Building Enterprise-wide Resilience in an Age of Permacrisis

Are we in an age of “permacrisis” that is characterized by extended instability, insecurity, and lurching from one pressing challenge to the next? Or does this overdramatize the events of today, downplaying the experiences of earlier generations? Even if permacrisis is too extreme a label, organizations still need to ensure that they are ready to navigate a lengthy period of turbulence and uncertainty in what is being touted as a low-growth, low-cooperation era.

The Global Risks Report 2023, prepared by the World Economic Forum in collaboration with Marsh McLennan and Zurich Insurance Group, reflects on the compounding effects of Russia’s invasion of Ukraine and the complex global recovery from the COVID-19 pandemic. These seismic events have triggered or exacerbated a cascade of near-term crises and set the frame for escalating risks that may harden into new structural realities over the next decade. Board members will need to challenge executive assumptions about what the coming years might offer and bring wisdom to the finessing of unavoidable trade-offs.

Recent headlines about the economy—whether there will be a recession, how deep it might be, and how long it might last—may be front of mind, with the International Monetary Fund, among others, softening the downbeat view of the global economy it was promoting at the end of last year, boosting the confidence of financial markets. But that is too singular and linear a narrative to frame the risk landscape, and organizations would do well to explore their exposures to two different kinds of risk as they assess how they are positioned for the future.

Examine the perils within domestic national fragilities and international economic relations. A protracted cost-of-living crisis could take social unrest and political instability to new levels. In Europe, vulnerable households are choosing between food and heating this winter; in low-income countries significant parts of the population have been plunged back into poverty, wiping out gains from the last decade. Soaring government debt in many countries is constraining welfare payments, health system reform, and investment in future infrastructure resilience. 

Societal polarization continues to be exacerbated by social media algorithms and active misinformation campaigns; trust in government competence and probity has sunk yet further.  National politics is highly divisive, with each new regime in democratic countries determined to undo the legacy of the last government as quicky as possible and tired illiberal regimes seeking new tools to hang on to power.  

Government postures oscillate between populist policies and unaffordable largesse on one hand and heightened surveillance, crackdowns, emergency laws, and support from foreign powers on the other. The likelihood of political violence and state collapse in weaker economies has risen.

Economic and industrial policy levers are being freely deployed in pursuit of economic protectionism and national security, and to constrain the development of rival states. As an instrument of offense, this is most visible in the sanctions imposed on Russian energy businesses, financial system players, and leadership; as a means of defense, it is also apparent in increased foreign investment screening, constraints on technology sharing, and deeper strategic economic alliances with pivotal partner countries.

Strengthened industrial policies that have both national security and economic protectionist foundations are spurring a new “arms race.” While incentives to onshore business activities are attractive, they may also inflate the cost of business, reduce the scope for supply chain diversification, and generate new risks from local dependencies. Moreover, rather than lowering the risk of foreign exposures, a protection-based system may make firms vulnerable to countermeasures in other markets.

Further into the future looms the prospect of more intense rivalry for natural resources, such as food and minerals. The extent of climate change and the level of commitment to net-zero imperatives, along with the degree of conflict in the geopolitical environment, will inform the likelihood of commodity price spikes, multi-resource crises, divergent levels of distress globally, heightened resource nationalism, and increasingly aggressive strategic contestation.

Encourage resilience as an enterprise-wide imperative. Crises of recent years have stretched definitions, imperatives, and opportunities for resilience. Directors should ensure that innovations and momentum acquired through the pandemic are not lost and that the discipline of resilience extends beyond assets and operations to embrace enterprise-wide behaviors. At the height of the pandemic, agility had its time in the sun, but being agile won’t always get you out of a supply chain crunch. 

Safety, security, and continuity questions for business operations remain ever important, but most corporate strategies would benefit from being subjected to tougher resilience assessments, noting that the current multifaceted turmoil may take the world in different directions. A look at corporate share price drops over the last year reveals plenty of firms that were hit by changing events, but also those that wildly misjudged what the future would hold.

The nature of the macro-level risks landscape and perils identified above argue for a continual re-evaluation of non-market forces, by which it is easy to be blindsided. In countries that are critical for raw materials, manufacturing, or sales, these might take the form of tougher regulations and standards (especially on climate transition and data privacy matters); ownership requirements; social license to operate expectations; technology transfer and personnel mobility constraints; and windfall taxes.

Many organizations have risk dashboards that provide a snapshot of individual exposures and concerns, and the likely effects of mitigation plans. But this does not necessarily provide a good view of responsive capabilities for complex multipart crises that demand a variety of levers to be deployed in combination. Board members may find it helpful to understand their organization’s maturity and progress toward greater resilience against the backdrop of a changing risk environment. 

Whether we’re in an age of permacrisis or not, we live in volatile times. The opportunities are tremendous, but there is no room for complacency.

Richard Smith-Bingham is an executive director at Marsh McLennan and a key contributor to the Global Risks Report 2023.

NACD: Tools and resources to help guide you in unpredictable times.

Become a member today.

Advance Notice Bylaws: A Brief History and Four Recommendations

The 2023 debut of the universal proxy card, following a US Securities and Exchange Commission (SEC) rule effective Jan. 31, 2022, making it easier for dissidents to campaign for a seat on a board, has inspired some boards to review and strengthen the change-of-control provisions in their bylaws or other corporate policies. One such provision is advance notice bylaws requiring shareholders to give timely notice to a company—in writing and in advance of the annual shareholder meeting—of their intention to submit proposals to nominate a board candidate or to vote on other matters. These bylaw provisions may also require advance notice of proposals on other matters, as long as the provisions are not in violation of the federal rule on proxy proposals (Rule 14a-8); this is a stipulation we see in The New York Times Co. advance notice provisions as updated in 2020.

What follows is a brief history of advance notice bylaws, followed by four recommendations to boards planning to adopt, amend, or defend them.

A Brief History of Advance Notice Bylaws

Directors of public companies are expected to represent the interests of all shareholders with due care and loyalty, but from time to time a company’s ownership base may include a small group of activists who believe that they can do a better job. These dissidents try to get themselves and their nominees on the board. A common way for them to achieve that goal is to wage a proxy fight by proposing a dissident slate for a vote at the next annual meeting. Advance notice bylaws give companies time to respond to such actions.

Advance notice bylaws have a long and distinguished history. They have been widely employed—and challenged—since at least the mid-1990s, when many companies adopted them in response to 1992 proxy voting reforms that empowered dissident shareholders in new ways. Now, more than two decades later, many, if not most, companies have advance notice bylaws. A Delaware judge in the 2020 BlackRock Credit Allocation Income Tr. v. Saba Cap. Master Fund case called them “commonplace.”

Challenges to advanced notice bylaws over recent decades have created a “density of jurisprudence,” as noted by the judge in the 2021 Rosenbaum v. CytoDyn Inc. case. Adding to this density will be Politan Capital Management’s recent shareholder legal challenge to Masimo Corp.’s 2022 bylaw amendments, which has made headlines as it exemplifies a hot new trend. Some have expressed concerns that the Masimo case could lead to curbs. Such an outcome seems unlikely, especially in Delaware, where courts defer to board judgment. However, there could be movement by shareholders themselves to submit and win proxy proposals to ban all bylaw amendments made by boards alone (the typical case), without shareholder approval. A 2017 resolution at Automatic Data Processing received a majority vote.

Plaintiffs challenging advance notice bylaws have objected to overly long notice periods (e.g., 120 days rather than 60 days) or overly detailed disclosure requirements (e.g., proxy-length biographical info for dissident director candidates). Although such super-protective policies have been in existence for at least a decade (Masimo, the company undergoing a high-profile challenge, has had such a policy since 2013), they are now getting challenged in court more frequently because a higher number of dissidents are trying to get on boards via universal proxies.

In the Rosenbaum case, the judge upheld advance notice provisions, as did the court in the aforementioned BlackRock case and in the 2007 Openwave Systems v. Harbinger Capital case. The Openwave decision also warned that courts will resolve any ambiguity by the company in favor of the stockholder’s electoral rights. An outlier in this series of pro-bylaws cases was the 2008 JANA Master Fund, Ltd. v. CNET Networks, Inc. case. In this case, the court put some restrictions on the use of advance notice bylaws, without forbidding them altogether.

Four Recommendations

First, boards must understand that they have a right to institute advance notice bylaws. If boards do not get adequate advance notice of shareholder intentions, they lose the opportunity to engage in focused dialogue on the issue in question, whether it is a director nomination or another matter. The universal proxy rule effective for this proxy season already requires a dissident to “provide the registrant with notice of the names of its nominees for director 60 days before the anniversary of the prior year’s annual shareholder meeting,” with adjustments if the time of the meeting has changed. Many advance notice provisions (both those adopted before this rule and after it) simply lengthen this timeframe. This makes sense because the information sought in such policies is necessary for all shareholders to know.

Second, advance notice provisions should be created in advance of any proxy fights with the help of legal counsel expert in current bylaw trends. A Sidley Austin article cautioned that these should be prepared on a “fair day” rather than a “rainy day” lest courts impugn them as mere devices of entrenchment.

Third, companies should be prepared to explain and defend their policies. The SEC issued guidance in December 2022 addressing the situation of a company that is sued over its advance notice bylaws. The SEC says that companies must make certain disclosures about the litigation and the possible ramifications, and should be prepared to change the date of the annual meeting if it cannot give shareholders enough notice.

Finally, while boards can demand transparency, they must also provide it. Advance notice bylaws exemplify a demand for transparency from dissident shareholders, because such bylaws request factual information about an important matter, be it a potential board member or another matter coming up for vote. Conversely, however, boards must also be transparent, constructing their bylaws in plain English without any ambiguity.

Given their long history, advance notice bylaws are highly unlikely to be declared illegal overnight by a judge. The court’s decision in Masimo and similar cases may, however, provide guidance on writing advance notice bylaws that can withstand judicial scrutiny.

Disclaimer: NACD does not provide tax, legal, or accounting advice. This material has been prepared for informational purposes only and is not intended to provide, and should not be relied on for, tax, legal, or accounting advice. For such advice, readers should consult their own tax, legal, and accounting advisors.

Alexandra R. Lajoux is the chief knowledge officer emeritus at NACD.

NACD: Tools and resources to help guide you in unpredictable times.

Become a member today.

ESG-Linked Reputation Risk Strategy Requires Authentication and Communication

If you oversee an effective reputation risk strategy process, but no one knows it, is it actually effective? This is a vital question boards of directors, senior executives, and risk professionals need to ask themselves in this era of enhanced regulatory enforcement.

We now understand more than ever about corporate reputational risk—how to define it, assess its potential impact, and mitigate it—to build reputational resilience, which is valued by investors. We now know, for example, that reputational resilience is the benefit companies earn by prevailing favorably in the competition for the minds of stakeholders. We know this depends on the degree to which actual corporate performance aligns with stakeholders’ expectations. This is as true with environmental, social, and governance (ESG), compliance, disclosure, diversity, political acumen, and other reputational issues as it is with financial performance. 

We know that marketing and communications strategies can manage expectations, but if they are not integrated into enterprise-wide risk management and governance, they can backfire. Incredulous stakeholders will see greenwashing, bluewashing, graywashing, noncompliance, and possibly even non-constructive obstruction.

On the other hand, a study conducted by Steel City Re found that when a crisis allows stakeholders to discover that a company has a robust, authenticated reputation risk strategy, they reward it with a reputation premium, or a higher stock price relative to its peers. Even more compelling, the study found that when companies proactively communicate with stakeholders about their processes and they are authenticated by third parties before any crisis transpires, they gain an even greater stock price premium. The average equity boosts are 5 and 9.3 percent, respectively.

Authentication of the reputation risk management process and communication with stakeholders are key, but these are elements that have been missing from most of the conversations in corporate boardrooms about reputation or ESG-related risk. At the 2022 NACD Summit, we surveyed a group of directors on what they thought comprised an effective reputation risk management and governance process. At first, only 20 percent said it would include management, the board, intelligence gathering of stakeholder expectations, and strategic value protection through a combination of third-party authentication, such as insurance, and communications.

By the end of a presentation titled “Taming the ESG Beast and the Stakeholder Risk de Jure… du Jour,” 66 percent said they favored a demonstrably effective, insurance-authenticated system, fostering thoughtful management and dutiful governance over all that was mission-critical. In other words, for a company’s process to have the desired result, it must not only be effective, but demonstrably effective. And that requires authentication, which is best communicated through insurance, whose very existence needs to be communicated strategically.

Communicating the existence of an effective authenticated management and governance system builds reputation resilience by hardening a company’s defenses. It both deters attacks by regulators, activists, and investors and puts the company and its board in a strong position to defend themselves among these stakeholders and employees, vendors, and social license holders if adverse reputational incidents occur. 

That’s where marketing, communications, investor relations, government affairs, and other externally facing professionals come in. Even if a highly visible public marketing and communications campaign is not justified, it is likely possible to engage in a careful, targeted, quieter effort to inform a more limited number of influential stakeholders, such as analysts, bond raters, and regulators. How to mount such a campaign to the company’s best advantage requires its own strategy discussion.

The simpler the story the better. Being able to point to third-party authentication is tremendously valuable. Reputation insurance, the underwriting of which is designed to assess the completeness and thoughtfulness of the risk management and oversight process, is the only form of authentication that also brings with it the conviction of actual financial risk transfer. Parametric insurance, which bases claims on a series of objective, measurable metrics, is easy for stakeholders to understand and prevents the company from having to do a deep dive into aspects of its process during every presentation.

Overseeing reputation risk strategy, particularly the parts linked to ESG, is weighing heavily on boards where climate change, environmental stewardship, social justice, and dutiful governance are mission-critical issues to ESG-focused investors. Marketing executives and risk strategists are seeing their remit expand to include reputation risk strategy, but often without the necessary tools to meet the challenge without creating additional risk—especially with the politicization of nearly everything.

Reputation strategy cannot be consigned to a silo. Building resilience requires more than traditional enterprise risk management and more than aspirational communications. In the opinion of two-thirds of directors surveyed, it requires a demonstrably effective, insurance-authenticated system, fostering thoughtful management and dutiful governance over all that is mission-critical, and that it is communicated strategically. 

Reputation resilience is a source of value, not a philosophical abstraction. As the United States approaches a potential recession in 2023, there’s no better time for boards to shore up their companies’ reputational resilience by publicly authenticating and communicating their reputational risk governance processes.

Nir Kossovsky is CEO of Steel City Re. Denise Williamee is Steel City Re’s vice president of corporate services. 

NACD: Tools and resources to help guide you in unpredictable times.

Become a member today.

Leading Directors and Experts Reflect on 2022, Discuss Top Business Trends to Come

When you ponder the year ahead and all the trials it will bring, a potential recession as well as supply chain and talent troubles may come to mind. To prepare for these issues and more 2023 trends, NACD gathered experts and board members at the Leading Minds of Governance event on Dec. 13 in Scottsdale, Arizona.

Greg Griffith, senior director of partnerships and corporate development at NACD, moderated the event. Dayna L. Harris, a partner at Farient Advisors; Vada O. Manager, CEO and founder of Manager Global Holdings, a principal and board member of Think TRUE, and a board member at Helios Education Foundation and Valvoline; Debra McCormack, managing director, global board effectiveness and sustainability lead at Accenture; Karen A. Smith Bogart, the president of Smith Bogart Consulting, chair of the Fielding Graduate University board of trustees, and a director of Michelman, Mohawk Industries, and the NACD Pacific Southwest Chapter; and Warren de Wied, a partner at Fried, Frank, Harris, Shriver & Jacobson, served on the panel. Below are key questions and answers from that conversation.

What have you seen, from the last recessions that we’ve had, that corporate [boards] need to do to get through this [potential] recession?

de Wied: History tells us that a financial crisis comes along about every eight to ten years. Companies sometimes forget that bad news may be just around the corner—and we went through an unusually long financial boom. When there’s a reset, certain fundamental values come back into vogue, values that people may abandon during a boom economy, values like balance sheet flexibility, profitability and free cash flow, disciplined M&A [mergers and acquisitions], and not over-leveraging the future. These are lessons that we often seem to have to relearn as the cycle turns, but a well-functioning board anticipates the possibility that things go in a different direction and builds flexibility into its planning.

What we’ve seen in the in the past few months is something of a pullback from ESG [environmental, social, and governance]. It’s important to have a focus on employee issues, on climate risks; indeed, you must have a focus on these areas because they impact the bottom line, they impact the basic functioning of companies. But what you see when the business environment changes is that companies still have to put profitability first. In the last few months, companies have shown that that’s the case. They’ve scaled back ESG programs, and of course we have seen significant workforce reductions, in some cases companies have let ten thousand or more employees go. Companies always have to balance their ESG objectives with the economic realities of business.

The keynote of all of this is that companies need balance; they need balance in their financial and operational execution, they need balance in their social focus. When you get out of balance, usually, something to the downside happens.

When should boards get involved in social and political issues that might affect their businesses, and why?

Smith Bogart: Companies have stakeholders, and therefore they need profitability to reinvest in the firm and invest in the strategy. They need to be clear about what are the critical elements of the strategy and their values and commitments and use those for determining when they want to engage. Often the place where they can make a big impact are with the non-glorious, the non-glamorous issues. I’ve seen companies get actively involved in municipal issues around the funding of bus systems so their employees can get to work. It’s not glamorous. But it’s critical to manufacturing operations, for instance. Other issues where companies have gotten very involved is working with different states around apprenticeship programs, re-training programs that are critical for the capability of the company. I think where companies get into trouble is when they lead with the latest issue, they lead with latest fad, and they’re not germane to the fundamental strategy of investments and where the company’s going short term and long term.

What are the top three governance issues on the minds of directors?

Manager: The bedrock issue… is to really determine and monitor and measure risk. There’s been a fair amount of reexamination of Caremark. For example, with Boeing [the courts] allowed a Caremark issue to go forward because of the duty of safety and duty of care failure. On the other hand, there were a couple other cases that they allowed duty of care to stay in place because they wanted to apply a gross negligence standard versus another standard. That’s something we need to constantly keep in mind and watch. It’s not going to be one-size-fits-all in duty of care….

Second is this issue of ESG [environmental, social, and governance] in the world of corporations. We saw that play out at Disney in a big way in Florida, the governor, officials getting involved. We have a new congress coming in…. ESG covers a wide category and directors can still discharge the responsibilities of ESG [and] make progress on those issues without falling into the traps and some of the issues around stakeholders; our shareholders, in many cases, are putting more measures and standards and expectations with regard to ESG before corporations.

Third… is universal proxy, and how that is also changing the landscape of how directors are being selected…. As you may have even seen and read in different publications and different research and analyses, shareholder actions are up… as a result of the adoption of it, which went into place somewhere around August of 2022. The threshold is lower; it allows individual directors to be more targeted for removal than it does whole board slates under the old system. This is something that we all have to look at as well. It’s even allowing smaller players; your Icahns and your Elliotts aren’t the only players in this anymore.

What are the… key things for your customers and clients to implement in 2023 to work more efficiently and effectively?

McCormack: Board evaluations. Who is doing them? How are they being done? Are you having your individual directors evaluated? This is something that you’re hearing the proxy advisory firms talk about, this is something you’re hearing the investors talk about. We’ve seen that the disclosures around board evaluations have been going up; 60 percent of the S&P 500 reported that they have actually now done a board evaluation and they mentioned specifically that they’ve covered the board, the committees, and the individuals and they’re finding at the group discussions that it’s not good. There’s a lack of true, inspired, down and difficult discussions that you can have when the full group is there. It’s getting the board members one-on-one and having that discussion. How was your performance? How do you think your committee did? What do you think we could do better as a board?

By the way, 49 percent of the board members that were interviewed said that they think one person on their board needs to go away, 19 percent said two people need to be kicked off the board, and 4 percent said three or more need to be kicked off the board. Are you being honest with one another during the evaluations? Are you truly taking a step back and asking if the skills and competencies of the individuals on your board are the skills and competencies that belong for where your strategy is going tomorrow? We’re finding that it’s a difficult time…. It’s really hard when this person is your friend to say, “You know what, I don’t know that you’re right for the board any longer.” When we have that feeling, are we also saying, “Gosh, we shouldn’t be on the board any longer”?

How should compensation committees build a more resilient compensation program based on the unexpected nature of what’s going on in business?

Harris: What a resilient program consists of is several things besides a short-term incentive that allows you to be setting your goals every year for that which is coming down the pike that you can foresee far more easily. The long-term incentive plan ought to be established in a way that allows it to work both in good times and in bad times. That often means a combination of long-term incentive vehicles. Something like your performance stock, performance share units that are highly performance-focused [where] you require certain performance measures in order to have any of them vest and at the same time [that are] balanced with something like restricted stock units or something that has a significant retentive power and is tangible, and that actually works when times are bad. It’s better to have these things set up in the first place, rather than as you approach what you think is going to be a recessionary environment. You’re suddenly scrambling to change and say, “Oh, by the way, we want to add restricted stock to our program when we never had it before.” Then your proxy advisors and investors may say, “Well, why are you doing that? You were so focused on performance.” […]

If you have something that’s not necessarily an objective and quantifiable measure is there something that you can do to ensure that in an environment where you don’t achieve your financial goals, you’re not paying out way above target on your strategic measures? For a resilient program you would think about that. You might have some type of a governor that applies to those strategic measures, something that says our earnings need to be a certain level for us to pay above target in that kind of an environment, when, in fact, perhaps management has knocked the lights out with respect to those strategic measures.

NACD: Tools and resources to help guide you in unpredictable times.

Become a member today.

Business Transformation: Change Is an Opportunity to Reposition for Growth

For better or worse, the COVID-19 pandemic has served as an incredible catalyst for business change. All businesses have been forced to transform to a greater or lesser extent to meet new market realities. As the economy recovers from crisis, the rationale for transformation is shifting. 

Boards of directors have played a much more active role in many organizations of late, given the rapidly changing requirements that these conditions have necessitated. Board members are now asking the following questions: What’s the right role for us to play going forward in support of continued business transformation? How active should we be? These are important questions to entertain as the “new normal” ensues.

A business transformation includes four key steps:

Set an outsized vision.

Design a strategy.

Develop the operational plan to ensure delivery.

Align the organization’s people to perform.

It sounds simple, but this requires certain organizational capabilities that the board can, and should, help oversee in support of management. To ascertain whether these capabilities are in place, directors can ask themselves the following questions.

Is the right CEO in place? One of the most critical actions of the board is selecting the CEO. When major transformation is required to achieve an ambitious growth goal, the question the board must address is, Do we have the right CEO in place with the right mind-set to ask the right questions, push for the right change, and rally the organization to deliver? When big change is required, it’s important to have a CEO who questions the status quo, outlines a clear vision, and implements a plan to achieve that vision. Incumbent CEOs can be reticent to take bold action and if that is the case, the board should act. Analysis of successful transformations indicates that those companies that were best able to transform had a new CEO. As an example, when a recent CEO transition was required for an international cruise line, the board reflected on the changes in skill and experience required as a result of the pandemic’s impact on the business’s financial requirements, which became the key rationale for promoting the chief financial officer to the CEO role.

Is the strategy sound? And just as important, is the board confident that the organization can execute the plan? Aligning on the strategic direction of the business is the second most important role the board plays. Playing an active role with healthy skepticism to inquire, test, and provide experienced views are all important actions the board should take to ensure the strategy designed by management is ambitious enough to achieve and sustain long-term success and create value. Gone are the days where the board simply ratifies the strategy that management brings to the boardroom. In addition, board members can and should explore how realistic it is that the plan can deliver on the strategy. Is there focus on the critical few initiatives that will make a difference? Are the metrics right to tell the story of performance? Has the management team ensured that the right talent is in place and the culture is one that supports truth telling so that when challenges arise, they are transparent?  

Consistent dialogue with management about “how it’s going” is important to sustain an understanding of progress against the plan. When the dynamic between the board and management is healthy, board members are deeply versed in the strategy and operational performance of the business while maintaining the appropriate oversight role and avoiding “running the business.” Prior to the pandemic, boards had struck a balance between these two critical business domains. That said, boards would rely on senior management to deliver both the strategy and execution planning. While still true that that is senior management’s role, what the pandemic taught us is that to remain too distant from strategy design and execution planning means that the board risks losing the opportunity to provide valuable counsel and avoid business risks. To take advantage of this opportunity, board members must be better informed and more active in understanding the business they support. 

Have we identified the risks? Big change implies the possibility of new risks. The board needs to be prepared to help identify, understand, and plan to mitigate new risks as part of the change process. 

The chair of a board of a leading hospitality company made a conscious decision to recruit new board members with well-defined disciplines. These new recruits were high-powered people; one was an existing CEO, and others were in finance and marketing. They brought both experience and healthy skepticism. The chair knew these were critical disciplines for what the business was going to face and the talent internally that had to grow. These experts knew the right questions to ask senior management to design a strategy that minimized risks and maximized growth.

Will people have the ability and willingness to align with the change? If these last two years have taught us anything, it is that people vote with their feet. If they do not align with the vision or participate in the change because they don’t see themselves in it and feel successful in the execution, they will move on. The board should ensure that there is a strong plan for change and a relevant plan for talent. This builds confidence and the likelihood that the right people are in place and can be encouraged to stay in place when it matters.

Boards have traditionally paid attention to talent at the top. But employee engagement and culture—and its implications on talent and retention—require the board to be engaged on what management is planning in this regard. Many organizations are woefully weak on how they report this to the board, mostly because it’s been considered management’s sole responsibility.

The pendulum of power is swinging back to the employer, thanks to recent layoffs and remote jobs shrinking. While this will have a positive impact on employee retention, the challenge becomes keeping the talent that will make a real difference in your business plan. This retention will be determined by the environment senior leaders are creating. The board can have an impact by asking the following questions:

What specifically is our transformation?

What do we want the culture to look like?

What behavior changes are taking place, and does this pose a talent risk?

How is the senior leadership team going to put in place a plan to mitigate risks?

While delicate, these issues must be explored by the board. A business transformation marks a fundamental change in how the business operates.

It’s important to recognize that the board’s role in transformation should be active, thoughtful, and ongoing in support of long-term value creation. Being clear and aligned as a board and with management on these key activities will ensure constructive and productive board engagement.

Deborah Brecher is president and managing director of Tandem Group.

NACD: Tools and resources to help guide you in unpredictable times.

Become a member today.

Artificial Intelligence: The New Frontier for Board Oversight?

Artificial intelligence (AI) is a vital part of transacting in the global economy. Whether it is used to automate manual processes, to bolster cybersecurity defenses, or to power complex search algorithms, AI has become a necessity for many corporations. Although it can provide competitive advantages, AI may also pose regulatory and reputational risks. Not surprisingly, over the last few years, courts, legislatures, and government agencies have focused on these risks.

For example, in a set of highly publicized hearings, the US Congress examined whether search algorithms used by certain technology companies operate with learning biases. More recently, the US Securities and Exchange Commission took enforcement action against an asset manager for, among other things, its use of algorithmic trading software. Other companies are facing mounting scrutiny over their use of biometric data in machine learning.

As AI evolves, so do the legal questions it raises. Directors of companies at which AI is a meaningful part of the business model face a complex dilemma: How can they ensure appropriate board oversight over technology that is designed to run autonomously? Some foreign regulators, including the Monetary Authority of Singapore, the UK Financial Conduct Authority, and the Hong Kong Money Authority, have expressed the view that directors are obligated to oversee AI-related risks. While in the United States regulators have largely remained silent about the scope of the board’s role with respect to AI, state and federal governments have signaled an interest in regulating the use of AI technology. For example, New York City lawmakers have enacted legislation restricting the use of automated employment decision tools. At the federal level, the Federal Trade Commission announced an advance notice of proposed rulemaking earlier this year that, among other things, solicits input on regulating algorithmic decision-making. More recently, the White House issued the “Blueprint for an AI Bill of Rights,” recommending that private sector companies adopt AI risk identification and oversight systems.

Even as the regulatory landscape remains in flux, boards of companies where AI is a substantial part of the business model may wish to consider how AI impacts their common law fiduciary obligations. Delaware’s Caremark duty of oversight in particular requires that directors institute and monitor systems to detect and remediate potential risks to the company. Although legal claims involving alleged Caremark violations are notoriously difficult for plaintiffs to litigate, recent Delaware Court of Chancery decisions emphasize that to survive Caremark scrutiny, boards must actively oversee “mission-critical” risks. But few decisions discuss how AI impacts board oversight. Those that do provide limited guidance.

One recent Delaware decision involves SolarWinds Corp., a software provider. Stockholders sought to hold SolarWinds’ board liable for alleged cybersecurity weaknesses that precipitated a cyberattack on its customers. In dismissing the case, the Court of Chancery characterized cybersecurity as a “business risk” protected by the business judgment rule. According to the court, an alleged failure to oversee ordinary “business risks” only becomes an actionable Caremark claim if the failure violates positive law. The court also suggested that the board had not breached any duty because it had defined cybersecurity oversight mechanisms.

Precisely what Caremark requires when AI-powered technology presents more than simply a “business risk” remains an open question. A 2021 ruling involving The Boeing Co. provides at least a partial answer. There, Boeing’s stockholders filed a derivative suit on behalf of the company, alleging that the board’s failure to oversee the safety of Boeing 737 MAX software contributed to two plane crashes.

In denying defendants’ motion to dismiss, the Delaware Court of Chancery opined that although the board had an audit committee for general risk oversight, it did not have defined board reporting systems to specifically address mission-critical aircraft safety.         

While it is difficult to predict how Caremark will continue to apply to AI oversight, existing case law suggests that generalized risk oversight mechanisms and reliance on ad hoc management reporting may not withstand Caremark scrutiny. Boards wishing to bolster their management of mission-critical AI risks may therefore consider doing the following:

Understand how AI is used in the company and the existing oversight mechanisms.

Ensure that the individual(s) overseeing AI have the appropriate skill set and resources.

Establish, in conjunction with management, internal controls for any mission-critical AI risks.

Institute dedicated reporting and board oversight mechanisms for any mission-critical AI risks.

For companies in which AI is a meaningful part of the business model, seek a board member who has familiarity with AI or, alternatively, engage independent advisor(s) to supplement the board’s skill set.

AI is undoubtedly a new oversight frontier for many boards. But as AI continues to drive business decisions, it may be time for directors to evaluate its implications on their fiduciary obligations.

Sarah Eichenberger and Jonathan Rotenberg are securities litigation partners at Katten. Caroline Sabatier is a securities litigation associate at Katten.

NACD: Tools and resources to help guide you in unpredictable times.

Become a member today.

Ensuring the Credibility of Reported ESG Information

A tide of pressure for reporting on environmental, social, and governance (ESG) issues continues to gain momentum. Investors, in particular, are pushing for companies to incorporate a holistic mind-set to ESG in decisions that are made and related reporting. In the absence of regulations for reporting ESG-related information, the content and scope of ESG reporting are choices made by companies, with consideration given to who will use the information as well as how they will use the information. There is also flexibility, for now, with respect to how and where the information is presented. Some of this choice and flexibility will soon change as regulations are enacted to enhance trust and confidence in what is being achieved in relation to climate and sustainability goals.

New reporting regulations will be supported by frameworks and standards that are also being developed to support the required disclosures, globally (e.g., by the International Sustainability Standards Board) or jurisdictionally (e.g., the US Securities Exchange Commission’s expected new rules for climate-related disclosures), with much effort to ensure these frameworks and standards are developed in a timely way to meet the growing demand for ESG information. If not already providing relevant ESG information, companies will need to be ready to provide this information when any new regulations take effect.

A lack of regulation and legislation about required reporting on ESG has led to frustration for investors with inconsistent disclosures that make comparability hard and with questionable reliability of the data reported. While reporting frameworks and standards will enhance the comparability of ESG information reported, credibility of the information being reported will come from assurance. Regardless of the requirement for assurance, an opinion or conclusion from an independent practitioner on the ESG-related information will provide the credibility and trust in a company’s ESG information that investors and others seek.

But what does assurance on ESG disclosures mean for directors?

For some companies there will not be a choice about obtaining assurance on ESG-related information as some of the new regulations are expected to mandate assurance. Regardless, the following considerations will be relevant to boards that seek assurance:

Type of assurance needed. There are two options: reasonable or limited assurance. Regulation will in some cases stipulate the type, otherwise a decision about the type of assurance needed will need to be made considering all of a company’s stakeholders.

Costs. An independent verification of ESG-related disclosures will come with incremental costs. This includes direct costs of the engagement (paid to the practitioner providing the services) and indirect costs (including the time of company personnel and costs of other resources needed to generate the information). These costs are expected to be more significant the first year a company solicits assurance and can vary widely depending on the type of assurance as well as the depth and breadth of information provided.

What information is to be reported. The scope of what is being reported may not only depend on required regulatory disclosures, but also the ability of a third party to provide assurance on the disclosed information.

Governance. How can ESG be holistically incorporated into all aspects of the company’s governance principles, in particular to demonstrate a focus on “tone at the top” for ESG matters?

Processes and systems to generate the information. Thisincludes considerations about the source of the information, as well as adopting suitable criteria for developing the disclosures. Criteria are the benchmarks against which the information is evaluated and are essential for the conduct of an assurance engagement to ensure the information is complete, relevant, and reliable.

Controls. This involvesensuring adequate controls and related policies and procedures over the development of ESG information reported.

The third party engaged to provide assurance services. Using professional accountants who provide assurance services as part of their business will ensure that the individual has the essential skills, including sound judgment and expertise, to provide a quality engagement. Professional accountants will also use an accepted assurance framework that is commonly understood, such as International Standard on Assurance Engagements (ISAE) 3000, Assurance Engagements Other than Audits or Reviews of Historical Financial Information, or ISAE 3410, Assurance Engagements on Greenhouse Gas Statements, as relevant to the engagement. Other types of practitioners may be able to provide independent verification, but such engagements may not necessarily align with commonly accepted professional standards including a comprehensive system of quality control.

Timing. Timely efforts by companies will be needed to ensure that consideration is given to the needs of the assurance provider to be able to perform a quality engagement and report accordingly.

Considering the credibility of your ESG disclosures and how that can be achieved is becoming a crucial need of investors and other stakeholders, and an area that cannot be ignored.

Bev Bahlmann is a senior director in RSM’s National Professional Standards Group, focusing on technical communications.

NACD: Tools and resources to help guide you in unpredictable times.

Become a member today.