Modern realities force boards to take new approaches to confront these three trending topics.
The complexities of today’s economic, social, and environmental landscape place increasing expectations on boards to have plenty of expertise in carrying out their fiduciary duties. To help boards navigate the many challenges confronting them, the Society for Corporate Governance (SCG) covered a wide range of topics at its 2021 National Conference under the theme the “New Era of Governance.”
Speakers addressed everything from ethics to the ongoing impacts of COVID-19, and the mounting importance of environmental, social, and governance considerations (see our previous blog “The Critical Role of Boards in Addressing ESG Issues.”) To illustrate the array of issues facing boards today, we are highlighting three conference sessions on three different topics: cybersecurity, the post-COVID return of in-person vs. remote meetings, and common structures for companies seeking to go public.
In “Cybersecurity: That Was Then — This Is Now,” four experts discussed the role of boards in helping organizations address evolving cyber threats. Cyberattacks once were considered anomalies thought only to affect companies with subpar security, but attitudes have changed, said Lisa Ropple, Practice Leader for Cybersecurity, Privacy, and Data Protection at Jones Day.
“Cybersecurity risk is pervasive and has only grown as we’ve transformed into a digital world,” she says. “This has become very clear in the past 15-plus years as we’ve seen cyberattackers successfully infiltrate companies in all industries, even those with robust IS programs … As cybersecurity risk escalates, so too do our expectations for boards and companies to manage this risk effectively.”
The cyber threat landscape is changing with the changing business landscape. As companies increasingly rely on technology to be more effective at their business, they are opening more pathways for adversaries. The nature of cyberattacks also has changed dramatically.
In the past, attacks typically were surreptitious and financially motivated. Today, attackers are operating on a global scale and perform more blatant attacks, said Andy Ozment, chief technology risk officer and executive vice president at Capital One. Some motives may include disrupting the economy, disrupting a company’s operations, or stealing intellectual property. “The trajectory is clear: scary and getting scarier,” Ozment says.
Boards need to be actively involved in establishing an organization’s priorities around cybersecurity. Directors should seek to build their knowledge about cybersecurity issues, and be forthright and willing to ask probing questions. They should use executive sessions to have frank, 1-on-1 discussions with their organization’s cybersecurity leaders to reveal any red flags they should be seeking, said Myrna Soto, a Corporate Director, Board Member, and Senior Technology Executive.
“They do not need to be experts, but they definitely need to understand the potential business impacts,” Soto says. “As the threats continue to evolve, the expectations in the boardroom are escalating at a very, very rapid rate.”
Other recommendations from the panel included:
- Ensure your board includes an individual with digital expertise —someone who understands technology and the implications of a potential attack.
- Provide management with the tools it needs to do a better job translating information about cybersecurity threats for directors and other stakeholders.
- Build a thorough understanding of internal resources and assets, so the organization can fully understand the risks and quantify potential losses.
Just as millions of tiny meteoroids and other space debris hit the Earth’s atmosphere daily, companies cope with near-constant, relentless cyber incidents. Boards should be informed about the full scope of cyber threats, including the frequency of smaller events, and how quickly their organizations are able to respond and recover from more significant attacks.
“If you’re being told that there’s no cause for concern in your cyber program, that’s a huge cause for concern as a board member,” said Andrew Morrison, Principal with the Risk and Financial Advisory Practice at Deloitte LLP. “You should be aware of the threats.”
Remote Meetings & the Return to In-Person
Companies worldwide continue to feel the repercussions of COVID-19. Boards adjusted quickly at the start of the pandemic, shifting suddenly from in-person to virtual meetings. Now many are asking the question that was the title of another SCG session: “Time to Get Back Into the Physical Board Room?”
A June PwC survey found that 43% of directors said they already have started meeting back in person, and another 37% said they plan to do so during the third quarter. Video conferences are here to stay, however — more than half of survey respondents said they plan to keep at least some of their board and or committee meetings virtual, said Paul DeNicola, principal with the Governance Insights Center at PwC.
Stacy Ingram, associate general counsel and deputy corporate secretary with The Home Depot, Inc., said her company significantly changed the structure of its board meetings during the pandemic. In addition to switching to virtual meetings and halting site visits, they broke up the agenda content into more frequent, but shorter meetings to reduce the amount of time directors had to sit in front of a computer. “Staggering it out helped with managing the Zoom fatigue,” Ingram said.
Citizens Financial Group, Inc., also shifted to virtual meetings in the early months of the pandemic, but transitioned back to in-person meetings and board dinners after public health guidelines were available and they were able to work out the social distancing requirements, said Robin S. Elkowitz, the company’s executive vice president, deputy general counsel, and corporate secretary. “The thought from the get-go was that virtual was OK in an emergency situation when there was no choice, but that there is no substitute for everybody sitting in the same room,” she says.
Citizens Financial established hubs where speakers could present to board members virtually. It allows them to remain remote, without having to set up or manage the technology within their homes. Elkowitz says the company likely will continue the hubs post-pandemic, as it makes things a lot easier logistically. They also likely will continue sending board materials exclusively electronically in advance of meetings. The company provided them electronically before the pandemic, but some directors inevitably requested hard copy books once they arrived at the meetings. Those individuals have since become accustomed to reviewing materials on their tablets or computers, she said.
Home Depot’s board plans to host its first in-person meeting later this summer. Going forward, the company may look at holding shorter, virtual meetings on specific topics to cut back on the longer, in-person board meetings. Staggering the content and breaking it up has resonated well, and likely is something they will continue, Ingram adds.
Both companies will be flexible in the future and allow board members to attend virtually when needed. The panelists agreed that the importance of being agile and flexible has been a major lesson from the pandemic.
“It showed us that all of our preparation for crisis management was worth it,” Elkowitz says. “By making sure you’ve got all of the tools in place, we were able to pivot when we needed to, and really not miss a beat. I think we have more confidence that should something come up again, we will be prepared.”
Building a Public Board: SPAC, Direct, or IPO?
For companies looking to go public, determining how to structure the sale and the new public board can be critical, but complex questions. In the session, “Going Public: SPAC, Direct or IPO,” three experts discussed Initial Public Offerings (IPOs), Special Purpose Acquisition Company (SPAC) IPOs, and Direct Listings.
In an IPO, a private company raises capital by selling shares to the public with the help of an underwriter, says Candace Jackson, then assistant general counsel for corporate and securities at Aerion Corp. Sometimes, the company’s existing stockholders participate in the offering and their shares are registered and sold along with those being offered by the company.
In a SPAC transaction, a new shell company (i.e., a special-purpose acquisition company) is formed and sold for the sole purpose of acquiring the private company. Investors buy common stock shares, as well as warrant coverage, which gives them the right to purchase additional shares in the future.
In a Direct Listing — which is the least common of the three types of transactions — the company’s existing shareholders sell their shares directly in the open market, as opposed to having an underwriter playing an intermediary role.
In structuring the new public board, companies generally should consider what qualifications existing and prospective board members bring to the table. Boards should include a mix of industry and operational expertise, finance, and accounting expertise, as well as technology, cybersecurity, and risk management expertise. At least three directors need to have sufficient financial acumen, including at least one with significant finance or accounting experience. Depending on the industry and the scale of the business, companies might also benefit from having directors with regulatory expertise or experience leading or overseeing global companies.
Diversity should be top of mind for companies recruiting an initial public company board, Jackson said. Some states — like California — have explicit requirements, and others require disclosure of board diversity statistics. Many companies have started to enhance board diversity in anticipation of new proposed rules that would require all companies listed on NASDAQ’s U.S. exchange to publicly disclose consistent, transparent diversity statistics regarding their boards.
Boards also need at least one independent audit committee member and two independent compensation committee members at the time of the public listing. Within a year of going public, the board has to be majority independent, and all of the committees have to be fully independent. Private companies with existing investor representatives will need to evaluate those directors early on, and plan to replace any who may not be independent within the first year of going public.
“The key word is balance,” Jackson said. “Regardless of which path you take to becoming a public company, you want to have a well-balanced board.”