Black Swans and White Elephants
A recent essay from the National Association of Corporate Directors (NACD) provides useful guidance on how boards may prepare themselves for risks associated with external volatility.
The essay describes a “black swan” as a risk event that is both improbable and difficult to predict (e.g., the COVID-19 epidemic). “White elephant” refers to a risk event that is apparent, yet difficult to address (e.g., Brexit). According to NACD, it is during these types of risk events that board oversight of management is especially critical for corporate strategic success. Preparation for all types of risk becomes an important indicium of effective oversight.
NACD recommends that boards leverage the current white elephant and black swan events to identify areas in their own companies where vulnerabilities could arise and threaten business strategy in both the short and long terms. This process would incorporate a combination of (i) being more fully informed about the company’s risk appetite, planning and mitigation strategies, and (ii) pursuing open and active communication with management concerning the company’s response to unforeseen risks. This is particularly because most enterprise risk programs do not contemplate disruptive risks.
The analysis suggested by NACD is particularly relevant given the recent Delaware decisions in Marchand and Clovis, which appear to hold boards to a higher standard for their oversight responsibilities.
The New ACC Survey and Its Governance Impact
The newly released 2020 Chief Legal Officers Survey from the Association of Corporate Counsel (ACC) informs the board’s ability to exercise its responsibility for oversight of the company’s legal department.
Overall, the ACC findings underscore the organizational value of a CLO hierarchically positioned to influence corporate strategy. This latest edition of the survey confirms the upward progression of the CLO to positions of power and influence within the company, and to assume duties beyond those of technical legal expert. It ratifies as “best practice” the CLO’s direct reporting relationship to the CEO, but suggests that the subject of the CLO’s interaction with the board needs further attention. The survey results also provide interesting observations on the coordination of the company’s legal, risk and compliance functions.
The survey results should prompt leadership reconsideration of whether the CLO has effective access to the board. Given that the CLO also serves as the board’s chief legal advisor (absent conflicts), the data indicates that there is still work to be done to ensure a direct line of reporting from the CLO to the board, as well as the CLO’s participation in regularly scheduled meetings of the board and its key committees.
The board committee responsible for oversight of the department of legal affairs may benefit from a review of the ACC survey and a discussion with the CLO regarding its results and observations.
Corporate Purpose and Climate Change
The 2020 version of BlackRock Chair Larry Fink’s influential letter to CEOs places climate change at the very top of the corporate board’s social responsibility agenda.
Mr. Fink describes climate change as a defining factor in companies’ long-term prospects, and as the quintessential investment risk that, to date, markets have been slow to recognize. He predicts a significant reallocation of capital into sustainable strategies and a need for companies to prepare to navigate such a transition. He perceives a meaningful role for companies and investors, along with government, to pursue a “just and fair” energy transition (one which he recognizes will take decades).
Mr. Fink’s articulated strategy is consistent with those expressed in his prior CEO letters, which stress the relationship between long-term profitability and the relationship between purpose and the interests of a broad range of stakeholders. He continues to advocate for a strong sense of corporate purpose and a commitment to stakeholders as an effective way for companies to connect better with their consumers and adjust to society’s evolving demands.
The relevance of the BlackRock position to nonprofit and privately owned health systems is indirect, and lies in the growing value attributed to socially responsible expressions of corporate purpose. Health systems are well advised to to increase both their awareness of climate-related risks and their commitment to pursuit of sustainability.
Individual Accountability
Two recent, highly public developments showcase prominent executives being subjected to significant civil penalties arising from allegations that they bore responsibility for corporate scandals to which they contributed, directly or indirectly.
In one situation, a federal regulatory agency issued a notice of charges against five former senior executives of a major financial services organization for the executives’ roles in the organization’s systemic sales practices misconduct. The relief sought includes significant civil money penalties. At the same time, several former officers entered into settlements, with terms ranging from a lifetime industry ban and a $17.5 million civil money penalty against the former CEO, to a personal cease-and-desist order and assessment of $1.25 million against the former CRO.
The other development was also well publicized: Major League Baseball’s decision to suspend for one year both the general manager and the manager of the Houston Astros for their role in the infamous electronic sign-stealing scandal, and their subsequent termination by the Astros. This action involving two senior executives of a highly sophisticated business organization is perhaps more consistent with disciplinary measures taken by a self-regulatory organization (or a governing board) than a governmental agency.
The underlying emphasis on individual accountability in these two prominent examples might cause executive angst—to which boards may need to respond, both proactively and appropriately.
Corporate Codebreaker and Corporate Compliance
New developments in the Houston Astros’ “Operation Codebreaker” scandal suggest that boards should focus closely on their role as overseers of their organizations’ culture of compliance.
These developments, which detail the scandal timeline, document a comprehensive, top-to-bottom effort by employees to engage in competitively driven activity they knew, or should have known, was in clear violation of established rules. This case thus serves as an extraordinary example of how a sophisticated business organization led by accomplished executives can fail, in a spectacular manner, to maintain a framework of ethics and commitment to applicable rules.
Health industry boards may wish to use this scandal as an opportunity for corporate introspection and re-examine the effectiveness of their own obligations to exercise oversight of the organization’s commitment to compliance and ethics. Could a similar situation arise within our own company? How would our employees react to similar challenges?
This review could logically lead to a re-evaluation of the strength of the corporate compliance program and the extent to which the code of ethics is accepted throughout the organization. Issues such as funding for compliance and ethics staffing, compliance education and monitoring, compensation for compliance officers, the company’s approach to corrective action and its alignment of compensation incentives with ethical goals are all fair game for board consideration.
Board Oversight of Cybersecurity
Board committees with responsibility for cybersecurity, technology and data privacy may benefit from recent guidance on their roles from two separate federal agencies.
A recent blog post from the Federal Trade Commission (FTC) Consumer Protection Bureau provides the agency’s perspective on the roles and responsibilities of both the board and the executive leadership team with respect to the sufficiency of enterprise risk programs intended to identify, evaluate and manage data and information security concerns. According to the FTC blog post, a principal feature of the agency’s template for remedial orders is the requirement that executive leadership summarize the company’s written information security program for board oversight and review at least annually. The FTC is committed to improving corporate governance on data security issues and to encouraging boards to become more involved in cybersecurity governance, for example by including the chief information security officer (or equivalent) in the top management team and ensuring that officer’s access to the board.
In addition, the US Securities and Exchange Commission Office of Compliance Inspections and Examinations issued recent guidance (“Cybersecurity and Resiliency Observations”) that addresses expectations regarding governance and risk management. These include a “tone at the top” exercised by senior leaders committed to improving their organization’s “cyber-posture” by means of working with others to understand, prioritize, communicate and mitigate cybersecurity risks.
The office also recognizes the following elements of effective board cybersecurity risk management programs:
- A risk assessment designed to identify, analyze and prioritize the company’s cybersecurity risks
- Formal policies and procedures addressing those cybersecurity risks
- Effective implementation and enforcement of those policies and procedures
- Comprehensive testing and monitoring to validate policy effectiveness
- Continuous evaluation and adaptation of policies to changes
- Timely communications to decision-makers on cybersecurity information.
CEO Conflict of Interest
Recent coverage in The New York Times details how questionable expenditures by a CEO prompted an internal investigation so controversial that it led to her resignation and that of several trustees.
The controversy arose from an internal investigation of the circumstances of the CEO’s wedding, prompted by a complaint of an undisclosed nature. The investigation concluded that the CEO violated organizational policies on conflict of interest as they relate to the use (or the appearance of use) of an executive position for personal gain.
The allegations included using a resort-style property for the wedding ceremony for free; providing the nonprofit affiliated with that property free use of the organization’s physical space for meetings; obtaining a discounted wedding dress from a noted designer and then providing the designer a free ticket to an organizational gala; and using organizational staff members to help publicize her wedding. Six trustees of the affiliate subsequently resigned from the affiliate, in protest of what they believed was unwarranted punishment of the CEO given the circumstances.
This saga provides a useful example of how controversial conflicts of interest policies and codes of ethics can be when applied to nuanced activities and appearances. It also speaks to the importance of full board and executive appreciation of the goals and objectives of conflicts and ethics policies, especially in connection with the extension of health system policies to affiliated or subsidiary organizations.
Professional Responsibility Development
The public censure of a prominent lawyer provides a powerful reminder on the need for clarity on several aspects concerning the scope and nature of the general counsel’s representation.
The new state Supreme Court decision stems from the appearance of a general counsel on behalf of her organizational client and several of the organization’s executives in a grand jury proceeding, and her subsequent grand jury testimony that resulted in potential criminal liability for the executives.
The three executives reasonably believed that the general counsel was their personal lawyer before the grand jury. She communicated with the executives about their appearances before the grand jury, and she identified herself to the grand jury as representing the executives while appearing before the grand jury. She did not explain to the executives or to the grand jury any limitations regarding the scope of her representation. The conclusion that the executives were also the general counsel’s clients led directly to the finding that the general counsel violated three separate rules of professional conduct.
As such, the decision provides an important opportunity for the general counsel to confirm fundamental representational matters with her internal clientele.
Warren Buffet on Corporate Counsel
The 2020 version of Warren Buffett’s annual letter to Berkshire Hathaway shareholders includes several pointed observations on corporate governance topics that may be of broad educational value.
In his comments, Mr. Buffett expresses doubt as to whether audit committees are capable of addressing issues presented by managers and CEOs who are inclined to “play with the numbers” in order to “hit the number.” He also suggests that the work of compensation committees has become unnecessarily complex and overly reliant on the input of consultants.
Importantly, Mr. Buffett endorses the principle of a regularly scheduled “executive session” of directors (usually the independents) from which the CEO is excluded, in order to foster truly frank discussions of a CEO’s skills, acquisition decisions and compensation.
More pointed are his observations about acquisition proposals presented to the board, and whether those proposals are fairly vetted in the interest of the shareholders and mission. He expresses a similar level of concern with the potential for director compensation to subconsciously affect the boardroom behavior of directors for whom such fees are important. He also criticizes director nomination processes led by CEOs who are looking for directors more likely to be “cocker spaniels” than “pit bulls” in their exercise of independent judgment.
In these and other respects, Mr. Buffett’s comments offer an opening for broader board discussion of sensitive issues of corporate governance.
Protecting the Chief Compliance Officer
A prominent bar association’s warning of increasing liability exposure for chief compliance officers deserves notice by the board’s audit compliance committee.
Defending Tax-Exempt Status
Several recent events provide additional impetus for the leadership of tax-exempt health systems to develop proactive defenses of their system’s exempt operations. This has been a recommendation since enactment of the Tax Cuts and Jobs Act, but it has received renewed attention in light of the following developments:
- A new study suggesting that leading nonprofit hospitals offer disproportionately less charity care
- A major op-ed essay in The New York Times positing that nonprofit hospitals “are too profitable”
- Potential tax revenue needs arising from various broad spending proposals by the progressive US presidential candidates (as highlighted by the recent debates).
Boards of directors and executive leadership of tax-exempt healthcare systems should consider investing greater effort in communicating the worth of their charitable purposes and activities to both internal and external audiences. Critical to such an effort will be clear articulation of how the delivery of healthcare services through a tax-exempt, nonprofit model is distinguishable from the delivery of such services in a proprietary model. It will also be vital for the health system governing board to be fully engaged in ensuring operation of the system as a whole for exempt purposes.
This effort can be manifested in a series of tangible ways:
- Emphasizing the achievement of charitable purposes through the strategic plan
- Highlighting research and education as a priority
- Confirming that the compliance officer monitors compliance with the various Section 501(r) requirements for charitable hospitals
- Negotiating provisions in key service agreements, joint venture agreements and major transaction documents that preserve the tax-exempt organization’s control over exempt purposes and prevent unreasonable benefits to private parties.