Corporate governance disruptors in 2017 included massive cyber breaches; virtual annual meetings; the Trump presidency; and blockchain mania.
And that's what drove the most-read articles on Directors & Boards this year.
Here's a rundown on the top 10:
What companies need to know before ditching in-person forums.
By Eve Tahmincioglu
Last year, four environmental advocates were escorted from Duke Energy’s annual shareholder meeting after interrupting the utility’s CEO Lynn Good.
And that was before environmental groups rallied outside the O.J. Miller Auditorium in Charlotte — where the meeting was held on May 5, 2016 — protesting what they alleged was a cozy relationship between Good and Gov. Pat McCrory, a former Duke Energy employee. The protest included a mock wedding between the two as they donned air masks.
This year, things were much more quiet.
Duke Energy had the company's first virtual shareholder meeting in May 2017.
Why? Duke Energy opted to take its long-standing meeting completely virtual. There were no investors physically there to interrupt the CEO, who spoke to the camera during a one-hour tightly scripted talk at an undisclosed location. She answered shareholder questions that were submitted online and read to her by Michael Callahan, Duke’s vice president, investor relations.
The decision to ditch the face-to-face meeting was made to “increase our shareholders’ access to the meeting, making it easy and inexpensive for them to participate,” said Steve Young, Duke Energy executive vice president and chief financial officer, in a statement announcing the move.
But it didn’t sit well with shareholders of all sizes.
The California State Teachers’ Retirement System (CalSTRS), which owns 1.6 million shares of Duke Energy stock valued at $107 million, sent a letter to Duke prior to the meeting raising concerns about going all virtual, saying it would deny shareholders the “opportunity to interact with management and board members.”
Three Veteran Board Members Share Their Tech Journeys, Advice
By Eve Tahmincioglu
There’s a building drumbeat to get technology expertise on company boards, and that even includes legislation to push the issue in boardrooms. While the answer is often to bring in younger, geekier directors, the best candidate may already be sitting at the boardroom table.
Existing directors, even those past retirement age, are starting to look in the mirror and say, “I can be a high-tech director.”
With technology invading almost every part of business, from computers to e-commerce, it makes sense for all directors to have a level of tech knowledge in order to do their jobs well. It’s imperative for everything from making sure company systems and customer information are protected to spotting the next disruptive technology that could impact business.
“We have to raise the existing board members’ digital competency,” says Bob Zukis, a technology consultant, a senior fellow with The Conference Board Governance Center, and an adjunct professor of Management and Organization for the Marshall School of Business at the University of Southern California. “It demands regular board attention from a risk standpoint, but more importantly, from the strategic opportunity standpoint — how technology creates and captures value.”
Many board members are starting to take these words to heart.
Directors & Boards spoke to three board members about their paths to high-tech literacy, what they see as a director’s role and advice to get your geek on.
What boards should focus on — and ignore — in an uncertain regulatory environment.
By Eve Tahmincioglu
Since President Donald J. Trump took office, boards have been bracing for a weather change in corporate governance.
While many directors believe potential changes will be generally positive for Corporate America, the lack of certainty on what those changes will be is the biggest issue for board members. The first months of the administration, says one board member, have been “like a windstorm, and its direction is uncertain.”
The political maelstrom has many on edge and unclear on what to expect as far as tax reform, trade, regulations, immigration, healthcare, and infrastructure spending, explains James Cox, the Brainerd Currie Professor of Law at Duke University, who specializes in corporate and securities law.
“Regardless of whether you’re in a red, blue or purple state, your business is going to be operating in an even more dynamic, hard-to-predict environment,” he adds. “It’s going to test the elasticity of the board when it comes to oversight.”
Boards are opting to be patient.
“I think most of us are still in a ‘wait-and-see’ mode,” says Jill Kanin-Lovers, who sits on the boards of Heidrick & Struggles and the Homeownership Preservation Foundation. “Every day seems to bring a surprise but nothing tangible yet to help with business planning.”
New study finds a disconnect when it comes to the rank-and-file level
By Eve Tahmincioglu
Do directors have a good read on the culture at the organizations they oversee? Turns out, many do not.
Only 50% of directors say they understand “the collective behaviors, norms, and values at the front lines of their organizations, among their rank-and-file employees,” according to recently released research from the National Association of Corporate Directors.
The study also found that “less than half of directors reported that their boards assess the alignment between the company’s purpose and values and its strategy.”
That’s bad news if Corporate America is going to avoid cultural breakdowns that impact business, such as fake accounts at Wells Fargo, sexual harassment at Fox News and Amazon, and price gouging at EpiPen.
In their oversight role, boards of directors can take several steps to ensure management is communicating and practicing its core values.
By Chuck Saia
Corporate culture is under a microscope. The scrutiny focused in the past on compliance and whistleblower activity has extended to the behavior of all employees in an organization. Regulators are upping their efforts to determine if organizations are communicating and practicing ethical behavior.
Organizations that don’t communicate and practice ethical behavior are often cast in a negative light in traditional and social media, which threatens one of their most valuable assets — their reputation.
Organizations that make ethical behavior a top priority are typically better positioned to gain a competitive edge: they are able to focus more on strategic issues, including disrupting through innovation to drive growth or leveraging their brand for distinct advantage in the marketplace.
As a result, many organizations are taking a hard look at their own approaches to culture risk and enhancing them as needed. They’re getting away from viewing their ethics and compliance programs as a check-the-box activity or, worse, a roadblock to achieving business objectives.
Board meeting minutes, or lack thereof, are causing legal issues.
By Doug Raymond
The minimalist approach to recording boardroom discussions is attracting criticism, but that doesn’t mean everything at every meeting should be documented.
In practice, approaches range from reciting only the bare bones of board actions and decisions, to creating a veritable transcript of the entire meeting, including all reports and discussions. Under the corporate law of Delaware and most other jurisdictions, the job of the corporate secretary is “to record the proceedings of the meetings of the stockholders and directors in a book to be kept for that purpose.”
But what should the record say?
Twelve questions every board should ask.
By Judy Selby and Amy Rojik
Cybersecurity regulations are intensifying.
A new proposed cybersecurity regulation promulgated by New York's Department of Financial Services (DFS), which generally applies to financial institutions that do business in New York and is expected to go into effect on March 1, 2017, is groundbreaking in several respects.
Under the proposed regulation, which is mandatory and not just guidance, organizations have to implement and maintain a comprehensive written Cybersecurity Policy, as defined in the regulation, "approved by a Senior Officer or the institution's board of directors (or an appropriate committee thereof) or equivalent governing body."
The proposed regulation also requires each institution to designate a qualified individual, likely a chief information security officer (CISO), responsible for overseeing and implementing the cybersecurity program and enforcing the cybersecurity policy. The CISO is required to provide a comprehensive written report, at least annually, to the board of directors, covering the entity's cybersecurity program and material cybersecurity risks.
The regulation also requires the establishment of a cybersecurity program designed to protect the confidentiality, integrity and availability of the institution’s information systems and nonpublic information.
What role can the board play?
By Caren Kenney
It’s rare to go a few days without reading about the latest chief executive officer debacle — where the leader at the helm is suddenly sidelined by an unexpected illness, unethical decision or personal indiscretion that is trending on social media within minutes of it being leaked or exposed. Plus, CEO exits from underperforming companies have risen to a level unseen in 15 years, according to the Conference Board, a business research association.
The statistics are sobering: 64% of CEOs don’t make it to their fourth anniversary, and 40% don’t even make it to 18 months.
None of this should come as a surprise, when you consider the intense 24/7 pace and pressure-cooker environment in which CEOs now operate, characterized by a highly uncertain and complex global environment; intense scrutiny from shareholders, consumers and the media; and nonstop travel across multiple countries, continents and time zones. All of this exacts a significant toll on a CEO’s health, performance and family life.
Preventing future Equifax-type breaches
By Todd Thibodeaux
The roll call includes some of the biggest brand names in the business world: Target, LinkedIn, Yahoo, Home Depot, Anthem. Now Equifax adds its name to this roster of infamy.
Once again, tens of millions of innocent, trusting consumers are left in a digital lurch, with personally identifiable information stolen, financial accounts compromised and passwords pilfered.
Once again, a small number of C-level executives pay the price with their jobs, either through firings or forced retirements.
Once again, fingers are pointed at out-of-date software, faulty hardware, careless employees or incompetent contractors as the cause of the breach.
And once again, a group of individuals who should be front and center in cybersecurity discussions stays silently in the background.
It’s become far too easy — almost standard practice — for boards of directors to scapegoat CIOs, CISOs and IT teams when avoidable data breaches like the one at Equifax occur.
Understanding what could be the next "disruptive" technology
By Andrea Tinianow and Michael Marquardt
In its simplest terms, blockchain technology allows several parties to transact business in real time by recording information to a ledger through a network of computers. The record is only updated on the ledger if everyone who is a party to the transaction is in agreement. Once updated, the record cannot be changed and becomes an immutable record of the transaction.
The enactment of Delaware’s blockchain amendments (that authorize corporations to maintain corporate records on a blockchain) in August of 2017 catapulted blockchain technology into the mainstream. This is because Delaware is the legal home of more than two-thirds of Fortune 500 corporations and of more than half of all publicly traded companies in the United States.
Because blockchain technology replaces the need for a trusted intermediary, it can transform the way business is conducted across almost every sector, from finance to manufacturing, from healthcare to agriculture.
Tech-savvy boards of directors have already begun to consider the disruptive potential of the technology. But, what about everyone else? If your company does not have a blockchain strategy, you need to ask, “why not?” If your company is developing a blockchain strategy, you need to ask the right questions, as a director, to ensure that it will not only reduce the chances of disintermediation and reputational risk, but also improve your company’s bottom line, and increase long term shareholder value.