Ten Topics for Directors in 2016

U.S. public companies face a host of challenges as they enter 2016. Here is our annual list of hot topics for the boardroom in the coming year:

1. Oversee the development of long-term corporate strategy in an increasingly interdependent and volatile world economy
2. Cultivate shareholder relations and assess company vulnerabilities as activist investors target more companies with increasing success
3. Oversee cybersecurity as the landscape becomes more developed and cyber risk tops director concerns
4. Oversee risk management, including the identification and assessment of new and emerging risks
5. Assess the impact of social media on the company’s business plans
6. Stay abreast of Delaware law developments and other trends in M&A
7. Review and refresh board composition and ensure appropriate succession
8. Monitor developments that could impact the audit committee’s already heavy workload
9. Set appropriate executive compensation as CEO pay ratios and income inequality continue to make headlines
10. Prepare for and monitor developments in proxy access

Strategic Planning Considerations

Strategic planning continues to be a high priority for directors and one to which they want to devote more time. Figuring out where the company wants to—and where it should want to—go and how to get there is not getting any easier, particularly as companies find themselves buffeted by macroeconomic and geopolitical events over which they have no control. In addition to economic and geopolitical uncertainty, a few other challenges and considerations for boards to keep in mind as they strategize for 2016 and beyond include:

• finding ways to drive top-line growth
• focusing on long-term goals and enhancing long-term shareholder value in the face of mounting pressures to deliver short-term results
• the effect of low oil and gas prices
• figuring out whether and when to deploy growing cash stockpiles
• assessing the opportunities and risks of climate change and resource scarcity
• addressing corporate social responsibility.

Shareholder Activism

Shareholder activism and “suggestivism” continue to gain traction. With the success that activists have experienced throughout 2015, coupled with significant new money being allocated to activist funds, there is no question that activism will remain strong in 2016.

In the first half of 2015, more than 200 U.S. companies were publicly subjected to activist demands, and approximately two-thirds of these demands were successful, at least in part. [1] A much greater number of companies are actually targeted by activism, as activists report that less than a third of their campaigns actually become public knowledge. [2] Demands have continued, and will continue, to vary: from requests for board representation, the removal of officers and directors, launching a hostile bid, advocating specific business strategies and/or opining on the merit of M&A transactions. But one thing is clear: the demands are being heard. According to a recent survey of more than 350 mutual fund managers, half had been contacted by an activist in the past year, and 45 percent of those contacted decided to support the activist. [3]

With the threat of activism in the air, boards need to cultivate shareholder relations and assess company vulnerabilities. Directors—who are charged with overseeing the long-term goals of their companies—must also understand how activists may look at the company’s strategy and short-term results. They must understand what tactics and tools activists have available to them. They need to know and understand what defenses the company has in place and whether to adopt other protective measures for the benefit of the overall organization and stakeholders.

Cybersecurity

Nearly 90 percent of CEOs worry that cyber threats could adversely impact growth prospects. [4] Yet in a recent survey, nearly 80 percent of the more than 1,000 information technology leaders surveyed had not briefed their board of directors on cybersecurity in the last 12 months. [5] The cybersecurity landscape has become more developed and as such, companies and their directors will likely face stricter scrutiny of their protection against cyber risk. Cyber risk—and the ultimate fall out of a data breach—should be of paramount concern to directors.

One of the biggest concerns facing boards is how to provide effective oversight of cybersecurity. The following are questions that boards should be asking:

• Governance. Has the board established a cybersecurity review > committee and determined clear lines of reporting and > responsibility for cyber issues? Does the board have directors with the necessary expertise to understand cybersecurity and related issues?
• Critical asset review. Has the company identified what its highest cyber risks assets are (e.g., intellectual property, personal information and trade secrets)? Are sufficient resources allocated to protect these assets?
• Threat assessment. What is the daily/weekly/monthly threat report for the company? What are the current gaps and how are they being resolved?
• Incident response preparedness. Does the company have an incident response plan and has it been tested in the past six months? Has the company established contracts via outside counsel with forensic investigators in the event of a breach to facilitate quick response and privilege protection?
• Employee training. What training is provided to employees to help them identify common risk areas for cyber threat?
• Third-party management. What are the company’s practices with respect to third parties? What are the procedures for issuing credentials? Are access rights limited and backdoors to key data entry points restricted? Has the company conducted cyber due diligence for any acquired companies? Do the third-party contracts contain proper data breach notification, audit rights, indemnification and other provisions?
• Insurance. Does the company have specific cyber insurance and does it have sufficient limits and coverage?
• Risk disclosure. Has the company updated its cyber risk disclosures in SEC filings or other investor disclosures to reflect key incidents and specific risks?

The SEC and other government agencies have made clear that it is their expectation that boards actively manage cyber risk at an enterprise level. Given the complexity of the cybersecurity inquiry, boards should seriously consider conducting an annual third-party risk assessment to review current practices and risks.

Risk Management

Risk management goes hand in hand with strategic planning—it is impossible to make informed decisions about a company’s strategic direction without a comprehensive understanding of the risks involved. An increasingly interconnected world continues to spawn newer and more complex risks that challenge even the best-managed companies. How boards respond to these risks is critical, particularly with the increased scrutiny being placed on boards by regulators, shareholders and the media. In a recent survey, directors and general counsel identified IT/cybersecurity as their number one worry, and they also expressed increasing concern about corporate reputation and crisis preparedness. [6]

Given the wide spectrum of risks that most companies face, it is critical that boards evaluate the manner in which they oversee risk management. Most companies delegate primary oversight responsibility for risk management to the audit committee. Of course, audit committees are already burdened with a host of other responsibilities that have increased substantially over the years. According to Spencer Stuart’s 2015 Board Index, 12 percent of boards now have a stand-alone risk committee, up from 9 percent last year. Even if primary oversight for monitoring risk management is delegated to one or more committees, the entire board needs to remain engaged in the risk management process and be informed of material risks that can affect the company’s strategic plans. Also, if primary oversight responsibility for particular risks is assigned to different committees, collaboration among the committees is essential to ensure a complete and consistent approach to risk management oversight.

Social Media

Companies that ignore the significant influence that social media has on existing and potential customers, employees and investors, do so at their own peril. Ubiquitous connectivity has profound implications for businesses. In addition to understanding and encouraging changes in customer relationships via social media, directors need to understand and weigh the risks created by social media. According to a recent survey, 91 percent of directors and 79 percent of general counsel surveyed acknowledged that they do not have a thorough understanding of the social media risks that their companies face. [7]

As part of its oversight duties, the board of directors must ensure that management is thoughtfully addressing the strategic opportunities and challenges posed by the explosive growth of social media by probing management’s knowledge, plans and budget decisions regarding these developments. Given new technology and new social media forums that continue to arise, this is a topic that must be revisited regularly.

M&A Developments

M&A activity has been robust in 2015 and is on track for another record year. According to Thomson Reuters, global M&A activity exceeded $3.2 trillion with almost 32,000 deals during the first three quarters of 2015, representing a 32 percent increase in deal value and a 2 percent increase in deal volume compared to the same period last year. The record deal value mainly results from the increase in mega-deals over $10 billion, which represented 36 percent of the announced deal value. While there are some signs of a slowdown in certain regions based on deal volume in recent quarters, global M&A is expected to carry on its strong pace in the beginning of 2016.

Directors must prepare for possible M&A activity in the future by keeping abreast of developments in Delaware case law and other trends in M&A. The Delaware courts churned out several noteworthy decisions in 2015 regarding M&A transactions that should be of interest to directors, including decisions on the court’s standard of review of board actions, exculpation provisions, appraisal cases and disclosure-only settlements.

Board Composition and Succession Planning

Boards have to look at their composition and make an honest assessment of whether they collectively have the necessary experience and expertise to oversee the new opportunities and challenges facing their companies. Finding the right mix of people to serve on a company’s board of directors, however, is not necessarily an easy task, and not everyone will agree with what is “right.” According to Spencer Stuart’s 2015 Board Index, board composition and refreshment and director tenure were among the top issues that shareholders raised with boards. Because any perceived weakness in a director’s qualification could open the door for activist shareholders, boards should endeavor to have an optimal mix of experience, skills and diversity. In light of the importance placed on board composition, it is critical that boards have a long-term board succession plan in place. Boards that are proactive with their succession planning are able to find better candidates and respond faster and more effectively when an activist approaches or an unforeseen vacancy occurs.

Audit Committees

Averaging 8.8 meetings a year, audit continues to be the most time-consuming committee. [8] Audit committees are burdened not only with overseeing a company’s risks, but also a host of other responsibilities that have increased substantially over the years. Prioritizing an audit committee’s already heavy workload and keeping directors apprised of relevant developments, including enhanced audit committee disclosures, accounting changes and enhanced SEC scrutiny will be important as companies prepare for 2016.

Executive Compensation

Perennially in the spotlight, executive compensation will continue to be a hot topic for directors in 2016. But this year, due to the SEC’s active rulemaking in 2015, directors will have more to fret about than just say-on-pay. Roughly five years after the Dodd-Frank Wall Street Reform and Consumer Protection Act was enacted, the SEC finally adopted the much anticipated CEO pay ratio disclosure rules, which have already begun stirring the debate on income inequality and exorbitant CEO pay. The SEC also made headway on other Dodd-Frank regulations, including proposed rules on pay-for-performance, clawbacks and hedging disclosures. Directors need to start planning how they will comply with these rules as they craft executive compensation for 2016.

Proxy Access

2015 was a turning point for shareholder proposals seeking to implement proxy access, which gives certain shareholders the ability to nominate directors and include those nominees in a company’s proxy materials. During the 2015 proxy season, the number of shareholder proposals relating to proxy access, as well as the overall shareholder support for such proposals, increased significantly. Indeed, approximately 110 companies received proposals requesting the board to amend the company’s bylaws to allow for proxy access, and of those proposals that went to a vote, the average support was close to 54 percent of votes cast in favor, with 52 proposals receiving majority support. [9] New York City Comptroller Scott Springer and his 2015 Boardroom Accountability Project were a driving force, submitting 75 proxy access proposals at companies targeted for perceived excessive executive compensation, climate change issues and lack of board diversity. Shareholder campaigns for proxy access are expected to continue in 2016. Accordingly, it is paramount that boards prepare for and monitor developments in proxy access, including, understanding the provisions that are emerging as typical, as well as the role of institutional investors and proxy advisory firms.

The complete publication is available here.