on September 5, 2017 to give everyone sufficient time to plan for, implement and test changes to the various systems, policies and procedures necessary for an orderly transition. Most of this preparation burden will, of course, fall on the direct participants in the securities trading industry. However, any company that pays regular cash dividends may need to adjust its annual compliance calendar to accommodate the new rule. Most companies that pay regular cash dividends include these relevant dates in their annual compliance calendars: The date on which the dividend is expected to be declared by the board of directors, The dividend payment date, and The ex-dividend date (the date set by the stock exchanges on which the security’s purchase price no longer reflects the dividend because the trade will settle after the record date). NYSE and NASDAQ rules currently state that shares will trade ex-dividend two business days prior to the dividend record date, which makes sense under the current T+3 timeline. However, the exchanges have now...