with contributing authors Aaron Carlson, Sean Gorman and Kate McGregor
Demands on corporate directors are greater than ever. With pressures from regulators, shareholders and proxy advisory firms to improve disclosure, increase board diversity, enhance corporate governance and stave off cyber attacks, directors must stay abreast in a constantly evolving corporate environment. This article offers insight and practical tips on the topics that keep boards up at night.
In 2015 and 2016, the corporate governance spotlight has been on proxy access. Proxy access proposals have received strong shareholder support and as of August 31, 2016, 39 percent of S&P 500 companies provide a proxy access right. A general consensus has emerged among companies that have adopted proxy access bylaws to permit a shareholder or group of shareholders who have held 3 percent of the company’s stock for three years to nominate up to 20 percent of the board.
In 2017, expect to see a shift in tactics from shareholder proposals seeking to implement proxy access to proposals seeking to tweak the “fine print” of existing proxy access provisions. Examples include counting the same mutual fund family as one shareholder, restricting renomination of failed director nominees and requiring disclosure of or prohibiting third-party director compensation arrangements. SEC Division of Corporation Finance Director Keith Higgins has indicated that the SEC views a company’s bylaws as fundamentally “the domain of the shareholders” under Delaware law and implied that shareholders may be given wide latitude to adopt amendments. The SEC has demonstrated reluctance to issue no-action letters to companies looking to exclude shareholder proposals to amend their existing proxy access provisions. The SEC staff has indicated that they will evaluate shareholder proposals to change proxy access provisions on the totality of the circumstances rather than relying on a strict numerical test. While shareholder proposals to change proxy access provisions may be difficult for companies to exclude, they can often be defeated by early and effective shareholder engagement. A company that has adopted a proxy access provision should consider engaging with key shareholders to communicate the details of the provision and explain why the proposed changes are not necessary.
As the SEC continues to implement Dodd-Frank rulemaking requirements, expect to see continued focus on executive compensation, including pay ratio disclosure, clawbacks and pay-for-performance.
Beginning in 2018, companies will be required to make new disclosures of the chief executive officer’s total annual compensation, the total annual compensation of the median employee and the ratio of the two. It is important for a company to start preparing early: this process is complicated, difficult and painstakingly detailed. Leave time to practice collecting the necessary data and navigating the company’s payroll system. If it is appropriate for the company’s business model, consider using statistical sampling to generate the required information on the median employee.
Also carefully consider the audience for this information. Institutional investors and proxy advisory firms seem relatively uninterested in the pay ratio disclosure, except as it may reveal outliers or major year-to-year changes. The main consumer of this information will be the company’s own employees. Employees are likely to focus on the median compensation more than the ratio, as half of the employees will learn they are compensated below the median and they can easily compare the company’s median to its peers who may be competing for their talent. Since employees are more likely to get their information from the media than the proxy statement, a company should control the narrative on the pay ratio and median compensation. Tell the company’s story before the media tells it for you. Also consider reaching out to employees outside of the proxy to discuss the narrative with them.
While most companies have already adopted some form of compensation clawback, clawbacks are back in the spotlight due to recent high-profile events such as Wells Fargo’s clawback of $41 million from its chief executive officer (who subsequently resigned). The SEC’s successful implementation of its whistleblower program has also increased the importance of clawbacks: with more whistleblowers come more restatements, which means more clawbacks. The SEC has proposed rules that would require stock exchanges to adopt listing standards that would clawback performance-based compensation when a restatement is required. The standards will likely go beyond a company’s existing clawback policy and would apply to all executive officers, current and former, with a three-year look-back period and would not be limited to executive officers who engaged in misconduct (it is a no-fault policy). The amount of a clawback would be pre-tax, and executives may or may not be able to deduct the taxes already paid on the amount clawed back. It is also important to note that the Department of Justice does not allow companies to indemnify for clawbacks. A company should check its indemnification and mandatory arbitration clauses for potential clawback issues.
The SEC has proposed rules requiring disclosure of the relationship between executive compensation actually paid and the financial performance of the company. This pay-for-performance disclosure is meant to be a company’s supporting statement for a shareholders say-on-pay vote. Up to this point, many companies have developed their own pay-for-performance disclosures, but concern has been raised that these are difficult to compare across companies. The proposed rules focus on executive compensation, its relationship to total shareholder return (TSR) and comparison to a company’s peers. The SEC has received numerous comments on these proposed rules and a company has the option to continue with current compensation disclosure practices until the rules have been finalized. In the meantime, stay abreast of what peers are disclosing and continue to evaluate whether the company’s disclosure is accurately telling your pay-for-performance story.
Board composition, in terms of diversity, skills and tenure, has become a key area of interest for some shareholders. With average director age increasing and turnover remaining flat on large-cap public company boards, investors, and even directors themselves, are calling for change. In a director-community survey by KPMG, 43 percent of respondents cited resistance to change and status quo thinking as significant barriers to board performance. While shareholders and directors agree board diversity is important, progress has been slow. SEC Chair Mary Jo White has announced that the staff is working on recommendations regarding amendments to the SEC’s existing board diversity disclosure rule to require companies to include more meaningful board diversity information in their proxy statements when it is voluntarily reported by directors. In October 2016, proxy advisory firm Institutional Shareholder Services Inc. (ISS) announced that it has revised its rating system and added board diversity and refreshment questions to its scoring criteria. Given ISS’s influence on shareholder voting, a company would be wise to proactively improve its board diversity and increase disclosures related to its efforts.
Shareholder engagement has become the norm, not the exception, and boards are increasingly adopting shareholder engagement policies. Best practice is to reach out early and often — many engagements begin immediately following a vote. When meeting with shareholders, maximize the value of their time. Have an agenda and circulate it to the shareholder prior to the meeting so they can add any items that you may not have realized are a concern for them, and include independent directors rather than management to avoid any awkwardness. Make sure the company “gets credit” for what it has done by highlighting your shareholder engagement efforts and responsiveness to shareholders in the proxy. Consider using a chart to emphasize “here’s what we heard” and “here’s what we did.” Finally, proactively address ISS concerns. Depending on the company’s shareholder profile, ISS can significantly influence votes, so it is important to address their concerns head-on.
Cybersecurity remains a top priority for directors, as the sophistication and number of attacks continues to increase. The costs of cyber attacks are high and include business disruption, reputational harm and response costs, with the average consolidated cost of a data breach estimated at $4 million. There has also been an increase in derivative suits against companies, officers and directors relating to data breaches. While the SEC has investigated instances of cybersecurity breaches, there have not yet been any public cases. However, a company needs to be ready to respond to an investigation based on the company’s obligation to have internal controls and to take reasonable efforts to protect against cyber threats. In the event of a cyber breach, a company will face a number of challenges. While the company is the victim of the attack, it immediately comes under the threat of liability; careful, complete disclosure is key to avoiding this liability.
The speed at which demands on corporate directors are evolving does not appear to be slowing. Corporate directors must continually educate themselves on the legal and corporate governance landscape in order to effectively respond to and lead through these changes.
 The Finer Points of Proxy Access Bylaws Come Under the Microscope, posted by Peter Kimball and Alexandra Higgins, ISS Corporate Solutions, on September 12, 2016.
 Keith Higgins, “Keith Higgins Speaks: The Latest from the SEC,” TheCorporateCounsel.net’s Proxy Conference and Say on Pay Workshop, October 24, 2016.
 This past July and September, the SEC rejected no-action requests from H&R Block and Microsoft under Rule 14a-8(i)(10), which allows companies to exclude proposals that they have “substantially implemented.”
 Carol Hymowitz, “The one place it’s okay to be old is in the boardroom,” Bloomberg, August 21, 2015.
 KPMG Audit Committee Institute, Building a Great Board: KPMG’s Audit Committee Institute Global Pulse Survey (KPMG, 2016), p.7.
 Mary Jo White, “Keynote Address, International Corporate Governance Network Annual Conference: Focusing the Lens of Disclosure to Set the Path Forward on Board Diversity, Non-GAAP, and Sustainability,” June 27, 2016.
 Ponemon Institute Cost of a Data Breach Study, June 15, 2016.