The Important Work of Boards of Directors

Luis A. Aguilar is a Commissioner at the U.S. Securities and Exchange Commission. This post is based on Commissioner Aguilar’s recent address at the 12th Annual Boardroom Summit and Peer Exchange. The full text, including footnotes, is available here. The views expressed in the post are those of Commissioner Aguilar and do not necessarily reflect those of the Securities and Exchange Commission, the other Commissioners, or the Staff.

It’s a great honor to be back again speaking at an event sponsored by the New York Stock Exchange. It has been more than six years since, as a relatively new SEC Commissioner, I had the opportunity to ring the closing bell at the Exchange. Of course, a lot has changed since then.

At the time, the country was in the midst of the worst financial crisis since the Great Depression, and our capital markets were in turmoil. Some of our most storied financial institutions had suffered unparalleled economic damage. The money market fund industry was mired in a crisis of confidence, interbank lending had collapsed, and our short-term capital markets had seized up. To stem the bleeding, the federal government engaged in an unprecedented intervention in the financial sector to inject stability and confidence into the capital markets and to the greater economy.

As the country pulled itself out from under the financial wreckage, we entered a period of self-reflection, analysis, and evaluation, in which no stakeholder in our capital markets escaped critical review. In fact, even the continued existence of the SEC was open to question. Ultimately, Congress and the White House reaffirmed the essential role of the SEC with the passage of the Dodd-Frank Act, which expanded the Commission’s authority and jurisdiction.

Beginning even before passage of the Dodd-Frank Act, the Commission had already entered what has become one of the most active periods in its history—from significant internal restructurings to a transformative number of new rules that, without risk of overstatement, will permanently change the regulatory landscape.

I’ve had a front row seat to these events, having been sworn in as a Commissioner on July 31, 2008, a few weeks before the fall of Lehman Brothers. In fact, according to a recent article, since the passage of the Dodd-Frank Act, the majority political party has changed in both chambers of Congress, the Treasury Department has a new Secretary, and I am the only Commissioner at either the SEC or the Commodity Futures Trading Commission (“CFTC”) who remains in office. It appears that, as the longest serving member of the current Commission, I am in a small category of key decision-makers still standing.

As you can imagine, this period has been both daunting and rewarding. I am proud of my public service during these eventful times, and I have worked to make the Commission a stronger and more effective agency, and one that is more transparent and accountable to the American people.

The SEC, however, is but one of the players in the capital market ecosystem—and, of course, we are never in your boardrooms when decisions are being made. That responsibility falls on those of you in this room who serve as directors of our nation’s publicly-traded companies. Clearly, the way you collectively exercise corporate governance over the management and operations of your companies has an enormous impact on the way the capital markets function.

To that end, I would like to speak about several principles that are critical to good corporate governance. It has long been recognized that good corporate governance serves to enhance the effective deployment of shareholder capital that ultimately contributes to growth and positive long-term performance. Strong corporate governance processes help companies hire and incentivize good managers, while at the same time promoting accountability. In addition, a robust corporate governance infrastructure enables a company to better understand where risks can arise, including emerging risks like cybersecurity. Ultimately, the quality of a company’s corporate governance infrastructure can provide a window into the effectiveness of the board of directors’ oversight of the company for the benefit of shareholders and the long-term health of a company.

Critical to strong corporate governance are its implementers—the boards of directors. I have long-recognized that directors of public companies have particularly difficult jobs. As a former practitioner who regularly advised boards of directors, I am familiar with the challenges you face. The many specific duties and responsibilities you have are too many to list here, but as fiduciaries, all of them are clearly aimed at one overarching obligation—and that is to faithfully represent the interests of shareholders.

To that end, you have significant oversight responsibilities with respect to executive management and for the overall direction of the company. As directors, you play a critical role in setting the appropriate tone at the top, are expected to be guardians of the company’s assets, and are relied upon by both shareholders and the capital market. In addition, you typically sit on at least one board committee with enumerated responsibilities. And you are expected to carry out these duties and responsibilities with a keen focus and attention to detail—all on a part-time basis.

Moreover, in today’s litigious society, you fulfill your responsibilities with the threat of lawsuits hanging over your head. As you well know, it is not uncommon for shareholders to file suit against corporate directors for alleged failures to uphold their responsibilities as fiduciaries of the companies’ assets.

As an SEC Commissioner, I am also aware of the concern directors may have that the SEC could second-guess their judgement and bring an enforcement action against them. While I do not profess to be in your shoes, I can appreciate why you may have this concern; however, the reality is far different. From my own experience, and based on discussions with our staff, it appears that the SEC has rarely brought cases against directors—particularly outside directors—for failing to fulfill their responsibilities as corporate fiduciaries. Indeed, these matters are so infrequent that the agency does not currently maintain statistics on cases that are brought against directors. On those occasions when the SEC has brought actions against directors, the matters typically involve directors who either have taken affirmative steps to participate in fraudulent misconduct or have otherwise enabled fraudulent misconduct to occur by unreasonably turning a blind eye to obvious “red flags” of misconduct.

The rarity of these matters reflects that most directors are dedicated to doing a good job. This experience makes clear that although corporate directors have substantial obligations which are not easy to fulfill, the vast majority of directors are embracing their responsibilities and are fulfilling them conscientiously. These directors should have nothing to fear from the SEC. Serving as a director is important work that needs good people, and I respect those of you who have stepped up to the plate.

With these thoughts in mind, today [October 14, 2015] I want to focus on three themes of corporate governance that merit special attention:

  • First, the importance of effective engagement with shareholders;
  • Second, the importance of company resiliency—with a focus on crisis and risk management; and
  • Third, the importance of ensuring that boards of directors remain relevant as their companies—and the times—change.

Enhancing Engagement with Shareholders

First, I want to discuss the core corporate governance theme of engagement, and the important goal of maximizing communication between companies and their shareholders.

This is not a new concept, and it’s one I’m sure you hear time and again. Shareholders often suggest that annual meetings are too infrequent, that they cover topics at too high a level to address specific concerns, and that more engagement with company leadership would enhance their rights as owners of the company. These are sentiments with which we likely can all agree.

Of course, corporate ownership is simply too widely dispersed geographically for the directors and officers of public companies to meet with every shareholder—or even groups of shareholders—in person. Notably, however, these often-heard concerns don’t just come from retail investors, but also from many institutional and large shareholders.

As a result, there is an increasing acceptance that more direct shareholder engagement is not just good corporate governance, but is good business. To that end, in recent years, many forward looking companies have augmented their shareholder engagement and have become more proactive in their investor relations. In fact, a study published in 2014 found that 47% of issuers reported having initiated more than ten engagements in the preceding year, in contrast to just 31% of issuers in a 2010 survey.

Indeed, the trend towards more engagement between shareholders and company boards is not just a domestic one. Various developments abroad indicate that increased shareholder engagement has no borders. For example, in October 2014, the United Kingdom introduced the Investor Forum, which is intended to bring together institutional investors and board directors. Separately, in December 2013, the Global Network of Director Institutes (or “GNDI”), which represents 100,000 individual directors and governance professionals around the globe, published a white paper discussing various “best practices” for effective shareholder engagement.

And we are continuing to witness a growing recognition by domestic companies of the importance of shareholder engagement by corporate boards. For example, in early 2014, a working group of issuer and investor representatives developed the Shareholder-Director Exchange (SDX) Protocol, which is a guide on when direct engagement between shareholders and public company boards may be appropriate, and how such engagements can work best for all parties. One of the key takeaways from this Protocol is that both issuers and investors now increasingly recognize that there is value in encouraging greater engagement before crises or other developments occur.

While many of these efforts are aimed at institutional investors, other technological innovations hold out hope for increased engagement with retail investors, a group that is often overlooked in the engagement process. One example took place in March 2015, when Hewlett Packard held a completely virtual annual shareholder meeting to allow more shareholders to participate without incurring travel costs. And the use of virtual shareholder forums appears to be steadily growing. Moreover, other companies have hosted so-called “hybrid” shareholder meetings, with shareholders having the ability to choose to attend physically or virtually (by participating online). There are those who object to virtual-only meetings and strongly prefer the “hybrid” approach. What is clear, however, is that these innovations reflect creative solutions to the challenges of engaging with a geographically dispersed investor base.

These examples reflect a positive trend of enhanced communication, but they still seem to be the exception, not the rule. As representatives of shareholders—with fiduciary responsibilities—directors should look for ways to foster engagement. Regardless of the mechanism, the goal should be the same—furthering communications between companies and shareowners. The resulting communication establishes a strong foundation for good corporate governance.

Resiliency—the Growing Importance of Board Oversight for Crisis and Risk Management

A robust corporate governance framework is also exemplified by effective risk oversight. Indeed, in today’s volatile world, how a company prepares for and responds to major disruptive events—sometimes referred to as “resiliency”—has become increasingly critical to the protection and growth of a company’s assets.

In just the last ten years, we’ve experienced some of the most devastating and costliest natural disasters in our country’s history—from Hurricane Katrina to Hurricane Sandy to Hurricane Ike. Some of these natural disasters have been so unexpected and so unusual, that no one would expect a company to reasonably anticipate that they would happen. Indeed, no one can control Mother Nature. However, there are natural events that occur with such frequency in certain areas of the country, such as earthquakes, tornados, and hurricanes, that there is sentiment that boards need to consider how to respond to these crises. These events can cause all kinds of disruptions—widespread black-outs, infrastructure damage, and widespread internet and/or communication outages. Some of these events may be catastrophic. Others may be less dramatic. But, we all know that they can be severely disruptive and costly to companies, their employees, and shareholders.

Crisis events can also be man-made, such as accounting scandals and other serious regulatory violations, product defects, or even terrorist attacks. Although some man-made crises could be considered “black swans” because no one would reasonably expect them to occur, others are, unfortunately, all too common and thus reasonably foreseeable. Examples of foreseeable man-made crises might include, depending on the industry, oil spills, automobile recalls, and outbreaks of foodborne illnesses. To this list, of course, you can add cyber-attacks. Ultimately, each company and industry faces its own unique risks that are foreseeable, and therefore worthy of any prudent board’s attention.

As the spectrum of risks that companies face has increased, so has the recognition among boards that risk management is integral to every aspect of a company’s long-term well-being—and that risk management is applicable to both natural disasters and man-made events. Traditionally the purview of company management, the overall supervision of risk management has gradually become part of board agendas. Indeed, in 2009, the Commission encouraged this shift by requiring companies to disclose their boards’ role in enterprise risk oversight. While the Commission intentionally did not mandate a specific risk oversight role, it did note that “risk oversight is a key competence of the board.”

Shareholders have likewise recognized the increasingly important role of the board in enterprise risk oversight, and are taking steps to hold directors accountable for perceived failures in this function. In early 2014, in the wake of a coal-ash spill, the California Public Employees’ Retirement System (“CalPERS”) and the New York City Comptroller urged shareholders to vote against four independent directors to Duke Energy Corp.’s board, accusing them of having “failed to fulfill their obligations of risk oversight as members of a committee overseeing health, safety and environmental compliance at the company.” Separately, in 2013, a prominent shareholder advisory firm recommended that shareholders withhold support for three directors of the board of JPMorganChase and Co., accusing them of “material failures of stewardship and risk oversight” after the bank suffered a multibillion-dollar loss as a result of the “London Whale” trading scandal.

The increasing importance of a board’s oversight role in risk management is illustrated by one of the more important risk issues faced by American companies, government institutions, law enforcement, and many regulators today: cybersecurity. This is an issue that I take very seriously, and have spoken about on a number of occasions, including at a conference sponsored by the New York Stock Exchange just last year. Unfortunately, it has become too commonplace to talk about the increasing frequency, severity, and sophistication of cyber-attacks.

The frequency of cyber-attacks—and the likelihood of more—has only served to ratchet up the pressure on company boards to effectively implement enterprise risk oversight. Indeed, shareholders have sued boards of directors for failing to guard against cyber-attacks, alleging breaches of fiduciary duties and oversight failures, among other things. Moreover, boards also need to be aware of the increased regulatory focus on a company’s cybersecurity oversight. For example, recently the U.S. Court of Appeals for the Third Circuit affirmed the authority of the Federal Trade Commission to pursue enforcement actions against companies that fail to employ reasonable and appropriate cybersecurity measures for consumers’ sensitive personal information. In addition, just last month the SEC brought its first case against a registered investment adviser alleging that its failure to establish required cybersecurity policies and procedures compromised the personal information of roughly 100,000 individuals.

Fortunately, many boards are becoming more diligent in responding to the increased cybersecurity threat. For example, in early 2015, a survey of nearly 200 directors of public companies highlighted a trend towards more board-level discussion of cybersecurity matters, finding that more than 80% of participants indicated that cybersecurity is discussed at most, and in some cases all, board meetings. A separate May 2015 survey of global financial institutions confirmed this trend, and found that, in addition to cybersecurity concerns, boards are devoting more time to risk management in general and to addressing key risk issues.

Ultimately, while there is no “one size fits all” approach to board oversight of risk management, the goal is to give proper attention to a company’s perceived risks to ensure sufficient preparedness. This can mean making sure the board is appropriately informed about the global risks facing an organization or its broader industry, tasking appropriate personnel with monitoring and preparing for such risks, and implementing protocols to be able to quickly respond if and when such risks become a crisis event.

As you well know, in today’s digitally interconnected society, the potential reputational harm that can envelop a company not prepared to respond to a crisis can quickly overtake the initial crisis as the most consequential threat to a company’s future outlook.

Some crises cannot be avoided, no matter how carefully you plan, but pre-planning can give a company a better chance to respond to and recover from a crisis when it occurs.

Ensuring that Boards Remain Effective Stewards of the Corporate Enterprise

The ascendance of cybersecurity on board agendas in recent years highlights the fact that the pace of change has accelerated dramatically in the business world. The reasons for this acceleration are numerous and defy simple explanation. But most would agree that the phenomenon is fueled, at least in part, by three overarching trends. They include the increasingly rapid emergence of novel and disruptive technologies, the intensifying nature of globalization, and the relentless pressure on firms to innovate. These phenomena present boards with an ever changing—and ever more challenging—business environment.

In an era of such aggressive technological and economic transformation, boards that hope to remain effective will need to do more than merely react to events as they unfold. Instead, prudent and responsible boards will need to work to foresee the challenges and opportunities that lie ahead, and apply their expertise to help their companies navigate them. In these circumstances, boards may need to strive for a deeper level of insight, broader subject matter expertise, and, perhaps most importantly, more agile strategic thinking. Furthermore, some experts believe that there is a growing need for boards to bring fresh viewpoints to the table, and to be willing to challenge the status quo in the pursuit of constructive change. This school of thought believes that boards must take the initiative by engaging in long-term strategic planning ahead of management, and must be willing to be catalysts for change when their company’s best interests demand it.

How can boards ensure that they possess the necessary expertise and acumen to keep pace with a constantly shifting business landscape? This is certainly no easy task. Ultimately, the question centers on whether the board is composed of individuals who possess the appropriate skills, experience, and judgment to govern effectively. To ensure that this is the case, some experts have focused on the issue of director tenure, and have suggested term limits for directors as one approach to help boards periodically reassess whether their members’ collective skills and expertise remain aligned with the company’s needs.

Proponents of this view claim that term limits would yield numerous benefits, including allowing boards to regularly recruit new members who possess the perspectives, skills, and experiences the company needs to achieve its goals in a changing world. Proponents of term limits also assert that they could help counter the perception that longer-tenured directors may become ineffectual over time—because, for example, their business experience grows stale, or their passion and interest in the company begins to wane. Another concern is that longer-tenured directors could become too deferential to management as personal relationships deepen during the years, which could potentially compromise the directors’ independence.

Needless to say, there are those who disagree. Opponents of term limits decry them as a blunderbuss approach, one that can deprive companies of directors who possess valuable and, oftentimes, irreplaceable knowledge. Opponents of term limits also contest the notion that longer-serving directors may lose their ability to be truly independent. Instead they believe that such directors can actually be more independent, because their extensive experience and deep knowledge of the company place them in a better position to challenge management.

Further complicating matters, however, is the conflicting empirical evidence as to whether director tenure meaningfully affects company performance and shareholder value. Some studies have concluded that companies with higher rates of director turnover provide their shareholders with superior returns. And one 2013 study concluded that company performance generally begins to falter once a board’s tenure surpasses nine years.

Yet, other studies appear to contradict these findings. For example, one study of global companies found that companies with entrenched boards—especially family-dominated companies—have significantly outperformed their peers over the past five years. Another study dispelled the notion that longer-serving directors tend to become disengaged. According to this study, longer-tenured directors are more likely to attend board meetings and serve on board committees than newer directors. Notably, this study also found that companies with a higher proportion of longer-serving directors were less likely to engage in accounting fraud, engaged in more lucrative corporate acquisitions, paid their CEOs less, and were more likely to replace CEOs for poor performance.

While the merits of term limits remain unclear, what is certain is that boards face growing pressure to address the issue in a meaningful way. A variety of stakeholders, ranging from institutional investors to proxy advisory firms and shareholder “activists,” have coalesced around the view that longer-tenured directors can be problematic. Asset managers and proxy advisory firms alike have issued guidelines that may assign lower ratings to firms that have a significant number of longer-tenured outside directors. And, as you may know, the issue of board tenure figured prominently in the 2015 proxy season.

Ensuring that a board continues to possess the optimal mix of skills and experience to govern effectively implicates a range of issues. Accordingly, a mechanistic approach that focuses solely on director tenure may not be the best method. Instead, it may be more useful to view board effectiveness through a broader lens, one that takes into account all aspects of a board’s capacity to oversee the company. The cornerstone of this approach is a periodic review of the board’s performance, one that encompasses the board’s composition, leadership, interpersonal dynamics, governance policies, and strategic vision, among other topics.

Many boards appear to have recognized this. In fact, nearly all the boards of S&P 500 companies have established a framework for regularly evaluating their performance as a group. Yet, only about a third of S&P 500 companies currently evaluate the performance of individual directors, despite the fact that investors increasingly view such evaluations as being essential. Individual director assessments can be a valuable tool for identifying incipient gaps between board members’ skills, knowledge, and abilities, on the one hand, and the company’s evolving needs, on the other. Moreover, many boards have not kept up with our nation’s changing demographics and are lacking the skills, talents, and perspectives that women and minorities can bring. Periodic evaluations can make boards aware of these and other gaps, and allow them to be effectively addressed. For example, boards can recruit additional directors, rotate board committee memberships, and provide board members with needed educational opportunities, such as by having subject matter experts make presentations on key topics.

In the end, boards have a fiduciary responsibility to ensure that they possess the necessary skills, experience, and judgment to be competent stewards of their companies. Meeting this high standard can be challenging and it requires boards to routinely undertake a rigorous and honest assessment of their own abilities and performance. Such assessments are rarely easy, and are sometimes painful, but they are essential if boards are to meet the implacable demands of today’s constantly evolving business environment.


As I conclude my remarks, I want to acknowledge again the significant challenges faced by corporate boards. While much is expected of you, I am confident that you are up to the task and to fulfilling your roles as custodians and fiduciaries of your shareowners’ assets. It’s something many of you have excelled at. America’s companies are among the most innovative and profitable in the world, and much of the credit for those successes rightly belongs to the efforts of directors and the effective use of corporate governance processes. There is much to be proud of—but, there is always room for improvement. Of course, that is why you are here at the Boardroom Summit and Peer Exchange. Learning about and focusing on more effective corporate governance processes is one sure way of making things better.

Thank you for having me here today.

Both comments and trackbacks are currently closed.