Directors at the embattled social networking giant face risk-scrutiny as they try to balance shareholder value and societal good.
With the U.S. elections looming, all eyes are on Facebook CEO and chairman Mark Zuckerberg and whether he has done enough to ensure that nefarious sources with fake accounts on the social networking site don’t derail democracy.
But all eyes should also be on Facebook’s board of directors, which according to the firm’s own corporate governance guidelines, “acts as the management team’s adviser and monitors management’s performance.”
Good corporate governance at a corporation has never been as critical as in the case of Facebook, which allowed 50 million Facebook profiles to be harvested by data analytics firm Cambridge Analytica and allowed fake accounts from foreign entities to proliferate on the platform, many part of an effort to influence voters. And in late September, Facebook announced yet another hacker breach, with an additional 50 million customer accounts compromised.
Has the board done enough given indications the November elections could still be impacted by Facebook’s bogus accounts? Is the company’s bottom line going to take a hit largely because of management’s security missteps?
Even bigger questions: What exactly is “enough” when it comes to corporate governance in this unprecedented scenario? Does the board even have the power to impact real change given that Zuckerberg has a majority vote and holds the position of chairman of the board?
Some critics say Facebook’s dual-class stock structure giving Zuckerberg majority-voting rights undermines the board’s effectiveness. Facebook officials counter the company has bolstered corporate governance and is on the right path.
Facebook’s directors face immense challenges, because “They’re right at the heart of so many changes in society,” says Ric Marshall, executive director in the environmental, social, governance (ESG) research team at investment research firm MSCI Inc.
“They’re riding a tiger, but they’re holding on,” he says about the board.
Facebook, he continues, “is still facing enormous risk, primarily in data privacy.” The risk, he adds, isn’t just the potential for more scandals; it’s also the potential for serious pushback from governments. “It’s entirely possible that if the board doesn’t manage those risks they will end up facing regulations that put the entire business model at risk.”
Indeed, a few state attorneys general are reportedly mulling possible regulations on Facebook and other social media companies, and last month, the U.S. Justice Department announced Attorney General Jeff Sessions “convened a meeting with a number of state attorneys general … to discuss a growing concern that these companies may be hurting competition and intentionally stifling the free exchange of ideas on their platforms.”
What’s happening at Facebook goes to the heart of the challenges directors deal with when it comes to risk oversight, and the need to sometimes put shareholder value second in order to protect the company and its role in society. And also there’s the question of whether a board has the power to make these tough choices when the company CEO and founder is also the board leader.
WhatsApp with Facebook & Privacy?
Jan Koum, the cofounder of the popular messaging service WhatsApp that Facebook bought in 2014 for about $20 billion, got a seat on Facebook’s board following the purchase.
In an April Facebook post, Koum announced he was leaving the social networking firm amid media reports that he and his cofounder Brian Acton, who left Facebook a year ago, were at odds with CEO Mark Zuckerberg and COO Sheryl Sandberg over privacy issues.
Last month, Acton confirmed in a Forbes article that Zuckerberg and Sandberg had tried to push the cofounders to find ways around WhatsApp’s end-to-end encryption.
A Facebook spokeswoman did not comment on whether that was the case, but she did point to comments Sandberg made to Congress during hearings last month on foreign interference on social media platforms: “We are strong believers in encryption. Encryption helps keep people safe, it’s what secures our banking system, it’s what secures the security of private messages, and consumers rely on it and depend on it.”
Acton has been a vocal critic of Facebook since his departure, even launching a Twitter campaign under the hashtag “#DeleteFacebook” in March following revelations that Cambridge Analytica had improperly used customer data. In the Forbes piece, he called Facebook executives “good business people,” but added, “they just represent a set of business practices, principles and ethics, and policies that I don’t necessarily agree with.”
How this has played out opens up the question of whether Koum, as a board member, raised any privacy concerns in Facebook’s boardroom. Facebook’s spokeswomen would not comment on whether he did.
Active disputes over company policy are common, says Charles Whitehead, a corporate law professor at Cornell Law School. “We don’t know if it was raised with directors in terms of company strategy but you would hope to see an active debate on how a company monetizes or chooses not to monetize the data they have.”
While Whitehead says there’s a lot we don’t know about what happened in the Facebook boardroom, it appears the key people at the organization were able to voice their opinions. “Ultimately, Zuckerberg ended up prevailing, presumably with the support of the board,” he adds, and given the CEO’s star power it’s no surprise.
“There’s always concerns when you have a dominant shareholder or dominant founder. They are so much a force within the company, and the world identifies them with the company,” he explains. “In those instances you can exert a lot of influence over the board, and push the board in a way you think is appropriate. That doesn’t mean you have a fiduciary breach. You just have a really big guy in the room.”
Upon his departure, Koum made no mention of any disagreements at Facebook despite reports to the contrary. In his exit post he wrote: “I’m leaving at a time when people are using WhatsApp in more ways than I could have imagined. The team is stronger than ever and it’ll continue to do amazing things. I’m taking some time off to do things I enjoy outside of technology, such as collecting rare air-cooled Porsches, working on my cars and playing ultimate frisbee.”
— Eve Tahmincioglu
Nora Chan, a Facebook spokeswoman, told Directors & Boards that changes have been implemented to bolster the board’s oversight and to root out fake accounts that impacted previous elections.
There are, however, indications the fixes may be too late for the November elections. This despite the company’s investments in security upgrades, which Zuckerberg has already said: “will significantly impact our profitability.”
Facebook sees its shortfalls as a function of the Herculean task at hand. “Security is not something that you ever fully solve,” said Zuckerberg during a press call in August. “Our adversaries are sophisticated and well-funded, and we have to constantly keep improving to stay ahead. But the shift we’ve made from reactive to proactive detection is a big change — and it’s going to make Facebook safer for everyone over time.”
“Over time” is apparently not in time for the upcoming elections.
Facebook’s former chief security officer, Alex Stamos, who left the firm in August, said it may be too late to protect the integrity of the upcoming elections.
In an August post he wrote for the Lawfare blog he blamed a host of factors for the ongoing issues, including “the fundamental flaws in the collective American reaction.”
Others point the finger at the Facebook boardroom.
“It is a deficiency in governance and board oversight,” maintains Julie Goodridge, CEO, NorthStar Asset Management, which holds $5.5 million worth of Facebook stock. “What’s going on at Facebook and what’s about to go on at Facebook is because the board didn’t do their homework around risk.”
Assessing and managing risk, adds MSCI’s Marshall, is the most critical contribution the board can make. “We look to the board for oversight, to create a balance between the creative enthusiasm of the CEO and risk oversight.”
Facebook’s governance steps
The company has announced a host of measures to mitigate the impact of fake accounts on the election process, and recent steps were taken to boost board independence. But as for whether the board did their jobs when it comes to election integrity, Facebook’s Chan declined comment or to provide comment from any of the company’s board members.
Some believe Facebook’s board, the majority of which were around before the data breaches occurred, is as much responsible for the missteps as management.
Lawsuits have already been filed against the company’s leadership, including the board, as a result of the breach, including one representing shareholders. The suit, filed in March by Cotchett, Pitre & McCarthy the Northern District of California, San Francisco Division, singles out six board members: Marc Andreessen, Peter Thiel, Reed Hastings, Erskine Bowles, Susan Desmond-Hellman and Jan Koum, WhatsApp CEO who stepped down from the board earlier this year.
That suit states that “the company’s executive management and board of directors consistently misrepresented to users and shareholders that it had a comprehensive privacy program in place, that it notified users if their information had been compromised, and that it required third-party developers to adhere to strict confidentiality provisions, much of which was misrepresented to shareholders.”
Facebook’s directors are now reportedly putting pressure on management to step up efforts. An article in the Wall Street Journal in September, citing a person familiar with the situation, reported that Zuckerberg was “urged by his board to be more proactive” and to “get control of its challenges.” In response, the CEO asked Sheryl Sandberg, Facebook’s COO, “to lead the company’s efforts to identify and prevent future blowups on the platform,” the article adds.
Chan would not comment on the Journal story. She did say the company has been proactive in fighting fake accounts and also bolstering corporate governance.
In June, Facebook updated its audit and risk oversight committee charter, she says. The updates provided clarifications for some of the risk oversight that the committee was already doing, including an annual cybersecurity review, and expanded the scope of the committee to codify annual reviews of things that had previously been handled on an ad hoc basis, particularly around privacy and data use, and community safety and security. The update also included changing the name to include the word “risk” to the audit committee.
And, she points out, two independent directors — Jeff Zients, the CEO of the multinational holding company Cranemere, and former American Express CEO Kenneth Chenault — were added recently.
Susan Desmond-Hellmann, CEO of the Bill & Melinda Gates Foundation, is lead independent director for Facebook. Her role is to help ensure that the board is acting in the best interests of the shareholders and to serve as a liaison between Zuckerberg, and the other independent directors, says Facebook’s Chan.
A spokesperson for Desmond-Hellmann said she was unavailable to comment for this story. But in the same Journal article quoted Desmond-Hellmann as saying:
Sandberg is an “exceptional business executive.” Yet she wouldn’t have had all of the power to solve the problems that were surfacing at the company, she adds.
“Even though it is a great partnership, I will say there’s a material difference between being CEO and being COO,” says Dr. Desmond-Hellmann, former president of the biotech firm Genentech Inc. “While they both discuss priorities, ultimately Mark makes the calls on personnel allocation — not just how much to spend but what percent of the engineering staff works on things as well.”
Clearly, Zuckerberg has a lot of decision-making power and that makes sense since he’s the CEO, but what happens if his decisions don’t lead to change?
In August he told reporters that the company had removed hundreds of “pages, groups and account for coordinated inauthentic behavior on Facebook and Instagram.” But, he added, “we’re still investigating and there’s a lot that we don’t know.”
Is the CEO too powerful?
It’s unclear if the board can hold Zuckerberg accountable for the mistakes he admits he’s made — and continues to make.
The role of the board is the hold management accountable, says Charles Elson, the Edgar S. Woolard, Jr., Chair in Corporate Governance and the director of the John L. Weinberg Center for Corporate Governance at the University of Delaware, and a consultant to the law firm of Holland & Knight. When major breaches arise at a company and they’re not dealt with accordingly, he explains, the answer is generally for the board to replace management.
“That’s not going to happen here,” he maintains, because of Facebook’s dual-class stock structure, which gives the CEO majority voting rights.
The structure, he stresses, renders the board “completely emasculated. Any vote to hold management accountable will result in the replacement of the board.”
That’s why NorthStar Asset Management sponsored several shareholder resolutions in recent years asking the company to reconsider the supermajority share structure. They wanted Facebook to “allow for one vote per share,” says Goodridge. But the resolutions, she adds, have been voted down multiple times.
In a proxy statement from April defending the stock structure, Facebook stated: “We believe that our capital structure is in the best interests of our stockholders and that our current corporate governance structure is sound and effective.”
MSCI’s Marshall says he doesn’t see dual-class structures as generally good or bad. “We think of them as being one contributor to the risk profile of the company,” he says. “It’s a governance question of course. But generally speaking, our research shows that companies with concentrated ownership, particularly where the found is at the helm, do tend to outperform the market.”
But many still have concerns.
Unequal voting rights, and Zuckerberg holding both the CEO and chairman jobs, were called out as risk concerns in a May report by proxy advisory firm Institutional Shareholder Services. The organization rates Facebook’s governance risk at a ‘10’ on a scale of 1-10, with 10 indicating the highest governance risk.
On the issue of an independent chair, Facebook’s Chan pointed to the company’s response in a 2017 shareholder proposal document.
“Mr. Zuckerberg, as our founder, has guided us from inception and is invested in our success. We believe our board of directors is functioning effectively under its current structure, and that the current structure provides appropriate oversight protections. We do not believe that requiring the chairman to be independent will provide appreciably better direction and performance, and instead could cause uncertainty, confusion and inefficiency in board and management function and relations.”
Society vs. profits
It’s unclear whether splitting the roles, or implementing one vote per share at Facebook would lead to better or worse things. What is clear is that the social networking firm has made mistakes, impacting the company’s bottom line and, more importantly, the very fiber of the United States’ democracy.
Is bad governance ultimately to blame, and could directors be held accountable for more than just the bottom-line impact?
Balancing Shareholder Value and Society:
• Delaware law specifically allows boards to take into account the interests of various stakeholders and the long-term viability of a company at all times, even when in conflict with immediate shareholder value. Beyond Delaware law, 19 states have laws that allow boards to consider the interests of their communities in addition to shareholders.
• When must the board set aside the CEO’s actions to secure the long-term security of the firm?
• What are the situations where shareholder value must be secondary to other concerns that address long-term value?
• How clear has the board been with management on how the above can be addressed and the division of responsibilities?
— Allan Grafman
While the fiduciary responsibility of boards of directors at a publicly traded company is shareholder value, there’s been a growing movement for boards to also take social issues into consideration.
“With every board, there needs to be a social conscious,” stresses Stephanie Resnick, an attorney with Fox Rothchild and chair of the Directors’ & Officers’ Liability & Corporate Governance Practice Group.
From a legal liability perspective, she adds, “directors have to be very very thorough, they have to be responsive and they have to do their own due diligence. That doesn’t mean they have to solve every problem, short circuit every issue before it happens.”
It’s about balance, she notes. “While profit and economic viability are hugely significant and sometimes the only reason why a company is in existence, a better company is one that looks to economic viability and also is socially conscious.”
But can such an approach lead to director liability?
“A lot of this depends upon on how you define it, social good versus profit,” says John Noble, former Delaware Chancery Court vice chancellor, who declined to comment on Facebook specifically.
When it comes to the greater good, he maintains, “directors have a lot of flexibility, but the difficulty is figuring out what to do and how much to do.”
An existential risk can become a company risk, he adds. He views it through the lens that “if a corporation is engaged in a perfectly lawful business that all of a sudden creates a perceived social problem and it runs the risk of being regulated, that could impair profits.”
Directors, Noble adds, have to ask: “what’s the risk and what can you do about it?”
Eve Tahmincioglu, executive editor and digital director for Directors & Boards, can be reached at Eve@DirectorsandBoards.com. Allan Grafman served on 8 boards, is an SEC qualified ‘financial expert’ and media authority. He is CEO of AMV, MD at Oberon Securities and can be reached at AllanGrafman@AllMediaVentures.com
Other related articles
Director Data Annual Report 2019Published June 28, 2019By Directors and BoardsTrends for the 2019 Proxy SeasonShareholder voting during 1,024 meetings held during the “mini-season” between July 1 and Dec. 31, 2018 provides a window into what’s in store for the 2019 proxy ...
Elizabeth Warren’s Accountable Capitalism ActPublished May 13, 2019By Eve TahminciogluDelaware’s supreme court chief justice sees merit in calling for employee representation in the boardroom and ESG disclosure for all large companies — public and private. Last year, U.S. Sen. ...
TOP OF MIND: What directors are thinking (James Lam, director, E*Trade & RiskLens)Published April 25, 2019Risk oversight has always been one of the most critical responsibilities for corporate directors. Today, organizations face global conflicts, economic uncertainties and disruptive technologies. In an ...
Director Data Q2 2019Published April 10, 2019By Directors and BoardsGender Diversity Progresses SlowlyIn 2018, 85% of large company boards across 44 countries had at least one woman among their directors. But women hold only 20.4% of all director seats, up from 13.6% ...