THE BLOG

Featuring fresh takes and real-time analysis from HuffPost's signature lineup of contributors

Richard Leblanc Headshot

2015 Trends and Answers in Corporate Governance

Posted: Updated:
Print

2015 is shaping up to be a year where boards, once again, will be under intense pressure and scrutiny to get it right. Here is a list of trends and key issues, along with what boards are or should be doing in response.

1. Greater Director and Advisor Independence

Pressure:
A director or professional advisor can be formally independent, and yet captured inside the boardroom. Forms of capture reported to me include social relationships, donations, jobs or contracts for friends, perks, vacations, office use, director interlocks, supplier or customer relations, and excessive tenure and compensation. Look for more regulators implementing term limits and moving towards an objective standard of director independence. Look for activists going into the background of directors to demonstrate the capture. Look for investors focusing on the origination of each director and service provider, which is to say how he or she came to be proposed, to address social relatedness.

Answer:
Boards can protect themselves by terminating any director or professional advisor who cannot be reasonably seen, by directors themselves and more importantly by an outsider, to be independent from management in their oversight and assurance roles. Assume what boards know internally is what is or will become known externally. This trend towards tighter independence standards will continue: For example, internal oversight functions should also now be independent from senior and operating management, and that includes the risk, compliance and audit functions, who now should report functionally to the committees and board. Any director or external or internal advisor to the board or a committee should be, in law and in fact, independent of all reporting management or any other adverse interest, in order to be free to make recommendations that run counter to that of management. A board fully protecting itself would also require a third party anonymous review of director and advisory independence annually, and acting on the results. Directors know who is captured and there should be a mechanism for this to come through.

2. Better Board Composition and Diversity

Pressure:
Regulators are moving towards prescribed competency matrixes; the production of curriculum vitae (not perfunctory short bios); and interviews with directors and oversight functions to determine whether these individuals are fit for purpose. Activists are searching director backgrounds and track record to determine alignment between competencies and the business model and strategy of the company. Regulators are legislating board renewal and diversification, through quotas or the production of measureable objectives covering recruitment to retirement.

Answer:
Competency, diversity and behaviour matrixes should: flow from the purpose of the board and the strategic and oversight requirements of the company; be established by the nominating committee; and be independently designed and validated to ensure recent and relevant expertise is possessed by each director. The diversity policy should extend the prospective director pool to previously unknown directors and who may be joining their first board (80 per cent of directors are on one board only). Tenure limits and excessive directorships (beyond two) should now be policied and capped (the average board position is 300 hours). Robust matrix analysis and director evaluation should occur by the nominating committee and its independent advisor, not management. The board should extract directors who do not possess relevant and recent competencies or desired behaviours. (See boardroom dynamics, below, for a separate discussion of director behaviour.)

3. Risk Governance

Pressure:
Plaintiff's investor lawsuits and proxy advisory firms are targeting directors at risk for oversight failure. Regulators are imposing onerous risk coverage requirements on directors that require oversight of internal controls, risk-takers and limitations. Lack of understanding of social media, bring your own device, and cyber security are contributing to enormous investor loss and brand impairment, as an example of technology risk. Recent risk failure by boards also includes sexual harassment, safety, security, technology, bribery, fraud and reputation.

Answer:
Boards should now have directors possessing risk expertise, as regulators are requiring this. The identity of these directors should be disclosed. Every company should board-approve a risk appetite framework, including internal control reporting and independent, coordinated, assurance over controls mitigating each risk and their interactions. Directors using technology dashboards should oversee risks prospectively. Hiring of risk, compliance and audit functions should occur, reporting to the audit and risk committee. Known limitations should cascade throughout the organization, and back up to the board, with ease, including within each market in which the company operates, and to key suppliers. Annual third party reviews should occur, reporting directly to the board and audit and risk committees. Board and committee charters should have coverage over each material risk, financial and non-financial. Audit committees that oversee substantive non-financial risks may be a red flag. There will need to be significant investment and restructuring of reporting relationships for the foregoing risk governance regulation to occur.

4. Compensation Governance

Pressure:
Media and public pressure over the quantum and alignment of executive pay have resulted in regulation over: compensation committee and advisor independence; say-on-pay; proxy advisors; and pay ratios; but not over pay-for-performance (most important) and clawbacks, yet. Certain public regulators have become more aggressive, targeting the quantum of pay. Financial regulatory focus is on the delivery and alignment of pay. There is a modest, but will be a growing movement once full regulation occurs, moving from (i) short-term, quantitative, financial pay metrics, relying on comparator inter-company benchmarking, which exacerbates pay unrelated to performance, to include (ii) long-term, qualitative, non-financial pay metrics, with customized, risk-adjusted pay delivery commensurate with internal value creation and shareholder return.

Answer:
Boards should engage directly with long-term, major shareholders on their pay plans, without management influence. Clawbacks should be restructured or implemented based on risk management and ethical failure, not fraud, using an independent advisor not the company lawyer or management-retained counsel. Boards should approve key performance metrics based on an explicit full business model invoked from the strategy. 75 per cent of the performance metrics reflecting the firm value chain should be leading and non-financial indicators. Peer benchmarking should be balanced with the foregoing pay principles and long-term alignment with the product cycle of the company (five to seven years, not three). Non-financial leading metrics such as innovation, value and quality, and financial metrics such as balance sheet and capital treatment and returns, should be incorporated into pay plans that have a line of sight to management performance, without any unjust exogenous enrichment. There is much work to be done here, and more regulation is expected in 2015 and 2016.

5. Greater Shareholder Accountability

Pressure:
Look for activism to grow unabated, and institutional shareholder and even regulatory support of proxy access in 2015, giving greater control to shareholders over director selection and removal. Look for further shareholder assertion of rights and coordination over the targeting of below-average management supervised by complacent boards. Look for shareholder focus on director mindset, track record, and lack of management capture or self-interest. Look for continued attack on entrenchment devices by management and their retained advisors to insulate under-performers.

Answer:
Camera-ready boards should implement private, candid, executive session meetings with long-term shareholders to discuss governance, risk, pay, and value creation. Investors and boards should focus on company performance in comparison to peers, and superior governance that exceeds the minimal. This includes background of directors. Independent governance auditors should be retained to provide an activist point of view, ahead of a possible attack. Any advisor to the board on shareholder engagement should be independent of management.

6. A Focus on Strategy and Value Creation Focus

Pressure:
Activist and, increasingly, good board focus is on the value creation plan, monitoring, and holding management responsible for its achievement. Complacent or inexperienced boards incapable of directing an under-performing, ineffective or inefficient management team are being targeted. Weak or legacy chairs and directors are also targeted. Excessive or non-performance based compensation is a red flag for governance intervention.

Answer:
Good boards are becoming engaged, focused, results-oriented and disciplined. Agendas and committee structures are being revised to focus on strategic primacy and value creation. Robust debate and review of the plan is the primary board agenda item each meeting, and strategic practices are adopted, such as, among others, that at least one presentation each meeting from key personnel below the senior level, on that person's role in the value maximization plan, and a full discussion of progress to date in that regard. However, board renewal is not reflecting this structural and deeper board focus, yet. Ill-chosen directors are still unable to add value strategically, my applied research suggests. There remains ample opportunity for activist intervention.

7. Information Technology Governance

Pressure:
Rapid technology advancement has created opportunity and risk. There is profound technological ignorance by many or most boards that is creating an inability to direct and oversee management. Cyber security, bring your own device, and social media are just three IT risks that, reviews indicate, have deficient or non-existent internal controls, which in turn causes privacy breach, reputational damage, and significant investor loss. Plaintiff's lawyers are suing boards, correctly alleging breach of duty of care. Regulation is not keeping up with cyber-threats and hacker advancement.

Answer:
Boards should be IT literate, agree on the standard and platform, and direct management to have an action plan and target date for implementation, covering crown jewels; assuming penetration; and including internal controls over behavior and human error. Boards should control the budget, talent, resources, reporting and assurance of IT risk as part of broader ERM (enterprise risk management) and strategic risk. Scenario testing, mock attacks, and expert assurance should be board-reported. If management resists third party validation, this is a red flag for any board.

8. Board Performance Audits

Pressure:
Regulation, activist, technical and public pressures are augmenting the objective standard of care for directors. Director action (or inaction) will be visible and risk liability or other loss post failure. Resourced and sophisticated investors are a particular threat, as are regulators. Complying with basic practices is no longer adequate assurance or protection for boards, as capture, entrenchment, self-dealing, complacency and non-performance have all been shown to occur within existing governance frameworks. Governance failure, including bribery, corruption, cyber and under-performance, have occurred at companies whose governance has been said to be exemplary.

Answer:
Good boards and regulators are moving towards independent, internal and deep reviews over the board, risks and internal controls, similar to financial audits. Just as management cannot assure its own work, neither can boards assure a self-review. A well-chosen third party or independent internal auditor provides boards with advance warning on precisely where their vulnerabilities and weaknesses are. An expert audit within an activist and emerging regulatory framework is a wise use of time and resources.

9. Tone at the Top - and Now in the Middle

Pressure:
Long arms of regulators are now able to hold boards vicariously responsible for fraud, bribery and other forms of corruption at deep levels within and even interacting outside their organization. The distraction, assets put at risk, and reputation damage can be significant. "Tone in the middle," culture, and imprudent risk-taking are the new warning signs on which sophisticated boards are requesting concrete assurance, to ensure directors are not the last to know.

Answer:
Resourced boards are instituting: confidential and incented whistle-blowing procedures; audits of internal controls over culture and reputation; and amnesty, among other best practices, to ensure bad news rises. Explicit and monitored thresholds for the board-approved risk appetite framework are being instituted, along with a line of sight by the board that compensation is not driving bad behaviour. Due diligence, climate, values, spot audits, and the code of conduct are all being independently reviewed and reported to committees and boards, without interference or funneling of reporting management. Good boards are much less tolerant of ethical lapses or management blockage.

10. Boardroom Dynamics

Pressure:
Lastly, the board must gel as a team, and, as a team, control management. Any behavior gap - undue influence, reliance, dislike, dysfunction, or even contempt -- by one or more directors or managers, introduces information and oversight asymmetry that can and does lead to governance failure. Every seat at and reporting to the board table matters. The pressure here is a toxic or under-performing director who refuses to resign out of self-interest, or a board allowing integrity breaches and leadership shortcomings by an officer to continue.

Answer:
Good boards: have behaviour matrixes and performance reviews that define and rate behaviours at the board table; have peer reviews and mentoring that develops and refines behaviours; and act on the results regardless of profile or tenure. Due diligence, background checks, interviews, and assessments are all becoming commonplace. Personality testing is also developing.

Conclusion

There have been more governance change occurring in the last five years than in a generation. Enron, WorldCom and other implosions in 2001-02 are very different from the global financial crisis of 2008-09, which: was systemic, involved banking, and required broad government intervention. There is a regulatory and investor appetite for broad and deep governance change. The above 10 changes and responses are touch-points for where governance change is happening the most. Boards and management teams are only about 40 per cent through digesting all of the above reforms, and there are more to come in 2015.