Increasing Geopolitical Risks Raise Disclosure Issues

Over the past two years, public companies in the United States have faced an unpredictable risk environment. Two geopolitical crises—the COVID-19 pandemic and the Russian invasion of Ukraine—strained international supply chains and destabilized financial markets. It is tempting to view these events as temporary departures from the stable climate for international commerce of the past 75 years. There are reasonable grounds for that position. After all, COVID-19 was the first global pandemic since 1918, and the conflict in Ukraine marks the first large-scale conventional conflict in Europe since World War II. Geopolitical instability, however, may be the new normal. Companies must therefore consider how the resulting risks from such events impact them, and for public companies, whether and how to disclose such information to shareholders.

As these events have unfolded, the US Securities and Exchange Commission (SEC) has provided guidance in various forms as to what it expects in terms of disclosure by building on already existing requirements in the SEC’s Regulation S-K. Specifically, the SEC issued nonbinding guidance on COVID-19–related disclosures and later issued a sample letter focused on the conflict in Ukraine. Turning first to the 2020 pandemic guidance, the SEC staff identified a detailed list of COVID-19–related factors for issuers to examine in drafting future disclosures, including the following:

the impact of the pandemic on current and future operations;the impact on capital and financial resources;any material impairments on an issuer’s financial statements;COVID-19–related impacts on business continuity plans; anddisruptions in supply chains and the methods for distributing products.

On May 3, 2022, the SEC issued the sample letter, and directly addressed the nexus between the Russia-Ukraine conflict and Regulation S-K. The sample letter informed issuers that the Ukraine conflict may trigger disclosure obligations for any “direct or indirect impact[s]” on operations, liquidity, supply chain, or assets, and advised issuers to specifically examine risks related to cybersecurity, supply chain integrity, and commodity price volatility. The SEC also advised companies to carefully review their sanctions compliance function. In addition, the sample letter paid particular attention to the role of the board of directors, emphasizing that companies should disclose the role of the board in “overseeing risks related to” the conflict. And, perhaps most significantly, the SEC placed increased focus on supply chain risk: the sample letter indicated that in future regulatory investigations, issuers could anticipate questions about whether supply chain risks flowing from Ukraine were adequately disclosed, and whether issuers undertook or considered efforts to “deglobalize” their supply chains.

Collectively the pandemic guidance and the sample letter provide issuers with the best available template for complying with SEC rules and regulations in the event that other potential disruption creates geopolitical instability. In particular, and just by way of example, issuers should consider the potential downstream risks of geopolitical tension between the People’s Republic of China (mainland China) and the Republic of China (Taiwan). In recent years, tensions between China and Taiwan—always high—have escalated, with the military and civilian leadership of both countries openly contemplating the outbreak of hostilities, and China acknowledging its intent to develop the military capabilities necessary to mount a full-scale invasion.

For issuers that depend on global supply chains, the potential impacts of a conflict between Taiwan and China are highly relevant, and, in light of the SEC’s pandemic guidance and sample letter, may require disclosure to investors. For example, even if the United States were to remain neutral, domestic issuers would still likely lose access to Taiwan and to all ports in China because both China and Taiwan have submarine and anti-ship missile capabilities sufficient to reach any commercial vessels that transit the area. The loss of access to Taiwan would, in turn, effectively eliminate the ability of domestic companies to manufacture products that rely on semiconductors, while the inability to access Chinese ports and exporters would create massive disruption for retailers, manufacturers, and other industries that rely on China for finished goods and raw materials.

To that point, several issuers already identify and disclose the risk of a conflict in the Taiwan Strait to their shareholders. Best Buy, for example, disclosed in its most recent 10-K filed on Mar. 18, 2022, that “further deterioration between Taiwan and China” could disrupt the manufacture of “hardware components in the region.” Similarly, Gravity Co. filed a Form 20-F on Apr. 28, 2022, that noted “a significant percentage of… revenue” came from customers in Taiwan, and therefore “an increase in tensions between Taiwan and China and the possibility of instability and uncertainty” could affect customer demand and the business in general. And Micron Technology, in its Mar. 30, 2022, Form 10-Q, disclosed “political and economic instability, including the effects of disputes between China and Taiwan” as a risk to international sales and operations.

Of course, we hope that all of the issues discussed above—the COVID-19 pandemic, Russia’s invasion of Ukraine, and the increasing tension in the relationship between China and Taiwan—come to an end. We also hope that the world is not entering into a period of more frequent and severe events causing geopolitical instability. Nonetheless, as issuers deal with a global environment that generates greater risks, companies that apply the SEC’s pandemic guidance and sample letter to their finances, supply chains, and operations during a crisis are more likely to issue disclosures that satisfy shareholders, avoid private civil litigation or reduce the likelihood that such litigation is successful, and withstand potential SEC scrutiny.

Richard Zelichov is a partner and Trevor T. Garmey is an associate at Katten Muchin Rosenman.

Leading an Effective CEO Transition: It’s a Journey, Not an Event

Having just gone through a CEO transition at Pearl Meyer, I have spent some time reflecting on the outcome as well as what we learned organizationally and as individuals throughout the process. While we have guided numerous clients through the same exercise, I am more keenly aware than ever that leadership transition is an ongoing process and every company is on this journey—whether deliberately or not. It is important for boards and CEOs to acknowledge that they will learn lessons along the way and need to have a plan for incorporating those lessons into their teams’ leadership development.

Here’s what we learned from our own journey:

1. You can’t start too early. We stress this with clients and our experience reinforces this number-one lesson. There is much to do, consider, and prepare for. It’s too important to “wing it” or short-change the process.

2. Objectivity is imperative. This goes for outlining the candidates’ strengths and growth areas, creating opportunities to improve any detrimental weaknesses, and assessing the outcomes of their development plans.

3. Coaching is a must. Few organizations, in my experience, appreciate the value of executive coaches. They are absolutely key to both effective development and a successful transition.

4. Get everyone on board. Having broad support for the new leader once a choice is made leads to a smooth transition. The alternative is simply abrupt change.

Plan Ahead

I believe that you can’t start developing successors too soon. We have frequently advised clients that the moment somebody assumes the top job, they—and the board—need to be thinking about what’s necessary for someone else to succeed them. The development of a successful CEO can take a very long time.

However, you can definitely name a successor too soon. They often become frustrated with the passage of time. Companies lose great succession candidates to becoming CEOs of other companies because they grow impatient. So, while you can’t start developing too soon, you can definitely pick one too soon.

And you know what they say about the best laid plans. Often you set out on a particular journey, only to find that adjustments must be made along the way. Plan to course-correct.

Cultivate Objectivity and Bring in the Coaches

A key lesson learned for me in being part of the process, rather than advising on the process, is that an organization can’t do its best job at succession planning alone.

Self-assessments or individually managed development is usually not enough. Even the most self-aware candidates don’t automatically know exactly what their strengths and weaknesses are, as seen by others. It’s especially difficult to have a clear picture of the “soft” things they need to do to be successful in leading others. And the perspectives of the board and the CEO in creating a short list and analyzing those candidates can be helpful, but may also prove to be too subjective or not fully accurate.

This is where organizational development experts can offer the outsider’s view and help the organization define the ideal profile for the next CEO and then work with candidates to clearly understand their current strengths and challenges with respect to that profile. Converting this assessment into multi-year development plans helps focus the candidates on how they need to develop and what they need to do to demonstrate that they are ready for the next step in their careers and up the ladder.

An outside advisor can help the organization structure learning opportunities that are appropriate to each candidate and beneficial to the full group, such as moving high potentials into positions that offer a chance to lead new teams and perhaps stretch the candidates’ comfort levels or creating an opportunity for the group of candidates to work together on strategic projects and strengthen their relationships as a leadership team. We took both of these development actions; however, I did not appreciate at first that my style of mentoring and developing people did not necessarily help each candidate maximize their learning opportunities. If I had a do-over, I would bring in outside assessment and coaching sooner.

Long term, the most effective leadership development comes about when it is structured in a way that is tailored for each of those candidates as individuals and is not unduly clouded by the relationship and experiences those individuals and the sitting CEO have developed. Finally, it is important for the board to get an impartial assessment of candidates because their impressions of the people they know, possibly on a limited basis, have been formed over a long period of time. In that context, it’s not always clear how a candidate may have grown or how they might perform in a different role.

It’s my experience that relatively few organizations appreciate the value of executive coaches. In the past, if some in the boardroom heard that the CEO asked for or needed a coach, it was likely viewed as evidence of some inadequacy. However, we may be entering a new era of business culture. New attention to issues such as diversity, equity, and inclusion indicate that this kind of change is quite possible, and, of course, beneficial. Ongoing coaching is a very effective tool, providing the CEO with an objective and, very importantly, external sounding board and giving directors additional assurance that the transition will be successful.

Create Unity

In the spirit of absorbing and implementing lessons learned, a big part of our own transition has been to provide post-selection coaching to the new CEO and to the other senior members of the management team. This provides continuity for the strong leadership development plans in place, as well as helps everyone adjust to their new relationships. It is a simple fact that when you promote from within, all relationships change and there must be adjustment to new ways of doing things and new ways of working together. Accounting for—or ignoring—this important aspect of the transition can be the critical, make-it-or-break-it point. Carefully planned, but open and forthright, communication throughout the company about the change sets the right stage.

In our case, the end result from an organizational perspective is that there absolutely is a great deal of change happening, but the change feels purposeful and evolutionary. Naturally, every company will experience changes in leadership style with every transition. One leader may be more intuitive and the next more analytical, but there is continuity in our values and especially in our culture, and I see strong energy and enthusiasm in our firm.

This is what I want for our clients. And thankfully, the renewed energy isn’t just internal. As our business evolves to meet the growing responsibilities of our clients, I am seeing an expansion of ideas and creativity among our consulting teams that will help all of us involved in compensation and the broader issues of workplace change and human capital management tackle some very real challenges—ongoing succession planning being at the forefront.

David Swinford is the chair at Pearl Meyer.

NACD: Tools and resources to help guide you in unpredictable times.

Become a member today.

How Cybersecurity Experts Are Tackling Proposed SEC Rules, Working From Home, and More

The data security landscape is ever changing, and boards need to prepare themselves for future threats. To discuss insights into the challenges of overseeing cybersecurity and constant new threats, NACD, in partnership with Baker McKenzie, EY, and Optiv, brought together panelists Robyn Bew, west region leader of EY’s Center for Board Matters; Joanna Burkey, chief information security officer (CISO) at HP, Inc.; Jerry Perullo, founder of Adversarial Risk Management and former CISO at IntercontinentalExchange; James Turgal, vice president at Optiv; and Cyrus Vance, partner at Baker McKenzie. Greg Griffith, NACD senior director of partnerships and corporate development, moderated the event. Below are key questions and answers from that conversation.

What are some baseline steps you find [yourself] advising your clients to take over and over to enhance cybersecurity resilience?

Cyrus Vance: I think you have to be looking at the whole continuum of risk. It means getting a lawyer involved early in the process so that some of these investigative steps can be done with the direction of counsel, which gives the company flexibility as it goes through all these other steps along the continuum to determine what information becomes public and what information does not become public. Make sure that your board has looked at your company, has looked at its resiliency, has a game plan for when the day happens that you don’t want to happen so that there’s no confusion about who gets called.… Look at everybody who’s in the action chain in the aftermath of cyber events—the CEO, CISO, lawyers, consultants, all of that. You probably already are doing what needs to be tested before an event happens so that you are not caught out when it happens. Make sure that your leadership around cyber is steady… [and that] the communications personnel are also in the loop before anything happens. We’ve all been through crises in business. I certainly have. I think one of the most important things is to have executive leadership [that] knows how to lead through a crisis without everyone feeling scared about what they’re doing and how they’re doing.

What advice would you give to yourself or to boards or board members?

Joanna Burkey: I can’t agree emphatically enough with the need for preparedness. It’s important to think about not only being prepared so you know what to do, but also [so that] people know what they do not need to do when the time comes, especially with a cyber incident because there can be so much panic, and there’s so much unknown around it. I’ve noticed the tendency for a lot of the senior executives and board members to immediately think, Oh my gosh, I’ve got to do something. Not necessarily. Ideally, your preparation is very much predicated on getting a comfort level where they know who’s going to do what, and at least that aspect of the panic can be tamped down a little bit.… My piece of advice there is [that cybersecurity] is just another element of business. It can be a risk. It can also be an opportunity. What it means to the enterprise is very much determined by the type of enterprise you are, who you want to be, what makes your company special. Is it the [intellectual property], is it your mobile operations that make you special? What is your cyber maturity? And what’s your value proposition as an enterprise? Once you look at those three things, you as a board director don’t need to have in-depth, technical knowledge about cybersecurity. You just need to know it’s a strategic element of doing business. As long as you have somebody who is overseeing it for your enterprise, you have confidence that that’s the right somebody, you know that they have a plan, and you as a director have oversight as to whether their plan is appropriately resourced, then it’s just another business element.

What are you hearing from your clients about the proposed US Securities and Exchange Commission (SEC( rule changes and what do you advise?

Robyn Bew: Obviously there’s a lot of attention from directors on the component of the rule regarding disclosure around board expertise.… To date, we’re not seeing a lot of boards and nominating and governance committees immediately ripping up and redoing their skills matrix; board composition and recruiting take time. But boards are starting to discuss how they’re going to tell their story about the way that cyber knowledge and expertise is getting into the boardroom. That might include the skills of one or more individual directors, it might be briefings that the board receives from law enforcement or from external advisors, and so on. The other thing we’re seeing, and this is true for really any proposed SEC rule, is boards engaging with management teams and asking the questions, “If the rule was enacted as written, where are we with our ability to comply? Are we pretty close? Or what’s the gap? […] Do we need to revisit our definition of materiality? What about our escalation protocols? If there’s going to be a four-day clock that starts ticking [to report a cyber incident after the company has determined it is material], how prepared would we be?”

What can board members do to diminish the risk of successful critical infrastructure attacks?

James Turgal: The [Federal Bureau of Investigation (FBI)] has led a bunch of different initiatives. It’s all [about] the public-private partnership. You got the Information Sharing and Analysis Center, ISAC, out there.… What [Vance] is talking about is this ability for organizations within a particular industry, within a particular vertical to share information. One of the things that the FBI tried to do, and I don’t think they did it very well in the early days of cybersecurity, but excel at it today, is to be able to drive that sharing mechanism, which they really need to do…. But when companies don’t throw up the flag and say, “Oh my god, we’re in the middle of an attack,” we can’t tie the attackers to the breadth of victims we have all talked about. There’s a real need to force that kind of conversation, but also force the conversation within your industries. Where is your local ISAC? Do you know your local FBI field office cyber supervisor? Your CISO and [chief information officer] should have a speed dial to those guys because every city has one. The entire world is covered by the FBI from a cyber aspect. Knowing about the ISACs and [being] able to share that intelligence will also help keep you safe.

How are you handling the risk of working from home?

Jerry Perullo: If we had our intellectual property stolen, revealed on Twitter, how impactful would that be for us? There need to be some frank discussions to say, “That would be a bad day, but we can manage it.” That’s not our top risk. Sabotage, on the other hand, we can’t afford to be offline for more than, well, everybody’s going to say five minutes. But what’s real? Maybe it’s actually five days. You need to go through that process and you need to do that first because when you identify these threat objectives—and that’s things like extortion, sabotage, [data] theft—when you go through those and figure out what’s our mission for cybersecurity, then that adds a vocabulary for everything from that day forward. When you’re hearing about an investment, say, “Okay, how does that affect what we decided early on as our marching orders?”

With home computing, [companies will] talk about, “What’s our latest [security] software? We’re going to deploy it on all of our laptops to secure them.” But if you ask the question of how many of our employees are actually using our laptops [versus home computers], there are a lot of people that are completely operating outside of the environment. You need to look through your cybersecurity leadership for people who are just looking [to say], “When something happens, I want to be able to prove it wasn’t my fault.” That’s not what you want. You want something like that to not happen. You don’t want people to put their head in the sand or have a policy that says everyone’s going to use our equipment and now only worry about that. People are violating policy and we need to meet them where they are, because you really just want to not have an incident.

NACD: Tools and resources to help guide you in unpredictable times.

Become a member today.

Plastic and Recyclability Litigation: Best Practices to Minimize Risk

With a growing trend toward taking more ESG measures, some companies are at risk of lawsuits from consumers involving plastic packaging. Here are some best practices boards should know about to mitigate the risk of litigation.

In a recent trend, citizen advocates and environmental groups have been filing lawsuits asserting novel theories against major companies that use or rely on plastic, even if the companies do not produce plastic products or are not involved in the disposal of plastic products. The disruptive increase in plastic-related environmental, social, and governance (ESG) litigation is poised to affect companies in virtually all industries—including technology, manufacturing, food, retail, and transportation—because environmental organizations are targeting companies that use plastic anywhere in their supply chains. Boards of directors need to be aware of the very real risk that their companies can become targets of lawsuits, even if the companies’ use of plastic is ancillary to their actual business. The steep increase in lawsuits against companies suggests that recyclability and other plastics-related litigation is only going to continue to increase and may even reach the proportions of asbestos, tobacco, or opioid litigation. Below, we summarize recent developments and provide advice on what directors can do to mitigate the litigation risk posed by such claims.

For the last few years, plaintiffs have used consumer protection laws to pursue environmental claims against companies that use plastic packaging for their products, alleging that the companies misrepresent the environmental impact or the recyclability of such packaging. Even companies dealing only at a very attenuated level with plastic have been the subject of such lawsuits, such as pharmacies (for their use of reusable plastic grocery bags) and cargo and freight companies (for packaging and shipping plastic material that supposedly pollutes local environments). Plaintiffs have also claimed that, even if a product technically can be recycled, references to recyclability are false—or at least misleading—because the plastic recycling process is often ineffective, a fact of which the consumer products industry is well aware while average consumers are not. This was the plaintiffs’ argument in Smith v. Keurig Green Mountain, Inc., which arose out of Keurig’s sale of disposable coffee pods, some of which were labelled “recyclable.” Plaintiffs alleged that, although the pods were capable of being recycled, they were not recyclable in a practical way because municipal recycling facilities were unable to separate small materials like the Keurig pods. In February 2022, Keurig and the plaintiffs entered into a $10 million settlement by which Keurig agreed that it would refrain from labelling its pods as or otherwise claiming that its pods are recyclable absent qualifying language.

The upward trend in lawsuits based on recyclability is likely to continue. In 2021, California Governor Gavin Newsom signed Senate Bill 343 (SB 343), which prohibits the use of symbols or other claims suggesting recyclability, including the chasing arrows symbol, on any product or packaging that fails to meet strict recyclability criteria. Penalties may be imposed for violations. The latest reforms under SB 343 could result in investigations by government entities, including the California attorney general, and consumer groups. Other states have started to enact similar legislation, including Illinois, Oregon, Connecticut, Maine, Hawaii, and Maryland, among others.

Best Preventative Practices

In light of these trends, corporate boards should take steps to reduce the risk of ESG litigation in connection with their companies’ plastic recyclability labelling and use of plastics within their supply chains, including by doing the following:

Prompt management to oversee or assign oversight of the use of recyclability labelling on all products, including product packaging. Increase accountability for any misalignment in representations or other statements regarding recyclability and the recyclability criteria in the jurisdictions in which the product is sold or distributed.Review all corporate ESG statements at the board level. Maintain communication with management to ensure that both formal and informal statements (including investor communications) with aspirational language cannot be misconstrued as false or misleading. Any public statement or disclosure can create the risk of liability and should be carefully vetted.Stay updated on evolving legislation in this area, such as California SB 343. Given current trends, similar legislation may arise in various other jurisdictions, so it is important to be prepared and keep abreast of the impact of the changing legal landscape. Consider evolving definitions of what is “recyclable.”

As the volume of plastic-related lawsuits against businesses continues to increase, it is growing more important for  boards to become involved in overseeing and helping mitigate the litigation risks that have arisen or may arise in the future.

Mark Goodman is a partner and Christina M. Wong is an associate at Baker McKenzie. Summer Associate Michelle Leonard, a juris doctorate candidate at the UCLA School of Law, also contributed to this article.

NACD: Tools and resources to help guide you in unpredictable times.

Become a member today.

Talent Remains a Top Concern for Boards Ahead of Growing Inflation, New Report Finds

NACD released findings from the 2022 NACD Public Company Board Practices and Oversight Survey in late June. Despite many pressing economic and political challenges, the competition for talent remains at the top of many directors’ lists of key trends for the next 12 months.

The increased competition for talent tops the list of issues of concern for responding public company directors for the second year in a row while the next two highest-ranking issues, “growing inflation” and the “uncertain pace of the economic recovery,” highlight growing economic concerns.

“Each year, our Board Practices and Oversight Survey reveals trends that are driving public company directors,” said NACD president and CEO Peter R. Gleason. “The changes companies have endured this year have had broad impacts on board members. The disruption in the workplace has created pressure on management, which has resulted in more time and oversight required from boards.”

Below are other key trends from the 2022 Public Company Board Practices and Oversight Survey.

Boards get organized and formalize their oversight of human capital. Human capital is a growing point of focus on the boardroom agenda, and many boards have begun to formalize their governance structure, processes, and practices to oversee this critical asset. For example, a majority of boards now discuss an enterprise-wide talent development strategy (68 percent, according to survey respondents) and a majority of respondents indicate that their boards discuss human capital strategy on a more regular basis as a recurring agenda item (57%).

These discussions are perhaps a precursor to more targeted practices adopted by leading boards, such as delegating human capital oversight to relevant committees (43 percent of respondents’ boards do this) or communicating reporting expectations to management (45%). Human capital oversight is most likely to find its home in compensation committees (57%), which is increasingly transformed into a human capital committee with oversight over a much broader array of talent-related concerns.

Faced with increasing cyber risk, directors warm to the idea of adding a cybersecurity-savvy director to their boards. Eighty-three percent of respondents indicate that their boards’ understanding of cyber risk has significantly improved compared with two years ago. Yet, amid the growing speed and sophistication of cyber threats, as well as the increased scrutiny of regulators, directors increasingly see a benefit in adding a cybersecurity-savvy director. Forty-two percent of respondents indicate that recruiting a cybersecurity-savvy director would benefit their boards, compared to 36 percent of public company respondents saying the same last year.

Environmental, social, and governance (ESG) oversight is forming and norming at most boards, yet challenges remain. This includes efforts to improve board reporting (70 percent of respondents say that their boards are doing this) and delegating ESG oversight tasks to specific committees (64%). Yet, developing clear ESG priorities presents a major barrier for boards and management teams. Forty-four percent of directors indicate that the lack of uniform disclosure standards presents the greatest challenge to the oversight of ESG issues. Feeling the pain of their management teams, boards find themselves grappling with defining what the E, the S, and the G mean for their companies. Respondents indicate that defining scope (23%) and materiality (9%) are among the most challenging aspects of ESG oversight.

Most directors indicate improvement in their boards’ understanding of diversity, equity, and inclusion (DE&I) issues. Nearly 3 in 4 boards (74%) now receive key DE&I metrics from management and 69 percent hold discussions on their organizations’ DE&I priorities. These practices enhance the understanding many boards have of DE&I within their organizations, but much work remains. Fifty-eight percent of respondents indicate that their boards’ understanding of DE&I issues has significantly improved compared to two years ago when the social justice movement, sparked by the murder of George Floyd, intensified rising societal and investor expectations. Similarly, 59 percent of respondents agree that their boards understand how DE&I is connected to other board issues such as strategy, human capital, and technology. But only 29 percent of respondents have moved beyond traditional human capital issues to discuss DE&I issues in relation to vendor selection, supply chains, and corporate purpose.

Discussion of climate change has increased at most public company boards. Fifty-four percent of public company respondents indicate that the frequency of climate change discussions increased on the board agenda in the last two years. For 37 percent of those indicating discussions have increased, the main factor prompting increased discussion was the perceived relevance of climate change to the long-term growth prospects of the business. Twenty-five percent stated that disclosure requirements were the primary driver. As director awareness of issues related to climate change increases, and as it is figured into more board discussions, it is likely to become more of a key consideration in strategy, risk management, executive pay, accounting, and reporting of performance.

Quality of board discussions is seen as the most important driver of board performance. More than half of public company directors (57%) rate the quality of board discussions as the most observable indication of board performance. Quality input from management was the most widely selected key driver of exceptional board performance, identified by 59 percent of respondents.

While boards are growing more accustomed to discussions about less traditional areas of focus and are modifying board operations, structures, and agendas to meet this new reality, they’ll be keeping their eyes on the competition for talent, growing inflation, economic recovery, increasing pace of digital transformation, and changing cybersecurity threats in the year ahead.

NACD: Tools and resources to help guide you in unpredictable times.

Become a member today.