Monthly Archives: May 2021

Cybersecurity Oversight and Defense — A Board and Management Imperative

John F. Savarese, Sarah K. Eddy, and Sabastian V. Niles are partners at Wachtell, Lipton, Rosen & Katz. This post is based on a Wachtell memorandum by Mr. Savarese, Ms. Eddy, Mr. Niles, and Jeohn Salone Favors.

This past weekend, criminal ransomware cyberattacks drove the shutdown of one of America’s largest pipelines for refined gasoline, diesel fuel, and jet fuel as a precautionary means of containing the impact of the breach, highlighting the vulnerability of the nation’s energy infrastructure. Recent reports indicate that more than two dozen other company victims across a range of industries were targeted by these ransomware attacks, with worse damage blocked thanks to close and rapid coordination between federal authorities and private sector partners to identify and swiftly shut down servers being used in the attack. Earlier this month, a California-based regional hospital operator had to take healthcare IT systems offline following a cyberattack, significantly disrupting care, forcing medical personnel to use back-up paper records and raising concerns about vulnerabilities in the healthcare system as the nation continues to battle the Covid-19 pandemic.

In addition to the most recent incidents highlighted above, 2020 featured one of the most ambitious and troubling cyberattacks in history: hackers associated with a foreign intelligence service surreptitiously implanted malicious code into Texas-based technology firm SolarWinds’s Orion network management tool, an application used by tens of thousands of clients, including Microsoft, the U.S. government and FireEye, a prominent cybersecurity firm that helped discover and alert the world to the compromise. More recently, in April 2021, authorities discovered that attackers had, since at least June 2020, been exploiting security flaws in virtual private network (VPN) products offered by an IT software provider. Like the SolarWinds hack, the breach affected federal government agencies and numerous private companies.


Weekly Roundup: May 7–13, 2021

More from:

This roundup contains a collection of the posts published on the Forum during the week of May 7–13, 2021.

How Should Performance Signals Affect Contracts?

Directors’ Oversight Role Today: Increased Expectations, Responsibility and Accountability—A Macro View

The Effects of Mandatory ESG Disclosure around the World

Engaging with Neuberger Berman

When a Company Takes a Stand, What is the Board’s Role?

How to Regulate De-SPACs as IPOs

Lessons from TEGNA’s Second Straight Proxy Fight Win

Ten Years After: From the UN Guiding Principles to Multi-Fiduciary Obligations

Ten Years After: From the UN Guiding Principles to Multi-Fiduciary Obligations

John Ruggie is the Berthold Beitz Research Professor in Human Rights and International Affairs at Harvard University Kennedy School of Government, and Caroline Rees and Rachel Davis are Senior Fellows at the Kennedy School Corporate Responsibility Initiative, and are President and Vice President of Shift, a nonprofit focused on the UN Guiding Principles on Business and Human Rights. This post is based on their recent paper. Related research from the Program on Corporate Governance includes The Illusory Promise of Stakeholder Governance by Lucian A. Bebchuk and Roberto Tallarita (discussed on the Forum here); For Whom Corporate Leaders Bargain by Lucian A. Bebchuk, Kobi Kastiel, and Roberto Tallarita (discussed on the Forum here); and Restoration: The Role Stakeholder Governance Must Play in Recreating a Fair and Sustainable American Economy—A Reply to Professor Rock by Leo E. Strine, Jr. (discussed on the Forum here).

While American commentators continue to debate whether the “repurposing” of the corporation is virtue signaling or more fundamental, and whether ESG investing is real, a bubble, or an artifact of bad measurement, Europe is launching a regulatory revolution that, if seen through successfully, will fundamentally reshape the social construct of the large corporation.

The European Union’s Sustainable Finance Disclosure Regulation (SFDR) is now being phased in. It imposes two requirements on all “financial market participants,” including advisors. First, they must identify and publish how they account for “sustainability risks” in their investment advising and decision-making. Second, financial market participants are required to publish on their websites how they do their ESG due diligence to identify those risks. Additional requirements apply where financial products are marketed as “ESG” or “sustainable.” Specific enforcement mechanisms are still to be determined but will include administrative measures and fines. The assumption is that the SFDR in some manner will apply to any financial market participant that operates within the single market – which includes U.S.-based firms and their subsidiaries. Details on how this will be implemented are still being worked out. The Commission has also just published a revised Corporate Sustainability Reporting Directive that confirms the expectation that covered companies will report on their ‘principal adverse impacts’ on people and planet, informed by international human rights standards.


Lessons from TEGNA’s Second Straight Proxy Fight Win

Igor Kirman and Sabastian V. Niles are partners and Natalie S.Y. Wong is an associate at Wachtell, Lipton, Rosen & Katz. This post is based on their Wachtell memorandum. Related research from the Program on Corporate Governance includes The Long-Term Effects of Hedge Fund Activism by Lucian Bebchuk, Alon Brav, and Wei Jiang (discussed on the Forum here); Dancing with Activists by Lucian Bebchuk, Alon Brav, Wei Jiang, and Thomas Keusch (discussed on the Forum here); and Who Bleeds When the Wolves Bite? A Flesh-and-Blood Perspective on Hedge Fund Activism and Our Strange Corporate Governance System by Leo E. Strine, Jr. (discussed on the Forum here).

On May 7, 2021, at TEGNA Inc.’s contested annual meeting, shareholders demonstrated their strong confidence in the company by re-electing all twelve of the incumbent nominees and none of the three nominees proposed by hedge fund Standard General, which owned 7% of TEGNA’s shares. The dissident hedge fund had run a short slate of four candidates the previous year, in what was then the first ever contested virtual proxy contest, when it also failed to win a single seat. This year’s proxy contest also proved to be the first of its kind, as noted below.

With the company’s share price at an all-time high, indicative of its financial and operational outperformance in a challenging year, and subscription revenues exceeding even pre-Covid guidance, Standard General’s operational attacks found no traction. Instead, Standard General pivoted to a different line of attack, claiming diversity, equity and inclusion (“DE&I”) issues at TEGNA, initially based on an incident cited by a nominee who withdrew midway through the campaign for conflict reasons, but later extending to wider DE&I attack themes to a level not seen in prior contests.


Environmental, Social, and Governance Theory: Defusing a Major Threat to Shareholder Rights

Richard Morrison is a Research Fellow at the Competitive Enterprise Institute. This post is based on his CEI memorandum. Related research from the Program on Corporate Governance includes The Illusory Promise of Stakeholder Governance by Lucian A. Bebchuk and Roberto Tallarita (discussed on the Forum here); Companies Should Maximize Shareholder Welfare Not Market Value by Oliver Hart and Luigi Zingales (discussed on the Forum here); and Reconciling Fiduciary Duty and Social Conscience: The Law and Economics of ESG Investing by a Trustee by Max M. Schanzenbach and Robert H. Sitkoff (discussed on the Forum here).

The concept known as environmental, social, and governance (ESG) theory has a long history of similar, predecessor concepts both in academic literature and in the business world. For over a century, critics of the market economy, largely inspired by progressive political goals, have argued that for-profit corporations should not limit themselves to seeking profits for their shareholders, but should engage—or be required to engage—in various sorts of activism to address social problems and concerns. This movement grew up alongside evolving expectations of social responsibility within the business community that motivated many managers and executives to provide a range of services voluntarily to employees and to their local communities.

Some of the progressive-minded reforms of yesteryear have been beneficial, some have had little observable effect, and some have been disastrous. Many others have simply been superseded by evolving social attitudes that eventually rendered previously cutting-edge theories out of date, including cases in which the benefits bestowed by corporate benefactors were soundly rejected by subsequent generations of intended beneficiaries.

More recently, the ESG framework has been embraced by government agencies, quasi-government entities such as those affiliated with the United Nations, non-profit advocacy groups, financial ratings firms, and influential policy organizations like the World Economic Forum. Many of these organizations have taken it upon themselves to create complex sets of principles and rating systems for all the various environmental, social, and governance priorities companies should ostensibly be pursuing.


How to Regulate De-SPACs as IPOs

Harald Halbhuber is a Research Fellow of the Institute for Corporate Governance & Finance and New York University School of Law.

On April 8, 2021, John Coates, the Acting Director of the SEC’s Division of Corporation Finance, issued a statement on “SPACs, IPOs and Liability Risk under the Securities Laws” (discussed on the Forum here). It thoughtfully raises several important questions regarding the future regulation of SPACs. One such question is whether the SEC should treat the “de-SPAC” transaction through which a SPAC takes a private company public as the “real IPO.”

This post does not address whether de-SPACs should be regulated as IPOs. Such regulation could come from Congress or from the SEC, where it would require new rulemaking. Instead, I describe how the SEC could adopt such a rule under its existing authority, if it decides that doing so would be in the public interest. As I discuss below, one way the SEC could do this is by focusing on the decision that SPAC shareholders make to release their cash in the trust account when the SPAC acquires its target. Blunt application of IPO rules to de-SPACs may ultimately not be the right answer, but the decision-based framework suggested here can help guide the SEC’s approach. This post is based on a larger project on SPACs that I plan to present in a forthcoming paper.


Tower Versus Tower: Implications of SPAC Shareholder Litigation for the D&O Insurance World

Boris Feldman is a partner at Freshfields Bruckhaus Deringer LLP.

Historically, bubbles are followed by suits. After the Dot-Com Boom came the Dot-Com Bust, along with years of shareholder litigation. Ditto for the Credit Crunch. As we emerge from The Lockdown, SPACs are enjoying roaring popularity in the capital markets. Presumably, at some point the market will turn. Some SPACs no doubt will perform well and become models of business success. For those SPACs that do not thrive after going public, one can anticipate that the plaintiffs’ securities bar will be innovative in devising claims. This post is not about that.

Rather, this post ponders what a wave of SPAC shareholder suits may mean for the Directors and Officers Liability Insurance industry. My hypothesis is that, in the coming years, we may experience a volume of coverage disputes not seen in the shareholder litigation world since the individual/entity allocation battles of the 1990s. These disputes may be, not just between insured and insurer, but also between the different towers of insurance implicated by the lawsuits. Before the wave comes ashore, it may be useful for future participants to contemplate which conflicts will emerge and how they might play out.


The Promise of Diversity, Inclusion, and Punishment in Corporate Governance

James C. Spindler is Hart Chair in Corporate and Securities Law at the University of Texas Law School, and Professor at McCombs School of Business; and Jeffrey Meli is Head of Research at Barclays. This post is based on their recent paper. Related research from the Program on Corporate Governance includes Politics and Gender in the Executive Suite by Alma Cohen, Moshe Hazan, and David Weiss (discussed on the Forum here).

In a recent trend, “governance inclusion mandates” intercede directly in internal corporate governance by requiring specific changes to board membership. Some are “constituency mandates,” which add representatives of a specific constituency to the board; an example is the Accountable Capitalism Act, a plank of Senator Elizabeth Warren’s recent presidential bid, which would require 40% of the directors of large firms to be selected by the firm’s employees. Others are “diversity mandates,” which require minimum levels of board membership of females or members of underrepresented communities; examples include California’s A.B. 979 and NASDAQ’s recent proposal for listed companies. Underlying these proposals is the conjecture that inclusive boards will, somehow, make better decisions—and, in particular, more socially responsible decisions—than laissez-faire, market-constituted boards.

In a forthcoming paper, we develop a framework to assess if, and how, board inclusion mandates can lead to more pro-social corporate decisions. Underlying our framework are two principal assumptions about what it means to be included in corporate governance and, in particular, in the corporate board room. First, the board room represents a sort of Coasian bubble, in which its participants are able to bargain efficiently (or, at least, more efficiently than those outside it). Second, the director’s privilege is a sort of property right, in that those possessing it will garner a greater fraction of corporate surplus, ceteris paribus, than those without. Overall, then, inclusion in the board room is valuable, and those so included will use it to maximize their objectives, whatever those may be. With such tools at hand, it is possible to say something about the channels through which inclusion mandates work, and how to engineer them to have socially beneficial effects.


When a Company Takes a Stand, What is the Board’s Role?

Maria Castañón Moats is Leader and Paul DeNicola is Principal at the Governance Insights Center, PricewaterhouseCoopers LLP. This post is based on their PwC memorandum. Related research from the Program on Corporate Governance includes Corporate Political Speech: Who Decides? by Lucian Bebchuk and Robert J. Jackson Jr. (discussed on the Forum here); The Untenable Case for Keeping Investors in the Dark by Lucian Bebchuk, Robert J. Jackson Jr., James David Nelson, and Roberto Tallarita (discussed on the Forum here); and The Politics of CEOs by Alma Cohen, Moshe Hazan, Roberto Tallarita, and David Weiss (discussed on the Forum here).

Corporations are playing an increasing public role in some of today’s biggest hot-button conversations. More and more, their investors, customers, employees, and other stakeholders look to them to take a stand on issues such as climate change and racial justice. But, given the controversy around social issues like these, weighing in on sensitive topics may be riskier than ever.

These are uncharted waters for a lot of companies. Many boards of directors are asking themselves how they can help navigate them. With CEOs and other top executives increasingly making headlines for the stances they take, directors have an important oversight role to play.

What’s at stake

There’s nothing new about companies weighing in on public policy matters, even controversial ones, when they affect their business interests. That can mean public comments from CEOs or other executives. It can also take the form of corporate political giving. Companies believe supporting candidates will help ensure that their voices are heard when laws are being debated that may affect their business. The same goes for contributions to trade organizations and other groups that lobby and fund campaigns.


FinCEN Commences Rulemaking Process for Implementation of Corporate Transparency Act Requiring Disclosure of Beneficial Ownership Information

Betty Santangelo and Joseph P. Vitale are of counsel, and Melissa G.R. Goldstein is special counsel at Schulte Roth & Zabel LLP. This post is based on an SRZ memorandum by Ms. Santangelo, Mr. Vitale, Ms. Goldstein, and Kyle B. Hendrix.

On April 5, 2021, the Financial Crimes Enforcement Network, a bureau of the United States Department of the Treasury (“FinCEN” and “Treasury,” respectively) issued an advance notice of proposed rulemaking (“ANPRM”) beginning the process of implementing regulations under the Corporate Transparency Act (“CTA”). Enacted by Congress on Dec. 31, 2020, as part of the National Defense Authorization Act, the CTA requires certain companies created or registered to do business in the United States (each, a “Reporting Company”) to report certain identifying information, such as beneficial owners of 25% or more and certain control persons, directly to FinCEN. That information is to be held in a non-public database maintained by FinCEN and will be shared with law enforcement and federal regulators, among others. The reporting obligations discussed herein will only take effect upon the promulgation of final regulations by FinCEN, which FinCEN is required to issue by Jan. 1, 2022. The ANPRM is the first step in this rulemaking process and requests public comment on numerous questions relevant to the implementation of the CTA. Comments are due May 5, 2021. Additionally, within a year of issuing a final rule under the CTA, FinCEN is required to issue implementing regulations to revise the existing customer due diligence (“CDD”) rule to align it with the CTA implementing regulations.

This post highlights certain aspects of the CTA and the ANPRM including implications of the CTA on investment funds and their advisers.

Information to Be Reported

The CTA requires each Reporting Company to disclose information regarding (1) its beneficial owners and control persons, (2) individuals who register the Reporting Company or file the application necessary for the Reporting Company to do business in the United States (“Applicant”) and (3) other identifying information of the Reporting Company itself.


Page 5 of 8
1 2 3 4 5 6 7 8