ach year, Corporate Board Member magazine and FTI Consulting survey public company directors and general counsel about the legal and governance issues that worry them the most.
Early this year, more than 550 directors and general counsel participated in the 2013 Law and the Boardroom study, providing a wealth of perspectives about their worries, their most time-consuming issues and key trends.
As in 2012, information technology (IT) risk — from hacking, security breaches and other problems — was a top area of concern for both groups. However, a new challenge emerged this year from the strengthening economy and the resulting increase in merger and acquisition (M&A) activity. Companies now are seeking different operational efficiencies and strategies to help them stand out in the M&A market, and our survey revealed that this is creating various governance challenges for both directors and general counsel. The 2013 survey disclosed two other surprises: in strategic planning and succession planning. Neither was on 2012’s worry list, and this year’s survey did not specifically ask about them. Yet respondents were worried enough about these two challenges to have written in about them. Many directors say they will be spending more time on strategic planning this year, and succession planning is the top issue (tied with data security) most likely to keep them awake at night.
Here is a closer look at the five broad areas of concern for directors and general counsel.
M&A, strategic planning and operational effectiveness
As the economy recovers, companies are beginning to respond to pressure from shareholders to find new ways to grow. The M&A market appears poised to fill this need, since it helps companies expand domestic and international markets, add products to existing portfolios and become more efficient. Over $158 billion in deals have been announced so far in 2013 — more than double the activity during the same period last year — according to Thomson Reuters Deals Intelligence.
So it’s no surprise that over one-third of those surveyed (42 percent of directors and 36 percent of general counsel) say M&A preparedness is one of the top issues likely to require the greatest time commitment from boards in 2013. General counsel also say M&A will be a top issue for their in-house legal department, and transaction risk is one of the top five issues directors are worrying about this year.
Allen Applbaum, Senior Managing Director and Global Co-leader of the FTI Consulting Global Risk and Investigations group, warns companies to weigh the risks, as well as the opportunities, of potential M&A partners. “The operational and reputational consequences of forming a close relationship with the wrong company and/or the wrong leadership team can be severe,” he said.
Moreover, serious problems often are not evident at first glance, especially in emerging markets. “A rigorous due diligence process, including a full program of research and analysis to vet the parties on the other side of the deal, is the best insurance against unwelcome surprises,” Applbaum added. Efficient operations and a sound corporate strategy give a company a position of strength in the M&A marketplace. Both directors and general counsel surveyed say that operational effectiveness and efficiency are among their top concerns; both also say they need better information and reporting on strategic planning and enterprise risk management. In addition, GCs worry about corporate reputation and expect to spend additional time on patent prosecution and intellectual property (IP) management.
Compliance, conduct and social media
Compliance never has been as overwhelming for publicly traded companies as it is now, and boards and general counsel face greater responsibilities than ever in this realm. The Dodd-Frank Wall Street Reform and Consumer Protection Act alone has imposed over 400 mandates in its 2,300-plus pages, and the U.S. Securities and Exchange Commission (SEC) and the Public Company Accounting Oversight Board (PCAOB) are issuing new rules and guidelines regularly. Not surprisingly, general counsel say that regulatory compliance tops their list of concerns, and that it is their #1 issue requiring better information and reporting. Regulatory compliance also was among the top five concerns for directors.
Respondents were asked specifically about the Foreign Corrupt Practices Act guide recently released by the Department of Justice and the SEC, along with the October 2011 SEC guidance on disclosure of cyber breaches. While both sets of guidelines affect enterprise risk management, only about a third of GCs and even fewer (25 percent) of directors say they have discussed these guidelines with their board.
Both government and internal investigations have increased sharply in the past few years, raising new ethical questions about disclosure, proper process and risk management. This year, we asked both directors and GCs whether boards should disclose internal investigations involving one or more members of the executive team. The vast majority — 82 percent of GCs and 63 percent of directors — say these internal investigations should be kept quiet. Significantly, a third of the directors dissented.
Martin Wilczynski, Senior Managing Director and leader of the FTI Consulting Forensic Accounting and Advisory Services group, says it is risky to withhold information from regulators about investigations. He points out that under the SEC’s whistleblower bounty incentive enforcement program, companies that hide their problems jeopardize their ability to receive cooperation credit if a whistleblower reports the investigation first.
“Potential misconduct or allegations involving senior management must be investigated with urgency, be thorough, and be particularly focused and well-executed to gather the salient facts necessary to support a well-conceived disclosure decision,” Wilczynski added. “Failing to investigate and consider all relevant risks could result in a costly and unnecessary disclosure of immaterial facts — or, worse, turn into a crisis or damage the company’s reputation. So it can be a mistake not to disclose an investigation involving potentially material information.”
Employee buy-in is essential to instill a strong compliance culture. The survey group was asked whether the values and ethics stated in their company’s code of conduct promoted compliance. About two-thirds of directors and GCs are quite confident that this is the case, with the remaining third at least somewhat confident. Fully 80 percent of both directors and general counsel say their company’s code of conduct has been reviewed in the last year.
Social media has created unprecedented compliance challenges for companies, especially in the way information is shared. Early this year, the SEC ruled that social media outlets must follow the same disclosure rules as corporate websites. Following the uproar over Netflix CEO Reed Hasting’s disclosure of a Netflix viewing milestone on Facebook, many compliance experts now recommend that companies have formal policies in place for sharing information on social media. Yet more than 20 percent of survey respondents say their company does not have such a policy, and another 38 percent are unsure.
Moreover, only 16 percent of directors say they have formally discussed social media issues and are confident their board understands the associated risks. Another 37 percent say they’ve discussed the topic but need additional information to feel comfortable with the risks and the corresponding strategies; disturbingly, 26 percent say their board has no plans to discuss social media issues. As companies expand their use of social media for communicating, the need for formal policies will only become more urgent.
“The SEC has recognized that social media is a real and valuable disclosure medium for communicating with a critical subset of stakeholders,” said Elizabeth Saunders, Senior Managing Director and Americas Chairman of the FTI Consulting Strategic Communications practice. “The SEC also realizes that some very important followers use social media as their primary source of information and that social media might be the right disclosure medium in some cases. Thus, organizations can’t ignore social media as part of their communications program to investors and stakeholders.”
Data/IT security and cyber risk
Like a game of Whack-A-Mole, online threats emerge at a moment’s notice and from unexpected places, and dealing with them is expensive. In 2012, companies spent an average of $8.9 million fighting problems stemming from denial of service, malicious insiders and attacks on websites, according to the Ponemon Institute. Cyber crime can quickly cripple a company’s operations and communications and undermine trust from stakeholders and the public.
Not surprisingly, data security ties with succession planning as the top issue that keeps directors awake at night, and cybersecurity is second only to regulatory compliance as the top worry for general counsel. Both groups say data security will consume much of their board’s time this year, although GCs predict they will be spending more time on the subject than board members. This suggests that GCs may think directors underestimate the extent to which legal departments are prepared to deal with this matter.
Directors also say they need additional information about IT strategy/risk, while general counsel feel the same about e-discovery and data management. Interestingly, neither group gives the other high marks on how well e-discovery and cyber risks are managed. And neither group has much confidence in their company’s ability to detect a cyber breach quickly or to determine whether data have been compromised. About a third of GCs and less than a quarter of directors feel “very confident” in their company’s ability to respond. While more than half of both groups (63 percent of directors and 51 percent of GCs) are at least somewhat confident in their company’s ability to handle a breach, that may not be enough in this new era of escalating risks.
Michael Pace, Senior Managing Director and Global Co-leader of the FTI Consulting Global Risk and Investigations group, says many clients — particularly in high-tech, pharmaceuticals and certain government contractor segments — are concerned about data protection and security. “On the response side, we’ve seen a significant increase in our investigative work for companies that are faced with many aspects of data security — hacking and intrusions, breaches of sensitive personal or proprietary information, or foreign nationals who may be funneling trade secrets or IP to foreign competitors or governments,” Pace said. “It’s classic economic espionage”.
“To help companies manage and mitigate this risk, FTI Consulting helps companies inventory and map their IP assets, secure their data, and test their networks and systems for gaps and vulnerabilities. Since IT infrastructure and technology can be difficult topics for non-technology executives to grasp, FTI Consulting also works with clients to de-mystify the entire IT/cyber arena,” Pace says.
Executive compensation and succession
Executive compensation has drawn greater public scrutiny over the past few years than nearly any other governance issue. Boards must grapple with matters such as how to use stock options, the ratio of the chief executive officer’s (CEO) salary to the average employee’s, peer group comparisons and the decision of whether to use a compensation consultant. While compensation is not one of the top concerns keeping directors and GCs awake at night, 60 percent of directors say this subject will demand a lot of their time this year, as do 46 percent of GCs. Moreover, 71 percent of GCs say their board will be spending more time on this topic.
Meanwhile, 74 percent of GCs say that potential conflicts of interest from compensation consultants is the top compliance concern they have reviewed with their board. It is #2 on the list for directors, second only to the PCAOB’s new auditing guidelines. Both board members and GCs generally are satisfied with how well each other manages sayon- pay/executive compensation matters.
Along with compensation, succession planning plays a critical role in retaining talent. Enough directors felt strongly enough about succession planning to have written in about it, even though the survey did not ask about the subject. As a result, leadership transition was an issue most likely to keep directors awake at night.
T.K. Kerstetter, Chairman of Corporate Board Member, said these results echo his organization’s past studies, in which board members expressed frustration with their own inability to manage succession planning. “It is no surprise that succession is one of the topics that keeps directors up at night,” said Kerstetter. “This has been the case for many years, and what is most surprising is that we don’t see the results improving each year like one would expect.”
Oil spills, tainted products, ethical embarrassments and hurricanes can devastate even strong operations and great reputations. More than a third of directors and a quarter of GCs agree they need additional information about crisis management planning. However, it is not one of their top concerns.
Among directors, 57 percent say they have reviewed the company’s crisis management plan with the executive team within the past year; however, 9 percent say their company has never done this, and another 7 percent are unsure. Only 34 percent report being “very confident” that the company’s current crisis management plan covers the contingencies needed to sustain the business if crisis events were to unfold, and 14 percent admit they are not at all comfortable in their company’s ability to handle a crisis.
“Often overlooked within an organization’s crisis management plan are procedures and protocols for communicating both internally and externally to key stakeholders,” said Saunders. “Without a communications strategy, even a company with a strong crisis control plan can see its reputation ruined and its value plummet in the investment community.
“A proper crisis communications plan should outline how the organization can anticipate and prepare for a crisis and provide clear guidelines for how to respond, control, and disseminate information internally and externally. And every company should assume that a crisis will occur,” Saunders added.
Ryan Toohey, Managing Director and Head of the FTI Consulting Strategic Communications’ Crisis and Issues Management group, recommends that companies have a “break the glass” strategy for communicating through an incident. This ready-to-use protocol enables companies to respond as soon as an incident or problem flares, prevents it from escalating into a full-blown crisis, prevents leaks of internal communications to external audiences and typically shortens the crisis period.
Most important, such a plan clarifies everyone’s responsibilities at the outbreak of a crisis, allowing the response team to avoid wasting valuable time sorting things out. “This allows management teams to focus on the ‘what’ and not the ‘how’ or ‘who’ as they work to mitigate risk and protect the organization’s brand, reputation and valuation,” Toohey said.
Companies everywhere are facing new regulations, evolving environmental and tax policies, updated bankruptcy rules and other public policy changes that could affect future growth and make planning difficult. Shareholders also are worried about the impact of these changes on stock price and company value. So this year’s legal study asked a timely question: Should the company — its board and management — get involved in helping shape public policy?
Among the directors, just over half say the CEO should participate in relevant public policy debates; 38 percent say the board should play a role and a quarter say directors should get involved personally. While 49 percent say the company should play an active role in public policy debates, 27 percent say the company should not get involved.
GCs, however, are more willing to participate. More than two-thirds of GCs say companies should play an active role in public policy debates, and only 29 percent feel the opposite. Nearly a third (30 percent) of GCs say CEOs should play an active role in relevant public policy debates.
A December 2011 FTI Consulting study found that 85 percent of investors want CEOs to be more actively involved in shaping national objectives and policies. FTI Consulting recommends that every company develop a strategic civic engagement plan that complements and reinforces its other government and investor relations messages. Well respected companies can leverage the public’s goodwill and have an impact if they advocate for good public policy along with their own interests.
A company’s planned legal expenditures provide a window into its perceptions of where the risks lie. The survey asked GCs about their company’s legal spend for the coming year, and found that most expect to disperse slightly more than previously for outside advisors specializing in M&A, compensation and succession.
Directors, meanwhile, say they need better information, processes, and reporting in the following areas to be as effective as possible in 2013: succession planning and IT strategy/ risk (tied for first place, with 46 percent of respondents), strategic planning (43 percent), crisis management plans (35 percent), competitive environment/ market landscape (34 percent) and enterprise risk management (33 percent).
Will all these continue to be burning issues? As the past several years of surveys have demonstrated, outside factors can reshuffle the priorities for directors and general counsel. The economy, the M&A market and public policy changes: All can force a company to redirect strategy. The directors and GCs at the helm must sense where change is brewing and adjust the sails accordingly.
This article summarizes the results of the FTI Consutling 2013 Law and the Boardroom Study, conducted with Corporate Board Member magazine.