1. Greater director and adviser independence
A director or professional adviser can be formally independent, and yet “captured” inside the boardroom. Forms of capture reported to me include social relationships, donations, jobs or contracts for friends, perks, vacations, office use, director interlocks, supplier or customer relations, and excessive tenure and compensation. Look for more regulators implementing term limits and moving towards an objective standard of director independence. Look for activists going into the background of directors to demonstrate the capture.
Boards can protect themselves by terminating any director or professional adviser who cannot be reasonably seen, by directors themselves and more importantly by an outsider, to be independent from management in their oversight and assurance roles. Assume what boards know internally is what is, or will become known externally.
2. Better board composition and diversityPressure:
Regulators are moving towards prescribed competency matrixes; the production of curriculum vitae (not perfunctory short bios); and interviews with directors and oversight functions to determine whether these individuals are fit for purpose.
Competency, diversity, and behaviour matrixes should flow from the purpose of the board and the strategic and oversight requirements of the company. The diversity policy should extend the prospective director pool to previously unknown directors and who may be joining their first board. Tenure limits and excessive directorships (beyond two) should be capped (the average board position is 300 hours). Director evaluation should occur by the nominating committee and its independent adviser, not management.
3. Risk governancePressure:
Plaintiff’s investor lawsuits and proxy advisory firms are targeting directors at risk for oversight failure. Regulators are imposing onerous risk coverage requirements on directors that require oversight of internal controls, risk-takers, and limitations. Lack of understanding of social media, bring your own device, and cyber security are contributing to enormous investor loss and brand impairment, as an example of technology risk.
Boards should now have directors possessing risk expertise and the identity of these directors should be disclosed. Every company should board approve a risk appetite framework, including internal control reporting and independent, co-ordinated, assurance over controls mitigating each risk and their interactions. Annual third-party reviews should occur, reporting directly to the board and audit and risk committees.
4. Compensation governancePressure:
Media and public pressure over the quantum and alignment of executive pay have resulted in regulation over: compensation committee and adviser independence; say-on-pay; proxy advisers; and pay ratios; but not over pay-for-performance (most important) and clawbacks, yet.
Boards should engage directly with long-term, major shareholders on their pay plans, without management influence. Clawbacks should be restructured or implemented based on risk management and ethical failure, not fraud, using an independent adviser, not management. The board should approve key performance metrics based on an explicit full business model invoked from the strategy.
5. Greater shareholder accountabilityPressure:
Look for activism to grow unabated, and institutional shareholder and even regulatory support of proxy access in 2015, giving greater control to shareholders over director selection and removal.
Camera-ready boards should implement private, candid, executive session meetings with major shareholders to discuss governance, risk, pay, and value creation. Investors and boards should focus on company performance in comparison to peers, and superior governance that exceeds the minimal. Independent governance auditors should be retained to provide an activist point of view, ahead of a possible attack.
6. A focus on strategy and value creation focusPressure:
Activist and, increasingly, good board focus is on the value creation plan, monitoring, and holding management responsible for its achievement. Complacent or inexperienced boards incapable of directing an under-performing, ineffective, or inefficient management team are being targeted. Excessive or non-performance based compensation is a red flag for governance intervention.
Good boards are becoming focused, results-oriented, and disciplined. Agendas and committee structures are being revised to focus on strategic primacy and value creation. Robust debate of the plan is the primary board agenda item each meeting, and strategic practices are adopted, such as at least one presentation each meeting from key personnel below the senior level, on that person’s role in the value maximization plan.
7. Information technology governancePressure:
Rapid technology advancement has created opportunity and risk. There is profound technological ignorance by many or most boards that is creating an inability to direct and oversee management. Cyber security, bring your own device, and social media are just three IT risks that have deficient or non-existent internal controls, which in turn cause privacy breaches, reputational damage, and significant investor loss. Plaintiff’s lawyers are suing boards, correctly alleging breach of duty of care.
Boards should be IT literate, agree on the standard and platform, and direct management to have an action plan and target date for implementation, covering crown jewels; assuming penetration; and including internal controls over behaviour and human error. Scenario testing, mock attacks, and expert assurance should be board-reported.
8. Board performance auditsPressure:
Regulation, activist, technical, and public pressures are augmenting the objective standard of care for directors. Director action (or inaction) will be visible and risk liability or other loss post failure.
Good boards and regulators are moving towards independent, internal, and deep reviews over the board, risks, and internal controls, similar to financial audits. A well-chosen third party or independent internal auditor provides boards with advance warning on precisely where their vulnerabilities and weaknesses are.
9. Tone at the top — and now in the middlePressure:
Long arms of regulators are now able to hold boards vicariously responsible for fraud, bribery, and other forms of corruption at deep levels within and even interacting outside their organization. “Tone in the middle,” culture, and imprudent risk-taking are the new warning signs on which sophisticated boards are requesting concrete assurance, to ensure directors are not the last to know.
Resourced boards are instituting confidential and incented whistleblowing procedures; audits of internal controls over culture and reputation; and amnesty, among other best practices, to ensure bad news rises.
10. Boardroom dynamicsPressure:
Lastly, the board must gel as a team, and, as a team, control management. Any behaviour gap — undue influence, reliance, dislike, dysfunction, or even contempt — by one or more directors or managers, introduces information and oversight asymmetry that can and does lead to governance failure.
Good boards have behaviour matrixes and performance reviews that define and rate behaviours at the board table; have peer reviews and mentoring that develops and refines behaviours; and act on the results regardless of profile or tenure.
ConclusionThere has been more governance change occurring in the last five years than in a generation. Enron, WorldCom, and other implosions in 2001-02 are very different from the global financial crisis of 2008-09. There is a regulatory and investor appetite for broad and deep governance change. The above 10 changes and responses are touch-points for where governance change is happening the most. Boards and management teams are only about 40 per cent through digesting all of the above reforms, and there are more to come in 2015.
Richard Leblanc is a governance lawyer, academic, speaker, and adviser to leading boards of directors. He can be reached at [email protected] or followed on Twitter @drrleblanc.