Per a recent BDO survey, the concerns of many directors remain all-too familiar to compliance departments. Results indicate where leaders plan to divert their resources in the near- and medium-term.
A company’s board plays a pivotal role in both compliance and business continuity, which is especially important after the past 18-plus months of disruption have coincided with a push for greater corporate accountability.
The board must continuously look ahead, take the temperature of the market and adjust plans to satisfy shareholders and attract investors. Directors must concurrently ensure employees, company processes and initiatives follow all applicable rules and regulations to mitigate risk while supporting key business objectives. These actions are an important part of successful board governance, and it’s critical that they are performed harmoniously.
As the 2021 BDO Fall Board Pulse Survey reveals, boards are focused on myriad priorities, including transparent communications with a widening pool of stakeholders; alignment of performance in executive compensation; adherence to environmental, social and governance (ESG) guidance; conscious supply chain management; and data security. When strong governance and compliance converge, the likelihood of achieving key business objectives and better outcomes increases. Understanding more about where board priorities should be focused can lead to better oversight of strategic direction, enable sustainable growth and greater business success.
Greater Transparency With Shareholders and Investors
Coming out of the 2021 proxy season, shareholder and investor engagement is the top priority for boards, according to the survey. Inspiring confidence in shareholders and investors is particularly important during times of economic volatility and accelerated change. The more relevant and meaningful information a company provides, the more certain investors can be that they’re making wise investment decisions. The demand for transparent information not only applies to financial statements but to broadening corporate disclosures. For example, evolving reporting of nonfinancial qualitative and quantitative metrics is a major component of ESG and sustainability initiatives, which is associated with long-term value creation, accountability and the new standard of doing “good” business.
Increasingly, more business leaders and investors ascribe to the view that corporate responsibility extends beyond just returns to shareholders and applies to society at large, expanding the definition of stakeholders and continuously raising the bar for corporate accountability. Ensuring management abides by disclosure rules and regulations when crafting communications and adheres to best practices as new guidance develops is an important part of mitigating risk — something the board can tackle in tandem with compliance departments. The board must be vigilant in its oversight of driving transparency, including holding management accountable for the accuracy and relevance of the information used by stakeholders. These actions not only support the role of compliance officers but also help strengthen the overall compliance function in providing credibility and reliability to the market.
Aligning Performance and Executive Compensation
As the Great Resignation demonstrates, the importance of an organization’s people and the value of its corporate culture have only grown in importance. With issues of human capital management continuing to dominate the headlines and boardroom conversations, the role of the compensation committee has also expanded as it determines how to link executive compensation and effective leadership. Issues in this domain — including the war for talent and succession planning; emphasis on diversity, equity and inclusion (DEI); and development within leadership ranks — along with continued public scrutiny of executive pay alignment with performance, are making for much more nuanced boardroom conversations and robust compensation committee agendas.
Economic uncertainty exacerbated by COVID-19 and evolving political and regulatory agendas are challenging traditional pay-for-performance models and the likelihood of achieving short-term performance goals. Additionally, an increasing number of companies are looking to tie in broader ESG objectives to executive pay incentives under the adage that “what gets measured gets done.” More than half of directors surveyed (63 percent) are embracing a pay-for-performance strategy, aligning performance goals (thresholds/maximums) with the probability of achieving them. A smaller percentage (37 percent) are shifting incentive compensation from a periodic bonus structure to longer-term equity grants, and others (19 percent) are tying incentives to ESG initiatives. Boards are tasked with creating appealing executive compensation packages that strike a delicate balance between attracting and retaining executive talent and ensuring pay and performance align with stakeholders’ value creation expectations.
Adherence to ESG Guidance
In the U.S., ESG has recently moved beyond a buzzword and crystallized into a core piece of the growth model for contemporary business. Directors recognize that corporate ESG activities can add value when adopted in good faith, but they can also expose the company to new risks when not fully integrated into business operations. This has triggered the need for boards and compliance departments to establish methods for meaningful and transparent ESG reporting. The survey found that more than half of directors (51 percent) are currently disclosing ESG metrics to the public via their website and social media channels, and a smaller but sizable portion of boards are issuing standalone ESG reports (26 percent) and/or including ESG metrics in audited financial statements (29 percent).
However, there is not yet a single globally accepted framework for determining and reporting ESG metrics. Currently, companies may be using multiple frameworks and standards to share their ESG narratives around goals, objectives and progress. Guidance — both internationally and domestically — about how companies can provide actionable ESG information to the market continues to evolve and emerge, making it a necessity for boards and management teams to remain up to date.
Compliance professionals, alongside the board, can play a significant role in helping to “stress test” how a company communicates its ESG activities. This can help avoid accusations of “greenwashing” — making misleading claims about eco-friendly products and initiatives — or cherry picking only favorable sustainability metrics and disclosures. Both of these practices diminish the integrity of reporting and can have damaging financial and reputational consequences.
Enhanced Data Governance
Board members understand that good data governance is crucial to all aspects of business, particularly in today’s accelerating digital environment. Data drives vital business decisions and can unlock new revenue streams while creating further efficiencies. However, as access to data grows, so has the number and sophistication of cyberattacks and data breaches. Rising cyber risk — particularly among third parties such as vendors and suppliers — highlights the urgent need for companies to safeguard valuable data assets and protect against a breach. For the next six months, board members’ top-cited governance oversight challenge is ensuring effective cybersecurity and data protection.
Companies that invest resources in robust privacy, data protection and cybersecurity preparedness plans are best poised to meet current compliance obligations. Focusing on cybersecurity and data governance requires close attention to applicable data privacy legislation, disclosure requirements and best practices. For example, companies that process the personal data of individuals residing in California must comply with the California Consumer Privacy Act (CCPA). Similarly, Virginia passed the Consumer Data Protection Act (CDPA) and Colorado passed the Colorado Privacy Act (CPA), both of which go into effect in 2023. And there are different laws in the European Union under the General Data Protection Regulation (GDPR). Organizations must have a detailed understanding of the requirements for each jurisdiction where they operate.
In the U.S., two federal privacy bills have been introduced: Setting an American Framework to Ensure Data Access, Transparency and Accountability (SAFE DATA Act, S.2499) and the Consumer Data Privacy and Security Act of 2021 (S.1494). The bills would require more transparency with an individual’s data, including appropriate notice and the ability to correct or delete the data, as well as requiring companies to have a privacy officer. Both bills are receiving levels of bipartisan support, but the SAFE DATA Act is more favorable to the consumer.
Compliance professionals should be aware that federal regulators scrutinize corporate practices for cybersecurity, data governance, privacy and data protection, including breach disclosures. In particular, the Cybersecurity and Infrastructure Security Agency (CISA) initiated a directive for pipeline companies to assess and mitigate any anomalous activity or active exploitation detected on their networks. The SEC and FTC, among other agencies, are considering heavier fines for companies that withhold disclosures following a breach and those that pay a ransom with digital currencies. So, companies need to pay close attention to what they say and do after a hack occurs.
Corporate disclosures regarding a data breach are subject to regulation and could lead to enforcement action if they contain errors or misleading statements. This is in addition to the significant reputational damage that can result from a data breach. Compliance professionals help ensure boards and management have the right resources, teams, policies and documentation in place, so that the company can meet evolving regulatory and legislative obligations, confront growing cyber risk and make informed decisions in protecting the business and its stakeholders.
An Intentional Approach to Supply Chain Management
Supply chain management has become a pressing issue in recent years. In the age of ESG, supply chains can expose companies to risks that include unlawful labor practices, counterfeit materials and harmful environmental practices. In addition to creating liabilities, COVID-19 impacts have led the global supply chain to become a source of unreliability, plagued by a dearth of materials, rising transportation costs and barriers to accurate forecasting. Nearly a third of board members surveyed (32 percent) anticipate supply chain production/disruption will be their greatest business risk for the next 12 months.
However, many organizations are leveraging digital supply chain tools to help mitigate disruption while also supporting compliance. Nearly a quarter of survey respondents (23 percent) are considering diversifying their supply chain. Companies with a diverse range of supply chain sources to choose from tend to experience less disruption while also contributing to a more robust economy. Mitigating supply chain risk has holistic benefits for the business and multiple parties, including compliance, play a role. The compliance department works with supply chain managers to ensure that sources operate in accordance with company values, ESG guidelines and regulatory policy. Digital supply chain management tools can help compliance professionals gain a clearer understanding of provenance and practices, which they can then relay to the board to ensure proper communication of risk and opportunity.
View From the Boardroom
Profitability is not the sole marker of success for today’s companies. Ongoing events have accelerated a societal shift toward technological advancement, more equitable compensation practices and a broad range of ESG values. A growing pool of stakeholders is elevating the standard for all aspects of business — from executive compensation to supply chain management to data governance. As the results of the 2021 BDO Fall Board Pulse Survey suggest, board members and compliance professionals are encouraged to work in tandem to adjust company operations to meet the moment and move swiftly into the future of business.