Listing ETP Banner
Reference Library - Advanced Search
New! Find


** To make multiple selections, select the first criterion and then press and hold the Ctrl Key **
1- 50 of 160 Search Results for:
Libraries:   Governance Clearinghouse
Filters:   Within Last 60 days; All;

Collapse All
Printer Friendly View
Mailto Link 
Page: 1 of 4
Frequently Asked Questions
Nasdaq and the U.S. Chamber release their 3rd annual Proxy Season Update
Identification Number
Nasdaq and the U.S. Chamber release their 3rd annual Proxy Season Update
Publication Date: September 21, 2017

The U.S. Chamber of Commerce's Center for Capital Markets Competitiveness and Nasdaq partnered this fall for a survey of public companies regarding their interaction with proxy advisory firms during the proxy season. Over 140 companies responded to help policymakers better understand the relationship between public companies, proxy advisory firms, and institutional investors.


Publication Date*: 9/21/2017 Identification Number: 1428 Mailto Link
Frequently Asked Questions
Ransomware Defense for Boards by Betsy Atkins with input from Bill Lenehan
Identification Number
Ransomware Defense for Boards by Betsy Atkins with input from Bill Lenehan
Publication Date: September 20, 2017

For all the clever coding involved, most ransomware delivers a very crude but deadly message when it strikes your company. Important company files are locked, and may be destroyed, unless you pay a specific ransom amount, anonymously, with a short deadline. At that point, panic sets in. But if your top management, IT team and board of directors have devoted some time, thought and resources in advance, you'll know how to respond (and might dodge the bullet altogether).

In my own recent boardroom experience, how boards should deal with cybersecurity is one of the hottest topics. I've been an evangelist for getting boards active in setting and assuring effective corporate digital policies. Much of this should be basic good governance for the twenty first century. Realize that a cyber-attack is now a matter of when not if. Make your board digitally savvy so it can ask smart questions on technology, threats, and liabilities. Assure things like up-to-date platforms, software, and third-party testing.

I should note that the majority of company hacking attacks still involve these conventional threats -- the cyber equivalent of smash-and-grab theft. However, the special dangers posed by digital hostage taking demands a unique corporate governance role. If regular hackers penetrate your systems to steal money or data, there are few shades of grey. There may be debates between IT and the rest of management on budgeting for safeguards (the board should be IT's advocate and "nudger" on this, by the way). However, the priorities after a conventional breach are never in doubt -- assess and limit the damages and learn from the attack.

Ransomware is existentially different and goes to the heart of a board's governance and fiduciary role. Do we as a company pay a ransom demand or do we take the moral high ground and say no? Your board needs to tackle this question, with its uncomfortable blend of technology and ethics, now, before an attack. The major ransomware strains, such as Petya and WannaCry, offer a short time frame (sometimes as little as 24 hours) to pay up or face the consequences. Convening a board meeting that quickly to deal with a flash crisis would be both impractical and unwise. Further, the actual ransom itself can be oddly small. Would you really convene an emergency board session to discuss expending $1,000?

Real-world board experiences with ransomware suggests there is a better way. I've seen ransom demands first-hand at one of my boards, and spoke with Bill Lenehan, CEO at Four Corners Property Trust, who's also faced these traumas. We have observed a number of effective strategies specifically targeted at dealing with the unique threat of a ransomware attack:

Have the ethical discussion before a ransomware attack occurs. Your top executives and IT staff need guidance from the boardroom on the big question of whether or not the company should submit to a demand for ransom. The decision is not an easy one; losing business (and perhaps the business itself) by taking the moral high ground is not your call as a shareholder fiduciary. Your number one mission is to protect the business for investors. That may involve the tough decision to pay up if it will save data or needed access.

"Boards need to provide guidance and support on how this is handled," recalls Bill Lenehan. He finds laying out the issues directly to the board helps clarify their thinking. "I was talking with a 70-year old board chair, and said 'Let me throw you a curve. You're trying to close a $200 million acquisition, when suddenly, your employees get a ransomware demand for a total of $3000. If you don't pay, you jeopardize the deal, your relationship with numerous counterparties, and maybe the company itself.' The response, 'My God, I never thought of this!??'"

Hold this debate now at the board level, because when a hacker's WARNING screen pops up, it's too late for philosophy.

Shape a corporate ransomware response policy based on the ethics discussion. Take the strategic principles the board has developed for responding to ransomware attacks and turn them into a working tactical policy. Include functional steps, like who is to be notified, who makes the final payment decision, damage/cost tradeoffs to weigh, etc. Also, will you even be able to pay the crooks? It sounds distasteful, but assure that you have the mechanisms in place to quickly meet the ransom demands if you choose to.

"You don't want to be scrambling to pay, figuring out how to practically make this work," Bill Lenehan recalls from his own experience as CEO of Four Corners Property Trust. At 5:30 one morning, he received a text message from the company controller telling him there was a problem -- a short-term ransomware attack was spreading globally. "Our board chairman was out of the country, hours behind us, so what do I do as CEO? Would I pay, or not pay, do I need to inform my board, or just hurry to set up a Bitcoin account?"

The CEO and other staff should not have to make these decisions on the fly -- and if they do, it's the fault of the board, which didn't prepare in time. "Ransomware is not the fault of the CEO," notes Lenehan. "It's like a school snow day -- you have to set your decision policies in advance." (Lenehan also notes that his small company has a staff of 12, and is as far off the business news radar as can be -- yet hackers still found them).

No policy can mean inability to respond at all. At a major company whose board I had served on, we faced a short-term ransomware demand, and decided we had to pay. But the hackers demanded payment in Bitcoin, and the company didn't have a Bitcoin account. This took two days to set up -- by which time the deadline had passed. In the missed deadline experience I referred to, we were able to negotiate a compromise. We were ultimately able to decrypt our files.

Also, ask what you'll do if other problems crop up. In Europe, a recent Petya attack demanded payment to the bit-napper's Posteo email account. But before victims could comply, Posteo had blocked the mailbox.

Beware risks related to ransomware attacks on third-party affiliates. Ransomware is not just an internal danger. Even after you shape a sound emergency policy for your corporate response, what about the suppliers, customers and advisors you depend on? Lenehan tells of a ransomware strike, not at his company, but at a major law firm they were depending on to close a $20 million acquisition. "The lawyers got an email from IT early in the morning telling everyone not to turn on their laptops and check them in immediately." A pending deal was suddenly frozen solid.

What would happen at this very moment if one of your top vendor's or client's IT system instantly went dark for an uncertain period of time? Are they able to back up their information with systems completely walled off from the afflicted ones?

Fight hackers with unconventional warfare. Above, I noted the generic things a board can do to improve the technical odds of avoiding and fighting cyber mischief. Push IT to innovate outside its normal comfort zone. Third-party vendors like Optiv, SecureWorks, and Stroz specialize in penetration testing, 24/7 threat monitoring and ethical hacking. Your IT staff says they have the latest software updates and threat assessments? Good -- let's contract with outside experts who can make sure. The expenses involved should be modest and today are a basic cost of doing business. Want to drive a car? You need to buy insurance. Want to operate in today's digital world? Invest in outside cyber-expertise.

Check that cyber insurance coverage is adequate. Speaking of insurance, check your liability and other business policies when it comes to hacking damages and, specifically, ransomware costs. What sort of losses are covered, which aren't, how much could ransomware losses total, what compliance measures must you have in place, and what are disqualifiers? Also, how should your company decide on making a claim? (If you file a claim for a ransomware payment of $5,000, will your premiums shoot up by ten times that amount?) "If someone demands $350 in Bitcoin, it may be like when someone keys your car in a parking lot," notes Lenehan. "Rather than making a claim, you just get it detailed out on your own dime."

Ultimately, boards and management need to respond to a ransomware crisis the same way they respond to any company crisis. They must assure good response tools and plans are in place and functioning, that tough questions are asked, and that everyone knows their role. But for the board, ransomware prep demands an added step -- asking if they're ready to make a deal with the devil.


Betsy Atkins serves as President and Chief Executive Officer at Baja Corp, a venture capital firm, and is currently the Lead Director and Governance Chair at HD Supply. She is also on the board of directors of Schneider Electric, Cognizant, and a private company, Volvo Car Corporation, and served on the board of directors at Nasdaq LLC and as CEO and Board Chairman at Clear Standards.

Bill Lenehan is the Chief Executive Officer of Four Corners Property Trust, a real estate investment trust that owns over 500 restaurant properties. He is also on the board of directors of Macy's, the department store company. Prior experience includes board service at Darden Restaurants and Gramercy Property Trust, among others. He spent ten years as an investor at Farallon Capital Management.


The views and opinions expressed herein are the views and opinions of the author at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular company, industry or security mentioned herein and nothing contained herein should be construed as legal or investment advice.

Publication Date*: 9/20/2017 Identification Number: 1427 Mailto Link
Frequently Asked Questions
The 2017 BDO Board Survey Says...
Identification Number
The 2017 BDO Board Survey Says
Publication Date: September 18, 2017

A new governance survey of public company corporate directors conducted by BDO USA, LLP provides some interesting findings. Directors were asked about the issues that boards need to manage in 2017, including tax reform (78% of directors anticipate tax reform will be achieved during President Trump's current four-year term, but just 22% believe it will occur in 2017), social responsibility (directors were split over the decision to withdraw the U.S. from the Paris Climate Accord), sustainability (54% of directors believe that disclosures of sustainability matters are important to inform investors – a marked turnabout from a year ago when less than 24% took that position) and board composition (66% of directors believe their board is already proactively addressing the issue of board diversity).

Learn more about the survey results >>
Publication Date*: 9/18/2017 Identification Number: 1426 Mailto Link
Frequently Asked Questions
Key Takeaways from Society for Corporate Governance Teleconference on Pay Ratio Rule
Identification Number
Key Takeaways from Society for Corporate Governance Teleconference on Pay Ratio Rule
Publication Date: September 15, 2017

To help companies comply with the CEO Pay Ratio Rule, which is scheduled to first be included in 2018 proxy statements, the Society for Corporate Governance published key takeaways from its teleconference on 'Pay Ratio Rules: Your Questions Answered'. The teleconference was shaped by member questions and included participation by several issuers, Compensia compensation consulting, and Skadden Arps.

Read the Key Takeaways >>
Publication Date*: 9/15/2017 Identification Number: 1425 Mailto Link
Frequently Asked Questions
Ransomware Payment: Legality, Logistics, and Proof of Life
Identification Number
Ransomware Payment: Legality, Logistics, and Proof of Life
Part One: Background and Reality
Publication Date: September 12, 2017 

Cybersecurity expert John Reed Stark has authored a three-part series of white papers offering guidance for boards of directors on the legal issues, logistical considerations and financial implications of responding to ransomware threats.

In the 2000 American thriller film Proof of Life, the title refers to a phrase commonly used to indicate proof that a kidnap victim is still alive. As an expert negotiator in kidnapping cases, Terry Thorne, played by Russell Crowe, is engaged to bargain for a corporate kidnap victim's safe return. Proof of Life's screenplay was partly inspired by Thomas Hargrove's book The Long March to Freedom, which recounts how the release of the once-kidnapped Hargrove was negotiated by Thomas Clayton, the founder of kidnap-for-ransom consultancy Clayton Consultants, Inc.

The film Proof of Life is not just a compelling narrative – its premise and main character also provide some useful insights into managing the emerging threat of ransomware. Ransomware, a special and more nascent type of malware, prevents or limits users from accessing their data by locking system screens or user files unless and until a ransom is paid.

Just like Clayton Consultants, the team advising a ransomware victim company (whether the victim is a hospital or global corporate conglomerate) must employ a thoughtful, careful and methodical protocol to survive the ransomware crisis. Like any hostage situation, when a cyber-attacker locks up critical data files the logistics and legalities of ransomware refusal, acquiescence or capitulation can be both elaborate and complicated.

To make matters worse, seeking law enforcement help for a ransomware attack unfortunately remains a very limited option. First, law enforcement has become inundated with ransomware reports and lacks the resources and wherewithal to assist victims. Second, most of the ransomware attackers are overseas, where merely obtaining an electronic evidence or interviewing a witness—let alone successful extradition and prosecution—are rarely possible. Finally, ransomware demands are often at monetary levels in the hundreds or thousands of dollars – too small to warrant federal law enforcement consideration and clearly outside of the jurisdiction of local law enforcement.

Thus, it should come as no surprise that a significant number of ransomware victims opt to pay the ransom. When padlocked files are business-critical (e.g., an important intellectual property formula); when encryption cannot be defeated (no matter how good the code-breaker) or when time is of the essence (e.g., when patient data is needed for life-saving surgery), paying the ransom can become the proverbial best worst option. Moreover, the typically de minimus ransomware payment demands (on average, about $679) are more akin to a financial nuisance than a material fiscal line-item, so from a cost-benefit perspective, payment can make the most sense.

This three-part series of articles provides guidance on the legal issues, logistical considerations and financial implications when managing ransomware threats, including an exposition of the unique issues which can arise when seeking proof of life and opting to meet the monetary demands of ransomware attackers.

Part One provides the keys to understanding the impact of recent ransomware strains, including a discussion of the nature and growth of ransomware; the dangerous aspects of some recent ransomware attacks; and the role (or lack thereof) of law enforcement when managing a ransomware attack.

Part Two will examine the intricacies involved in ransomware response including ransomware investigative tactics, ransomware payment logistics, and the legalities of ransomware response.

Part Three will cover the remaining range of key ransomware essentials including: notification requirements, ransomware remediation, and ransomware cyber insurance.

Read Part One of Ransomware Payment: Legality, Logistics, and Proof of Life >>


John Reed Stark is President of John Reed Stark Consulting LLC, a data breach response and digital compliance firm. Formerly, Mr. Stark served for almost 20 years in the Enforcement Division of the U.S. Securities and Exchange Commission, the last 11 of which as Chief of its Office of Internet Enforcement. He also worked for 15 years as an Adjunct Professor of Law at the Georgetown University Law Center, where he taught several courses on the juxtaposition of law, technology and crime, and for five years as managing director of a global data breach response firm, including three years heading its Washington, D.C. office. Mr. Stark is the author of, "The Cybersecurity Due Diligence Handbook," available as an eBook on Amazon, iBooks and other booksellers.

Publication Date*: 9/12/2017 Identification Number: 1424 Mailto Link
Frequently Asked Questions
August's Must Reads
Identification Number
August's Must Reads
Publication Date: September 11, 2017

Each month, we will scour the web to bring you the news items and thought leadership pieces you need to get the governance advantage.

1. SEC Staff Publishes Report on Access to Capital and Market Liquidity - SEC
The SEC Division of Economic and Risk Analysis (DERA) published a report describing trends in primary securities issuance and secondary market liquidity, and assessing how those trends relate to post-crisis regulatory reforms. The report was requested by Congress as part of the FY2016 appropriations process.
Read the SEC report to Congress >>

2. 2017 Proxy Season Review - Sullivan & Cromwell LLP
This publication summarizes significant developments relating to the 2017 U.S. annual meeting proxy season, including a decline in traditional governance proposals.

3. What Long-Standing Boards Can Learn From Young Directors – Boardroom Resources
A next-gen director discusses ways in which her generation is contributing in the boardroom as well as how boards should feel about recruiting younger directors.

4. Business Insider Interview with Nasdaq President, Nelson Griggs – Business Insider
Nelson Griggs discusses the IPO market and Nasdaq's Revitalize initiative, a blueprint to make the capital markets more attractive for companies thinking about going public.

5. What 11 CEOs Have Learned About Championing Diversity – Harvard Business Review
The author believes that while the business case for diversity is clear, progress within organizations has been slow, and interviews 11 CEOs who have made a public commitment to diversity about how they are creating more diverse workforces.

6. The most effective way to update the board on cyber security issues – CSO Australia
With cyber security now a top-level issue for all organizations, ensuring board members and senior managers understand exactly what is happening is critical.

7. Delaware's Most Recent Thinking on the Preferred-Common Conflict - Sullivan & Cromwell LLP
In two recent decisions, the Delaware Court of Chancery addressed the differing rights of preferred and common stockholders in the M&A context.

8. Ransomware and Corporate Governance – The National Law Review
Health system boards have been inundated over the last year with information and warnings about cybersecurity matters, and their related fiduciary obligations. Yet a new commentary published by The Conference Board is noteworthy to the extent that it focuses specifically on the governance implications of the recent WannaCry and Petya/NotPetya ransomware attacks.

9. Investor Rights, Gender Diversity Among Top Issues in ISS Survey – Bloomberg Law
Limiting shareholder rights and lagging gender diversity are among the top issues for investors, companies, and boards coming out of this proxy season, according to a set of questions posed by Institutional Shareholder Services Inc.

Publication Date*: 9/8/2017 Identification Number: 1423 Mailto Link
Frequently Asked Questions
Vanguard letter to public company directors
Identification Number
Vanguard letter to public company directors
Publication Date: September 7, 2017

Vanguard Chief Executive Officer, William McNabb, III, released an open letter to public company boards. The letter highlights Vanguard's long-term perspective, and sets forth its governance priorities with a focus on board gender diversity and risk disclosure (including climate change risk). The letter also stressed the importance of timely and substantive dialogue between companies, shareholders and activists in an effort to promote the ongoing exchange of ideas.

Read Vanguard Letter here >>

Publication Date*: 9/7/2017 Identification Number: 1422 Mailto Link
Frequently Asked Questions
Nasdaq-Listed Companies Moving the Needle on Diversity in the Boardroom
Identification Number
Nasdaq-Listed Companies Moving the Needle on Diversity in the Boardroom
Publication Date: September 6, 2017 

The discussion on gender parity in the boardroom is evolving beyond equality as gender diversity is increasingly correlated with higher profitability—and Wall Street is taking notice. As Janice Ellig notes in her recent article "Fearless Girl—SHE is the future and the future is NOW," a number of index funds have launched that focus on corporations with gender diverse C-suites and boardrooms. These include State Street Global Advisors Gender Diversity Index ETF, Barclays Women in Leadership Total Return Index and Bloomberg's Gender-Equality Equity Index. These funds may offer further tangible evidence that companies with diverse boards outperform their peers.

Despite correlations between gender diversity and profitability, studies such as those commissioned by Equilar, Deloitte and McKinsey continue to indicate that gender diversity in the boardroom is improving only incrementally. Some institutional investors are losing patience with the slow progress and plan to use their proxy vote to spur corrective action: State Street Global Advisors (SSGA) and BlackRock both recently announced they are prepared to vote against directors of boards composed solely of men. While proxy advisory firms Glass Lewis and ISS don't currently make gender diversity a determining factor in voting recommendations, there are signs these firms may soon follow the lead of SSGA and BlackRock. ISS' annual Governance Principals Survey—which can foreshadow upcoming changes to voting polices—includes a question this year about gender diversity on boards and whether organizations should vote against directors of public company boards with no female representation.

We began tracking gender diversity statistics of Nasdaq-listed company boards last year to gauge their progress against the datasets included in the studies mentioned above, as smaller, newer corporations are often not included in studies. We continue to find evidence that there are many Nasdaq-listed companies moving the needle towards gender parity in the boardroom. In fact, Nasdaq currently boasts 46 companies with boards that are at least 40% female. These companies represent many different sectors of the market and a wide range of market capitalizations. By shifting the spotlight towards these companies instead of overall statistics, we can begin to fully appreciate the progress that Nasdaq companies have made.

Many other Nasdaq companies made progress toward gender parity over the past year, including 24 companies that improved boardroom gender diversity by at least 20%, and 33 Nasdaq companies added two or more new women to their boards. In fact, Nasdaq added two women to its own board in 2017, which now includes three women out of nine members.

diversity stats

Overall, smaller and newer publicly-traded companies continue to have less diverse boards than larger, more established companies. However, not all companies follow this trend: Mersana Therapeutics, Inc. (Nasdaq: MRSN), a $350 million biopharmaceutical company that started trading on Nasdaq less than two months ago, is a shining outlier with four women sitting on a six-seat board.

When considering progress in board diversity, it is also important to remember that gender diversity is not the only type of diversity. While gender is one of the easier categories to measure, diversity in ethnicity, age, background and geography are also critical when viewing board diversity from a holistic perspective. State Auto Financial Corporation (Nasdaq: STFC) does a great job of stressing both the gender and ethnic diversity of its board. State Auto Financial used their most recent proxy statement to celebrate a ten person board comprised of 50% female or ethnically diverse members, three women and two African Americans.

Age diversity in the boardroom is also important and although we hear less about it, diversity in any form can positively change the dynamics in the boardroom. While our data showed that the average age of a board member is 58.5 years and has not moved much in the past year, there are companies that boast age diverse boards, such as Famous Dave's of America, Inc. (Nasdaq: DAVE), with six out of eight board members under the age of 50, and TripAdvisor, Inc. (Nasdaq: TRIP), with 50% of board members under the age of 50.

Progress does not stop with adding one or two women to a corporate board. "The business case for gender parity has been made, and further progress toward that goal is going to depend on tone at the top," said Ellig. "The CEO, the board chair, and the nominating/governance chair at a company have to be intentional about adding women to boards, and intentional about opening the pool of candidates beyond the usual names and beyond the CEO position to find highly qualified women for board seats."

To recognize public companies that are leading the way in reaching gender parity, in November, Ellig and The Women's Forum of New York will hold their fourth biennial Breakfast of Corporate Champions, saluting F1000 and S&P 500 companies that have reached the 25%, 30%, and 40% mark and those that have already reached gender parity on their boards.


Read Fearless Girl—SHE is the Future and the Future is NOW >>

Watch Janice Ellig's CNBC interview discussing how companies can promote gender equality in the workplace and in the boardroom >>

Publication Date*: 9/6/2017 Identification Number: 1421 Mailto Link
Frequently Asked Questions
Nasdaq Responds to ISS' 2018 Annual Policy Survey
Identification Number
Nasdaq Responds to ISS' 2018 Annual Policy Survey
Publication Date: September 1, 2017

In its supplemental response to the 2018 Institutional Shareholder Services Inc. (ISS) Annual Policy Survey, Nasdaq reiterated many points from its report, entitled "The Promise of Market Reform: Reigniting America's Economic Engine." Among other things, Nasdaq expressed its continued support for dual class structures in appropriate situations and a repeal of the executive pay ratio requirement that will apply to U.S. issuers beginning with their 2018 proxy statements. Nasdaq also emphasized its concerns about proxy advisory firms, particularly relating to transparency and conflicts of interest.

Read Nasdaq's Response >>

Read the Report entitled "The Promise of Market Reform: Reigniting America's Economic Engine" >>
Publication Date*: 9/1/2017 Identification Number: 1420 Mailto Link
Frequently Asked Questions
Nasdaq comments on proposed PCAOB Audit Report Standard
Identification Number
Nasdaq comments on proposed PCAOB Audit Report Standard
Publication Date: August 29, 2017

Nasdaq submitted a comment letter to the Securities and Exchange Commission expressing concern with the PCAOB's proposed new standard that would expand the auditors' report to include "critical audit matters." Nasdaq's comment letter highlighted concerns that the proposal extends beyond matters that are material to investors, potentially requiring auditors to disclose information about public companies that the companies themselves are not required to disclose, Nasdaq's letter also expressed concern that the proposal, if adopted, could "chill" communication between the auditor and the audit committee. Similar concerns were also addressed in a comment letter filed with the SEC by the U.S. Chamber of Commerce in response to the proposal.

Read Nasdaq's comment letter >>

Read U.S. Chamber of Commerce comment letter >>

Read the PCAOB's Proposal >>
Publication Date*: 8/29/2017 Identification Number: 1419 Mailto Link
Frequently Asked Questions
SEC Revises Interpretive Guidance on Revenue Recognition
Identification Number
SEC Revises Interpretive Guidance on Revenue Recognition
Publication Date: August 21, 2017

The SEC issued two releases, and SEC staff separately released a Staff Accounting Bulletin (SAB), to update interpretive guidance regarding revenue recognition. The SEC releases update guidance for bill-and-hold arrangements and accounting for vaccines placed into the Vaccines for Children Program and the Strategic National Stockpile. SAB No. 116 brings SEC staff guidance into conformity with FASB's adoption of and amendments to ASC Topic 606, Revenue From Contracts With Customers.

Publication Date*: 8/21/2017 Identification Number: 1418 Mailto Link
Frequently Asked Questions
Companies Can Now Put Corporate Records on a Blockchain
Identification Number
Companies Can Now Put Corporate Records on a Blockchain
Publication Date: August 15, 2017

A Delaware law recently went into effect that allows corporations to maintain shareholder lists, along with other corporate records, using Blockchain technology. Already, several companies say they intend to use it.


Interview with Frederik Voss, Nasdaq Vice President, Blockchain Innovation >>
Publication Date*: 8/15/2017 Identification Number: 1414 Mailto Link
Frequently Asked Questions
Sustainable Business Practices, Transparency Land Nasdaq Companies at Top of 2017's "100 Best Corporate Citizens" Ranking
Identification Number
Sustainable Business Practices, Transparency Land Nasdaq Companies at Top of 2017's "100 Best Corporate Citizens" Ranking
Publication Date: August 9, 2017

Corporate Responsibility (CR) magazine recently recognized the 100 Best Corporate Citizens, ranking Russell 1000 companies in seven categories including the environment, climate change, human rights, employee relations, corporate governance, philanthropy and financial performance. A number of Nasdaq-listed companies made CR's list, including Hasbro (Nasdaq: HAS), Intel (Nasdaq: INTC) and Microsoft (Nasdaq: MSFT), which took the top three spots.

Why are good ESG practices important, and what does it take to be one of the 100 Best Corporate Citizens? We spoke with Nasdaq's Global Head of Sustainability, Evan Harvey, to find out.

Q: What does it take for companies to successfully balance CSR and ESG objectives? Which part or parts of the ESG framework are most important?

A: We don't really use the term "Corporate Social Responsibility" or CSR to describe sustainability initiatives in public companies anymore. CSR tends to focus on community outreach, responsible citizenship, and other externally validated (and externally valuable) tactics. We take a broader view, looking inside and outside the organization at key Environmental, Social, and Governance (ESG) practices in order to fully understand sustainability—and CSR is just one part of ESG.

Most of the companies listed above share this view, and most would likely say that all of the related tasks are important. CSR would not adequately cover supply chain oversight (SCO), which is the process whereby a large multinational drives better, more responsible and transparent practices at all of the companies in their supplier universe and is essential, for instance, to Microsoft's sustainability leadership. CSR would also not illustrate the vigor and tenacity whereby Intel removed virtually all conflict minerals from their products. Your question suggests that balance is essential, and I agree, but I think it's more important to look at the big picture.

Q: While some view ESG disclosure around environmental metrics unnecessary, how do ESG leaders use social responsibility to differentiate themselves and create business opportunities?

A: I talk to a lot of executives at our listed companies, and I don't know any who still believe basic environmental disclosures are unnecessary. They may take issue with the cost or complexity of making these disclosures, but they don't believe the data itself holds no value for investors or other corporate stakeholders. The opportunities for companies that fully embrace ESG integration, management, and disclosure are well-documented and include lower investor turnover, higher investor returns, better staff recruitment and retention rates, a deeper and more nuanced risk management profile, and so on.

Q: Socially responsible investing has gained popularity over the last few years, with investors looking to invest in companies that are making positive social/environmental commitments. Can you discuss the current scope of this trend and talk about how businesses are committing to being leaders in this area?

A: There is $23 trillion in sustainability investment out there right now, and one in every five dollars in the U.S. investment space finds its way into a sustainable company or responsible product. And that trend is only growing: The UN Principles for Responsible Investment (PRI) now has over 1,300 signatories, including everyone from niche SRI firms to Blackrock and State Street. By virtue of their commitment to PRI, all of these institutions have pledged to seek out more sustainable targets and to be a more active and engaged owner when it comes to driving ESG excellence. I don't see any reason why an Investor Relations Officer would ignore such a lucrative audience.

Q: From an ESG perspective, what is it that makes Hasbro, Intel and Microsoft standout? What can other companies learn from them?

A: Intel and Microsoft have been incredibly proactive in ensuring responsible sourcing of their components. Since joining the Electronic Industry Citizenship Coalition, Intel has made amazing strides towards incorporating conflict-free minerals into their supply chain and Microsoft has enacted some of the highest standards for supply chain oversight in the industry. Similarly, Hasbro has taken steps to ensure 100% of their third-party manufacturing meets ethical sourcing requirements and even publishes a list of their third-party vendors and factories. These companies have taken the initiative to be leaders in their fields and have been recognized for doing so.

Q: Can you highlight some companies that did not make this list, but have interesting ESG initiatives?

A: Many Nasdaq-listed companies are already leading the way. CA Technologies (Nasdaq: CA) just partnered with One for All to create and deliver social engagement apps on mobile devices. Starbucks (Nasdaq: SBUX) covers college tuition costs for its employees. And there are many Nasdaq companies moving the needle on board diversity, including Hologic, Inc. (Nasdaq: HOLX), Navient Corporation (Nasdaq: NAVI) and more than a dozen other Nasdaq companies who have achieved gender parity on their boards.

In terms of the other Nasdaq-listed companies that were recognized on the list this year, Biogen Inc. (Nasdaq: BIIB) has committed to a 35% reduction in emissions across its entire supply chain. Marriott International (Nasdaq: MAR) established aggressive targets for opening women- and minority-owned hotels, as well as purchasing from women-owned businesses. Texas Instruments Incorporated (Nasdaq: TXN) has worked to ensure that its integrated circuit supply chain is conflict-mineral free.

Q: What role does Nasdaq play in global ESG initiatives? What does Nasdaq do to help its listed companies with respect to their ESG programs?

A: Nasdaq not only pursues internal objectives—employee donation matching, team volunteering, affinity groups, alternate work schedules—but it also works diligently with listed companies. We provide sustainability research, training and education free of charge to any of our listings. Our long-running sustainability webinar series has brought together thought leaders from business, government, and the investment community for a number of years. But we are probably best known for our advocacy on a global stage, within the exchange and financial markets community: researching ESG performance measures, representing corporate interests with the largest sustainability reporting frameworks, and advocating for more voluntary disclosure. Our ESG Reporting Guide for Europe was just published in March.

Click here to view the entire list of companies that made Corporate Responsibility Magazine's 2017 100 Best Corporate Citizens list >>

Evan Harvey is the Global Head of Sustainability for Nasdaq. He is responsible for all corporate sustainability, philanthropic, and volunteering efforts and works with public companies, institutional investors, advocacy groups, and other exchanges. He currently sits on the U.S. Network Board for the United Nation's Global Compact and the Advisory Board for the Sustainability Accounting Standards Board.
Publication Date*: 8/9/2017 Identification Number: 1409 Mailto Link
Frequently Asked Questions
ISS 2018 Global Benchmark Policy Survey Available
Identification Number
ISS 2018 Global Benchmark Policy Survey Available
Publication Date: August 9, 2017

Institutional Shareholder Services Inc. (ISS) launched its 2018 Annual Policy Survey, a key component of ISS' annual global benchmark policy formulation process. Institutional investors, companies, corporate directors and other market constituents are invited to participate in the survey. The initial part of the survey, which covers topics including "one-share, one vote," pay ratio disclosures, the use of virtual meetings, and board gender diversity, will close on August 31, 2017.

Take the survey here >>
Publication Date*: 8/9/2017 Identification Number: 1410 Mailto Link
Frequently Asked Questions
July's Must Reads
Identification Number
July's Must Reads
Publication Date: August 7, 2017

Each month, we will scour the web to bring you the news items and thought leadership pieces you need to get the governance advantage.

1. Women in the boardroom: A Global Perspective - Deloitte
Women are still largely under-represented on corporate boards globally; this study examines initiatives in 25 countries aimed at increasing the number of women in boardroom positions around the world.

2. What We Learned from Improving Diversity Rates at Pinterest – Harvard Business Review
Pinterest discusses how diverse teams yield smarter, more innovative results, which are essential in the competitive, dynamic tech industry.

3. 'Get the ethics right, and you will always be compliant' – Ethical Corporation
Companies often struggle to balance ethics and compliance. Those that are regulated often see compliance as pre-eminent.

4. Do High CEO Pay Ratios Harm Company Value? –
A new American Accounting Association study finds that even when controlling for the portion of pay linked to stock performance, the relationship between CEO pay ratio and stock price remains strong.

5. Directors Under 40 Make Their Way Into Corporate Boardrooms - Equilar
Diverse backgrounds may include gender, ethnicity, nationality, industry background, skill set and age—and the latter is coming into focus as many young executives are starting their own companies to meet the changing demands of today's consumers.

6. Here's What the Blockchain Future of Capital Markets Might Look Like – International Business Times
A growing number of stock exchanges around the world are experimenting with a variety of blockchain tools.

7. 2017 Proxy Season Review – Harvard Law School Forum on Corporate Governance and Financial Regulation
The 2017 proxy season is marked by the launch of a historic US stewardship code and the emergence of proxy access as standard practice across large companies.

8. How Your Board Can Be Ready for Crisis – Harvard Law School Forum on Corporate Governance and Financial Regulation
Most companies experience at least one crisis every four or five years. Regularly discussing the crisis plan with management and the results from testing it lets the board understand where there might be gaps in readiness.

9. Keys to effective board oversight of cyber risk management – EY
Many boards task their audit committees with overseeing matters related to cybersecurity. EY discusses the key factors audit committees should consider for effective cyber risk management.

10. How Significant are SEC Rule Changes for IPOs on Confidentiality? –
As of July 10, companies weighing an initial public offering can opt to keep certain information confidential until closer to their trading debut.

Publication Date*: 8/7/2017 Identification Number: 1408 Mailto Link
Frequently Asked Questions
2017 Proxy Advisors and the Proxy Process Survey
Identification Number
2017 Proxy Advisors and the Proxy Process Survey
Publication Date: August 4, 2017

The third annual proxy season survey conducted by Nasdaq and the U.S. Chamber of Commerce is intended as a tool to understand the public company experience during the 2017 proxy season, as well as highlight changes in that experience over time. Nasdaq's recent blueprint for revitalizing the U.S. capital markets proposes actions for reform around the proxy process and your response to this survey is important. The questions in the survey are based on prior SEC guidance and Nasdaq and the Chamber will provide the aggregated results of these surveys to the SEC in order to provide ongoing feedback regarding the proxy season.

Take the survey here >>

Learn more about Nasdaq's blueprint here >>
Publication Date*: 8/4/2017 Identification Number: 1406 Mailto Link
Frequently Asked Questions
S&P Dow Jones Indices to Exclude Companies with Multiple Classes
Identification Number
S&P Dow Jones Indices to Exclude Companies with Multiple Classes
Publication Date: August 4, 2017

S&P Dow Jones Indices announced that it would bar companies with multiple classes, including those with share classes that offer limited or no voting rights, from inclusion in certain indices. Effective immediately, the S&P Composite 1500, which includes the S&P 500, S&P MidCap 400, and S&P SmallCap 600, will no longer add companies with multiple share class structures. Existing companies in the indices with multiple classes are grandfathered in and will not be affected by the change. FTSE Russell previously announced that starting in September it would exclude new companies from joining certain indices, including the Russell U.S. indices, unless more than 5% of the company's voting rights (aggregated across all classes of securities) are held by unrestricted (free-float) shareholders.

Read S&P Press Release >>

Read more from FTSE Russell >>
Publication Date*: 8/4/2017 Identification Number: 1407 Mailto Link
Frequently Asked Questions
2017 BDO Board Survey is Open Now
Identification Number
2017 BDO Board Survey is Open Now
Publication Date: July 26, 2017

Public company board of directors: BDO USA is conducting its annual survey on key governance issues facing board members of publicly-traded companies. Survey results are tabulated by an independent market research firm to guarantee the confidentiality of individual responses. All participating Board members will receive a comprehensive report of the findings.

Complete the survey here >>
Publication Date*: 7/26/2017 Identification Number: 1405 Mailto Link
Frequently Asked Questions
You Can Gain Access to the Society for Corporate Governance's Directors' Cut Newsletter
Identification Number
You Can Gain Access to the Society for Corporate Governance's Directors' Cut Newsletter
Publication Date: July 24, 2017

The Society for Corporate Governance is now offering non-members complimentary access to its Society Alert - Directors' Cut newsletter. This quarterly online newsletter is a select compilation of governance-related news from the preceding quarter's weekly Society Alerts, geared and edited with a view toward a director and C-suite audience. Each issue covers a wide range of topics including audit/financial reporting developments, board practices, board and key committee oversight, proxy/annual meeting developments and trends, and board and C-suite-relevant institutional investor updates.

Read the Directors' Cut for Q2 >>

Subscribe to Directors' Cut >>
Publication Date*: 7/24/2017 Identification Number: 1404 Mailto Link
Frequently Asked Questions
FASB Board Member Christine Ann Botosan Discusses New Revenue Recognition Standard
Identification Number
FASB Board Member Christine Ann Botosan Discusses New Revenue Recognition Standard
Publication Date: July 20, 2017

In this interview, Christine Ann Botosan, Board Member, Financial Accounting Standards Board, discusses the implementation of the new revenue recognition standard, including disclosure considerations and helpful resources available through the FASB. The new revenue recognition standard is set to take effect for many public companies on January 1, 2018.

Watch the video >>
Publication Date*: 7/20/2017 Identification Number: 1402 Mailto Link
Frequently Asked Questions
Board Members Must Open the Aperture Wider to Break the Silicon Ceiling by Betsy Atkins
Identification Number
Board Members Must Open the Aperture Wider to Break the Silicon Ceiling by Betsy Atkins
Publication Date: July 20, 2017

Betsy Atkins, President and Chief Executive Officer at venture capital firm Baja Corp, is a veteran of 23 boards and 13 IPOs.

Changing any corporate culture is a challenge, but I've found bringing diversity to the tech industry is even trickier. Fast-growth "unicorn" companies can quickly outgrow their founding venture-based startup corporate governance and find themselves facing crises with too few adults in the boardroom.

Many reports assert women in technology industries still push against a silicon ceiling when it comes to career advancement and cultural issues. Research from the Society of Women Engineers found that 20% of today's engineering school graduates are women, yet just 11% continue working in the field. Women in IT leadership roles (such as chief information officers or technology vice presidents) are just 9% of the total, according to a recent survey from Harvey Nash and KPMG.

Today's board members should open the aperture wider in terms of their role. The days of a board's role being pure financial oversight was last millennium. This millennium, board members are expected to be an asset as well as an accelerant for the business. In my own experience, I've seen technology companies nurture diverse, inclusive cultures starting with a few one-on-one approaches from the boardroom.

Build internal career networks

At Volvo Car AB, where I serve on the board, we've launched a program where I regularly meet with senior and mid-level women executives on personal career development. We work with these women execs to build on their strengths, clarify their career aspirations, and offer advice on advancement. This is a new program, but it is already proving a success in energizing and motivating the paths of these current and future female leaders.

Group mentoring also harnesses networks and creates supportive environments where women managers and executives can brainstorm effective ways to promote diversity in the organization. According to a recent Harvard Business Review article about changing corporate culture, safe havens nurture cultural ecosystems that model what the organization can become in the future, while networks create coalitions that catalyze change.

Make mentoring personal

On the board of Schneider Electric, I make it a point to directly mentor one-on-one a number of women on the company's senior leadership team. I teach them to advocate for themselves, identify executives within their company who they can network with, build rapport with as their mentors and nurture those relationships into sponsorships.

Women in management may find it helpful to have someone in the boardroom take a personal interest in their career strategy and development. For example, at Uber, new board member Ariana Huffington is in an ideal position to put her mentoring and career savvy to work in helping rising women execs rebuild that company.

One key to a successful mentoring program is a regular ongoing coaching and support. In my experience, a good mentor/mentee match also requires synergy: a strong personal chemistry and an alignment of professional disciplines. I'm a passionate advocate of digital transformation and customer-centric processes, so I tend to mentor women executives who have roles and expertise in line with those disciplines.

Board members don't have to wait for CEOs to ask for mentoring of female executives. When I spot high potential women managers within the companies of the boards I sit on, I approach our CEOs and offer to help these women reach the next level in their leadership potential.

Go beyond mentoring to sponsorship

There is a big difference between mentoring—which is periodic advising and coaching—and sponsoring. Sponsors take a far more active role in helping individuals reach the next rungs in their careers. Women who are already senior managers or board members can kick mentoring up a notch by "sponsoring" women with high potential through career coaching, facilitating introductions to other executives and identifying and importantly, recommending them for new opportunities that will accelerate their careers.

Set a goal

According to the Harvey Nash/KPMG survey mentioned above, only 28% of small-cap companies have a formal diversity initiative in place, versus 72% of large-cap companies. For newer, smaller tech companies that are in hyper-growth survival mode, it's unlikely management will organically implement tactics that foster diversity of management. Hope is not a strategy.

If a company really wants to drive cultural change, a prescriptive diversity goal could be considered. That goal can be defined based on the values of the company, and may include gender diversity, ethnic diversity, age diversity, global diversity, etc.

Highly qualified female candidates ARE out there. I was the only woman on the board of HD Supply when I joined, and just three years later 23% of the board is female. I also sit on the board at Schneider Electric, where we set a goal of 40% gender parity on the board. Today Schneider Electric's board is composed of 38% women, so we have nearly achieved that goal in just 7 years. The Volvo board I sit on has 23% women. These companies all operate in industries traditionally thought of as "male-dominated," yet we were able to recruit highly qualified female board members without compromising one wit on the experience, talent and skillsets we were looking for.

Recognize when women make a difference

When I served as chair of the board's compensation committee at tech firm Polycom, we were active in the annual recognition event for sales staff. I noted that women were leaders in sales, making up less than 10% of the sales force yet 34% of our "President's Circle" top sales performers. Making an added effort to celebrate (and promote) this talent is crucial in sending the message that sales is not just a "guy thing" in the company.

The talents of women are a strategic asset to companies, and there is a growing body of research proving that firms who nurture and empower their gender diversity gain in revenues and stock performance. In any company, balance sheet results are always found downstream from company culture. When it comes to reshaping that culture to be welcoming to women, the boardroom is the ideal place to start.


Betsy Atkins serves as President and Chief Executive Officer at Baja Corp, a venture capital firm and is currently the Lead Director and Governance Chair at HD Supply. She is also on the board of directors of Schneider Electric, Cognizant and Volvo Car Corporation and served on the board of directors at Nasdaq LLC and at Clear Standards as CEO and Chairman.


The views and opinions expressed herein are the views and opinions of the author at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular company, industry or security mentioned herein and nothing contained herein should be construed as legal or investment advice.

Publication Date*: 7/20/2017 Identification Number: 1403 Mailto Link
Frequently Asked Questions
Shareholder Proposal Developments During the 2017 Proxy Season
Identification Number
Shareholder Proposal Developments During the 2017 Proxy Season
Publication Date: July 14, 2017

This Gibson Dunn report provides an overview of the shareholder proposals submitted to public companies for 2017 shareholder meetings, including statistics and notable decisions from the Staff of the Securities and Exchange Commission. The report includes "Top Take-Aways for 2017 Season" for public companies to consider.


Read the full report >>
Publication Date*: 7/14/2017 Identification Number: 1401 Mailto Link
Frequently Asked Questions
SEC Chair Jay Clayton Remarks at Economic Club of NYC
Identification Number
SEC Chair Jay Clayton Remarks at Economic Club of NYC
Publication Date: July 13, 2017

In his first public speech as Chair of the Securities and Exchange Commission, Jay Clayton gives his perspective on the SEC, discusses the principles that will guide his chairmanship and describes specific areas where the SEC can apply these principles. Notably, he encouraged companies to consider requesting modifications to their financial reporting requirements where those requirements require disclosures that are burdensome to generate but that may not be material to the total mix of information available to investors.

Read the speech >>
Publication Date*: 7/13/2017 Identification Number: 1400 Mailto Link
Frequently Asked Questions
Nasdaq Talks to...Morningstar, Inc. about How to Be an Exemplary Steward of Shareholder Capital
Identification Number
Nasdaq Talks to...Morningstar, Inc. about How to Be an Exemplary Steward of Shareholder Capital
Publication Date: July 10, 2017

The importance of good corporate governance has become elevated in recent decades in the wake of increased regulatory compliance responsibilities following high profile corporate governance disasters; increasing global economic uncertainty; and the complexity of doing business in a rapidly evolving marketplace. Business schools, research and professional business firms, and professional associations alike are writing about—and attempting to quantify—the value and qualities of good governance. One of the world's largest independent investment research firms—Morningstar, Inc. (Nasdaq: MORN)—has taken a novel approach to analyzing the strength of corporate management teams by assessing companies' stewardship of investor capital.

Nasdaq recently spoke with Brett Horn of Morningstar's Equity Research team to find out more about the purpose and methodology behind Morningstar's corporate Stewardship Rating program and what it takes for a company to achieve "exemplary" status.

Q: Tell us about Morningstar's corporate Stewardship Rating and why stewardship is an important factor in investment decisions?

A: Morningstar's corporate Stewardship Rating assesses management's stewardship of shareholder capital. Essentially what we're trying to answer when we look at stewardship is whether the actions and strategies of corporate management are well suited to drive long-term shareholder value—or not.

We have three stewardship ratings: exemplary, standard and poor. The majority of companies included in our stewardship coverage earn a "standard" rating. What we are doing with "exemplary" and "poor" ratings is identifying companies that we think are outliers in terms of the strength or weakness of management.

While we believe that stewardship is a material factor that investors should consider, it is just one component of evaluating investment potential. A company with exemplary stewardship could still be a "poor" investment even if the evaluation is correct, and vice versa for a company with a poor stewardship rating.

Q: What are the characteristics that earn a company an "exemplary" Stewardship Rating?

A: Capital allocation is the primary factor Morningstar evaluates when rating companies on stewardship.

We review management investment strategy and valuation, both external and internal. A company with "exemplary" stewardship will be one that has an M&A history of making investments and acquisitions that support its competitive advantages and core business, while divesting underperforming or non-core businesses. We assess whether the company is paying a reasonable price for acquisitions. We determine if management is investing sufficiently to take advantage of all the value creative opportunities that are in front of it. We also evaluate whether management is over-investing and moving into areas where the returns are not going to be sufficient relative to the company's cost of capital.

We analyze how companies approach balance sheet structure to determine if they have reached optimal financial leverage—conservative, but not too conservative. We evaluate how they return capital to shareholders. We review accounting practices to determine if a company's accounting methods are aggressive or potentially deceitful, which is obviously going to be a negative.

We also look at executive compensation, specifically at the incentives and the targets that management is awarded and whether those are appropriate targets to align management's interest with shareholders in the long-run.

Q: There are currently 23 Nasdaq-listed companies with an "exemplary" Stewardship Rating. What are some stand-out companies among them that exhibit exemplary stewardship?

A: There are a number that come to mind:

CoStar Group, Inc. (Nasdaq: CSGP)
Founder and CEO Andrew Florence has navigated the company from its start-up days to its IPO in 1998. Since the IPO, the company has gone from $14 million in revenue to an expected $1 billion+ estimated for 2018. While acquisitions have complemented the existing platform recently, organic growth has been the main driver over the past two decades. The proprietary data CoStar has built out puts it light years ahead of its competition, and places a wide moat around the business.

Costco Wholesale Corporation (Nasdaq: COST)
Costco is a great example of a company that plays the hand that they've been dealt very well. The company has built up a very big footprint but stayed firmly within its circle of competence. Costco has prudently reinvested in the business, while also returning excess cash to shareholders. Management has also developed a winning culture that promotes below-average employee turnover, as the attrition rate is 6% among employees who have been there over a year—as opposed to attrition rates of 50% or greater in the general retail industry.

Fiserv, Inc. (Nasdaq: FISV)
Fiserv is a bank technology company that was built by numerous acquisitions since their founding which left a very decentralized management system. CEO Jeff Yabucki came in and centralized the company's operations, which led to material cost savings and margin improvement. We're also impressed by its stellar M&A track record. The relatively recent acquisition of Open Solutions greatly improves its real-time processing capabilities, which appears to be the future for bank software providers. In addition, it appears Fiserv got Open Solutions on the cheap since the price mostly consisted of the assumption of debt.

O'Reilly Automotive, Inc. (Nasdaq: ORLY)
Management has done well to leverage the company's size to capitalize on the firm's ability to provide more consistent and rapid part availability. The benefits of the firm's broad store and distribution network, as well as management's operational prowess, have pushed returns on invested capital higher over the last five years, with returns increasing from 14% in 2011 to 23% in 2016. O'Reilly's leadership has transformed the company from a regional player into a top-four national chain, acting quickly to develop and capitalize on significant long-term brand and cost advantages.

Signature Bank (Nasdaq: SBNY)
Management's strategy of providing deep levels of relationship-based banking has been unchanged since its founding, and bankers are compensated not only on the amount of assets they bring up, but how much they retain over time. The bank's focus on low costs as well has paid off, as it typically locates offices on the upper levels of buildings versus the more expensive street-level locations. Signature has undoubtedly been one of the most successful banks in the nation over the past 15 years, in large part because of Signature's straightforward business model and the nimbleness of its executives.

Steel Dynamics, Inc. (Nasdaq: STLD)
To date, Steel Dynamics remains one of the most efficient steelmakers, not just in the U.S., but also on a global basis. Management is quick to attribute its success to its employee compensation strategy which, modeled after Nucor's approach, effectively treats employees as managers by motivating their performance via weekly and monthly production bonuses.

Q: It looks like about 5% of companies got a poor rating. What characteristics would result in a poor stewardship rating?

A: It's the flip side of everything that would earn a company an exemplary rating. Poor stewardship companies are negatively impacted by short-sighted investment strategies or value-destructive acquisitions. For example, maybe a company has a very attractive core business, but if they make acquisitions that stray from core competencies or don't benefit from similar competitive advantages, their long-term returns are most likely going to be poor. Or a company that makes acquisitions that represent good sense strategically, but pays dramatically too much for them, will similarly dilute long-term returns.

Other examples of poor stewardship include aggressively investing internally in projects that are not going to earn necessary returns; too much leverage; over-aggressive accounting; or compensation targets that are tied to a matrix that would not correspond well with long-term value.

We also look at the extent to which a company is a good day-to-day operator. A company can't create shareholder value if it has frequent operational and execution missteps like industrial accidents, poor customer service, or product recalls.

Q: How does the Morningstar Stewardship Rating compare with the ISS QualityScore?

Morningstar's Stewardship Rating differs from ISS QualityScore in a few ways. QualityScore evaluates the extent to which the company's management adheres to standard corporate governance practices. Morningstar's Stewardship Rating is evaluating management's strategy and the likelihood that management's actions will improve or deteriorate long-term returns.

QualityScore is a quantitative numerical score that ranks companies, whereas the Stewardship Rating does not explicitly rank order management teams against peers within their industries but against ideal stewardship. We're not trying to figure out if one management team is slightly better than the other; we are focused on identifying particularly strong or particularly weak management teams.

Finally, QualityScore is a more objective rating, whereas Morningstar has extensive research data and the capability of delivering a rating that considers management's actions in the context of the company's situation, which is inherently more subjective. Morningstar's equity research focuses on competitive advantages, and our analysts have a very detailed understanding of the companies they follow and the industries those companies operate in. Investors primarily care about long-term returns, and our Stewardship Rating speaks directly to that.

Brett Horn is a Senior Equity Analyst with Morningstar who focuses on insurance and credit bureaus. He developed Morningstar's valuation model for insurance companies. Morningstar, Inc. is a leading provider of independent investment research and data insights on a wide range of investment offerings, including managed investment products, publicly listed companies, private capital markets, and real-time global market data.
Publication Date*: 7/10/2017 Identification Number: 1399 Mailto Link
Frequently Asked Questions
June's Must Reads
Identification Number
June's Must Reads
Publication Date: July 6, 2017

Each month, we will scour the web to bring you the news items and thought leadership pieces you need to get the governance advantage.

1. SEC seeks to boost market listings through privacy move – Financial Times
US regulators moved to try to boost the flagging number of stock market listings on Thursday, telling large companies that they will be able to keep their financial information secret while they prepare for a public offering.

2. PCAOB OKs First Big Change to Audit Report in 70 Years –
Worrisome matters reported by an auditor to a board audit committee would be disclosed in the auditor's report under a new standard approved by the Public Company Accounting Oversight Board.

3. The Key to Diversity in Tech? Diverse Investors, says New York-based Social Impact VC – Forbes
One often ignored tactic for encouraging diversity among tech founders and employees is to encourage diversity among the investors.

4. Sheryl Sandberg Shares 7 Ways to Build Resilience Into Your Company Culture As You Scale– Entrepreneur
As part of a 10-episode series, Sheryl Sandberg discusses, among other things: What it takes for an organization to be resilient and how a changing staff and culture remain strong despite massive shifts and bumps in the road.

5. Managing brand risk in an age of social media - Deloitte
This Deloitte whitepaper discusses how an organization's Board of Directors can effectively manage brand risk and reputation in the current digital environment.

6. 80% of This Public Company's Directors Are Women –
Travelzoo announces that it has the highest female-to-male ratio of any NASDAQ or NYSE-listed company (a group that includes nearly 6,000 businesses).

7. Webcast » The Corporate Governance Impact of Trump's First 100 Days –
In this webcast hosted by PwC's Governance Insights Center, a panel of experts discusses the current and future actions of the Trump administration and how today's companies can both prepare and respond.
Watch the video here >>

8. Where's the focus this year? –
EY discusses key themes and the shareholder proposal landscape for the 2017 proxy season.

Publication Date*: 7/6/2017 Identification Number: 1398 Mailto Link
Frequently Asked Questions
U.S. Supreme Court to Decide Whether Securities Class Action Suits May Be Brought in State Courts
Identification Number
U.S. Supreme Court to Decide Whether Securities Class Action Suits May Be Brought in State Courts
Publication Date: July 5, 2017

The Supreme Court granted a petition for certiorari to decide whether securities class action lawsuits under the Securities Act of 1933 may be brought in state courts. The grant of certiorari will let the Supreme Court resolve a split in the lower courts and is an important development for public companies. The Court will likely hear the case during its October 2017 term.

Publication Date*: 7/3/2017 Identification Number: 1397 Mailto Link
Frequently Asked Questions
SEC Expands Confidential Filing to all Newly Public Companies
Identification Number
SEC Expands Confidential Filing to all Newly Public Companies
Publication Date: June 30, 2017

The Securities and Exchange Commission announced that effective July 10, 2017, the Division of Corporation Finance will permit all companies to submit draft registration statements relating to initial public offerings for review on a non-public basis. This process also will be available for most offerings made in the first year after a company has entered the public reporting system.


Read the Division of Corporation Finance Announcement >>

Read Nasdaq's Statement >>
Publication Date*: 6/30/2017 Identification Number: 1396 Mailto Link
Frequently Asked Questions
Board Evaluations and Getting Aligned
Identification Number
Board Evaluations and Getting Aligned
Publication Date: June 29, 2017

In this report, experts from the Center for Board Governance, Shearman & Sterling LLP and Nasdaq explain how Board and CEO evaluations can be catalysts for measuring board peer group and leadership alignment as well for extracting action points to achieve better performance.

Publication Date*: 6/29/2017 Identification Number: 1395 Mailto Link
Frequently Asked Questions
Onboarding New Directors: Beyond the Board Manual
Identification Number
Onboarding New Directors: Beyond the Board Manual
Publication Date: June 27, 2017 

The process of acclimating a new director to a corporate board can have a profound impact on boardroom dynamics. In this post, Joan Conley, Senior Vice President and Corporate Secretary at Nasdaq, shares key elements of Nasdaq's onboarding process as well as insights into the importance of a robust onboarding program.

Ideally, the onboarding process enables a new director to hit the ground running at their first board meeting. Proper onboarding also ensures critical alignment between management, the board and stockholders. Given those ambitious goals, there is much more to onboarding than asking a new director to read a manual and leaving them to tackle their role through trial and error.

Many companies mistake orientation for onboarding. Orientation is a one-time event designed to welcome a new director to the company and the board, outline meeting schedules and board service logistics, define their role, and provide a big picture overview of the company.

Onboarding, on the other hand, is a continuous process. It includes the orientation event and indoctrinates a new director into every aspect of the company's business, culture and the competitive environment it operates in, thereby facilitating meaningful contributions from directors and growth in long-term value for shareholders.

Nasdaq's onboarding process has evolved over time and includes the following key components, all of which are designed to help a new director shorten the learning curve and quickly become a meaningful contributor to the work of the board.

Establish a structured onboarding process.
Given the amount of information new board members need to absorb before their first board meeting, it's critical to have a focused plan in place to deliver that information. At Nasdaq, our onboarding educational process includes:

  • An orientation program that covers the following: board membership and meeting logistics; governance and director responsibilities; Nasdaq business strategy, goals, risks, operating environment, and recent financial performance; and presentations from corporate departments related to information security, corporate communications, and investor relations.
  • Face-to-face meetings with key executives and business unit managers.
  • Required reading of board meeting minutes and documents (including strategy, budget assumptions, compensation, and meeting minutes), investor presentations and analyst reports.

The different elements of governing a company fit together like a puzzle, and the onboarding process should help a new director fit the pieces of that puzzle together. New directors benefit tremendously from granular context on a company's operating environment, corporate strategy, goals, risks, opportunities, financial performance, and cyber security programs.

For example, at Nasdaq, we provide strategy slide decks from the prior year that outline the 1, 3, and 5-year strategies, along with minutes from subsequent update meetings, so new directors can see how the strategy has been followed. We encourage them to spend time researching our largest long-term stockholders and what motivates them to hold Nasdaq stock in their portfolio. We provide new board members with current and historical analyst reports, to give them a sense of how the company's strengths and weaknesses are perceived in the investment community.

Start the onboarding process before election day.
Don't wait until election day to engage new board members--start the onboarding process as soon as the proxy is released. At Nasdaq, onboarding of new directors starts as soon as a new director's nomination has been confirmed by the board and it is determined that the nomination is uncontested. That means even before the vote is final, we begin the very robust educational process outlined above.

Some general counsels may be concerned with providing confidential information to new board members prior to the election; in that case, a company can begin the education process with their public investor presentations and after that arrange for meetings with business unit leaders and others that may include confidential and proprietary information.

Make Audit Committee membership mandatory for new directors.
Every new Nasdaq director serves on the Audit Committee. Through audit committee service, new board members learn key enterprise risks, the financial and operating conditions of the company, how management relationships function within the organization, and details of the operations of each business unit. Audit Committee members hear presentations from internal and external auditors and experts within the company, review every internal audit report, and learn detailed financial information about the business. It's the best "on the job training."

Assign a mentor to new board members.
Board members with long tenure are an indispensable resource of institutional knowledge and historical context for new board members. Seasoned directors have seen the company through its most significant events: companies' success, market downturns, lawsuits, shareholder activism, acquisitions, and business model transformations. Pairing new directors with a mentor from the board accelerates cultural acclimation and encourages meaningful contributions from new directors during their first year.

Customize onboarding to individual directors.
Each director is carefully chosen for a board based on their unique skillsets, experiences, and talents. The onboarding process should be tailored to leverage those strengths, ensuring they contribute to their full potential and nurturing their interests in the company.

Ensure onboarding is ongoing.
Onboarding is essentially a process of continuing education. The three main elements of continuing education for board members at Nasdaq are knowledge sharing, rotating committee assignments, and offering opportunities to broaden and deepen their knowledge base.

I see a key role of the Corporate Secretary as aligning executives and board members, so the more opportunities I find to bring them together to exchange information the better. This continues even after new members have completed their first year, and these opportunities to meet with executives and business unit leaders are also individualized to each board member.

Rotating committee memberships is another excellent way to expand a board member's knowledge of the company. When a director is assigned to a new committee, they need a complete orientation on that committee's mandate, charters, and principals. Rotating committees begins a new sequence of onboarding events, refreshes the committee, and opens a whole new information silo for the board member.

I also continuously push news and information out to board members, again on an individualized basis. I send them relevant articles, updated analyst reports, links to subscriptions and alerts they may be interested in, and Nasdaq's daily news clips. I utilize Director's Desk for this, as well as the NACD daily summary. I maintain a budget for events and educational sessions that our board members may want to attend, such as director conferences.

Assess the fit and performance of new directors.
During a board member's first year of service, it's critical to assess whether the director is contributing effectively to the board and fits the group dynamic. That assessment takes place throughout the board cycle, not just during semiannual board assessments. If a new director needs assistance I work confidentially with the board chair to develop an action plan: perhaps a new director needs tutorials on non-GAAP financials, or information about a new product line or context on strategy in a certain business area, we tailor the onboarding plan to meet these needs.

Solicit feedback from new directors.
An onboarding process and curriculum is not something to develop and put on a shelf because it continually evolves with the business landscape and ideally is tailored and individualized. At Nasdaq, we solicit feedback on the onboarding process from new directors during their frequent first-year check-ins with the board chair and CEO. We continually modify our onboarding program based on that feedback, information they share about business units they may not fully understand, topics they felt they spent too much time on, or areas where they have a greater thirst for information.

Joan Conley is Senior Vice President and Corporate Secretary of Nasdaq and its global subsidiary organizations and, in that role, is responsible for the Global Nasdaq Corporate Governance Program and Nasdaq Global Ethics Program. She also serves as Managing Director of the Nasdaq Educational Foundation and is a Director of the Nasdaq Entrepreneurial Center Board.

Publication Date*: 6/27/2017 Identification Number: 1393 Mailto Link
Frequently Asked Questions
U.S. Supreme Court to Review Scope of Dodd-Frank Whistleblower Protections
Identification Number
U.S. Supreme Court to Review Scope of Dodd-Frank Whistleblower Protections
Publication Date: June 27, 2017

The U.S. Supreme Court agreed on Monday to consider whether corporate insiders who blow the whistle on their employers are shielded from retaliation if they only report alleged misconduct internally rather than to the Securities and Exchange Commission. The Justices will hear Digital Realty Trust Inc's appeal of a lower court ruling in favor of Paul Somers, an executive fired by the San Francisco-based company after he complained internally about alleged misconduct by his supervisor but never reported the matter to the Securities and Exchange Commission. If the Supreme Court ultimately sides with the company, then it could force corporate whistleblowers to report wrongdoing to the SEC in order to be protected from retaliation. The Court will hear the case during the next term that starts in October.

Publication Date*: 6/27/2017 Identification Number: 1394 Mailto Link
Frequently Asked Questions
What's New in Shareholder Engagement: Telling Your Own Story
Identification Number
What's New in Shareholder Engagement: Telling Your Own Story
Publication Date: June 22, 2017 

Tactical communication with shareholders is critical, as shareholder activism increases and institutions begin to rely more on their own independent research and less on the opinions of proxy advisory firms. By aligning corporate messaging with investor interests and concerns, companies build better relationships with their investment communities—and in the process, eliminate information vacuums that can be exploited by activists.

Proxy statements are an often-overlooked opportunity for companies to share compelling corporate governance stories and improve stockholder engagement. Investors are keenly interested in succinct and articulate explanations of the following:

  • the company's strategic and risk management plans;
  • the company's corporate governance values;
  • why executive officers are compensated appropriately; and
  • why the company believes it has the right people sitting on the board.

By transforming proxy statements from compliance tools into highly effective communication tools, companies can improve shareholder engagement and nurture investor support for annual meeting ballots. Following are best practices we have observed (and also applied here at Nasdaq) for utilizing proxies to tell a compelling corporate story.

Engage with shareholders proactively.
In addition to building relationships and ensuring shareholders support the company's strategy, a key goal of engagement is discovering investor perspectives on their areas of focus (such as board composition, pay-for-performance metrics, and engagement). Effective shareholder engagement is a two-way dialogue, some of which ought to take place with the company's largest investors outside of proxy season. If institutional investors aren't available to meet during the off-season, take advantage of quarterly earnings calls, industry conferences, and investor presentations to engage.

Bring the proxy process in-house.
Once the company has identified investor concerns and refined its corporate story, it should consider bringing the process for writing and editing the proxy in-house. An outside consultant or vendor cannot do a better job aligning corporate messaging with investor concerns than the company itself. Complex topics such as board composition, executive compensation policies, corporate strategies, and enterprise risk management should be explained succinctly and clearly, a task best left to corporate insiders.

When bringing the proxy development process in-house, it is helpful to create a benchmark of best-in-class proxies that stand out in terms of innovation and formatting. At Nasdaq, we spent months researching and creating a "look book" of noteworthy proxies that our development team used as a reference tool to guide improvements in the messaging, readability, disclosure, and formatting of the proxy.

Enhance disclosure and transparency.
When developing the elements of the company's story that address investor hot buttons, don't settle for the bare minimum in disclosure. Transparency around board composition, executive compensation, and corporate governance builds trust and assists investors in evaluating the board's effectiveness and independence. For example, shareholders like to map the skill sets on the board to the company's corporate strategies and enterprise risks. A holistic overview of board composition—including committee assignments, tenure, experience, and diversity—can be helpful for this, as is a board skills matrix. The structure and philosophy of executive compensation should also be outlined in a thorough and very readable analysis.

Enhanced disclosure is especially important when a company has a great governance story it hasn't been sharing effectively. Through our own research at Nasdaq, we have unearthed many Nasdaq-listed companies that have quietly achieved exemplary track records with regards to board composition and diversity. However, these efforts often go unnoticed because only a handful of companies highlight board composition metrics in their proxies using charts and graphs.

Transform the proxy into a communication tool.
Different types of investors read and use proxies differently: for retail investors, it's a reading document; for institutional investors, it's a reference document. To motivate institutional investors to support the company's annual meeting ballot, proxy messaging needs to be clear and compelling (and navigation intuitive) so investors can locate topics of interest quickly and understand them easily.

Readability is key—writing content in plain English, eliminating redundancies to condense the document, and hyperlinking a detailed table of contents are all ways to enhance the readability of a proxy. Key messages should be highlighted in such a way that shareholders can't miss them: In addition to enhancing the summary to include critical information, companies can draw attention to (and summarize) main ideas by incorporating charts, matrices, graphics, and bulleted lists.

Launch an interactive digital proxy.
A growing number of investors prefer to access proxies and vote online, and interactive proxies are transforming online stockholder engagement. The intuitive framework and visually appealing layouts of interactive proxy documents make it easy for shareholders to navigate and digest proxy content on their own terms, and on any device. These interactive versions include multiple features allowing for easy search and maneuverability, such as section and sub-section headers, expanded table of contents, and linked page references throughout the document.

Interactive proxy platforms also provide companies with useful analytics regarding which sections of proxy statements, and which search terms, are most popular with shareholders. User analytic data will be valuable to companies seeking to identify proxy content elements that most resonate with investors, as well as fine-tuning digital layouts and navigation.

During the past few weeks, a number of Nasdaq-listed companies published their 2017 proxy statements using an interactive format including eBay, Inc., Intel Corporation, Nasdaq, Inc., Northern Trust Corporation, and Otter Tail Corporation.

Perhaps the most compelling piece of PR advice dispensed by Don Draper, ad man extraordinaire of the series Mad Men, was this: "If you don't like what they are saying about you, change the conversation." By taking control of their own story, corporations can do just that.

Read More about Interactive Proxy Statements Here >>

Read More about Reasons to Bring the Proxy Process In-House Here >>

Publication Date*: 6/22/2017 Identification Number: 1392 Mailto Link
Frequently Asked Questions
Public Companies and the PCAOB: Insights from the PCAOB, BDO, and Grant Thornton
Identification Number
Public Companies and the PCAOB: Insights from the PCAOB, BDO, and Grant Thornton
Publication Date: June 16, 2017

David Wicks, Vice President of Listing Services at Nasdaq, recently hosted a webinar with Greg Scates, Acting Director of the PCAOB's Office of Outreach and Small Business Liaison; Blake Wilson, National Assurance Partner at BDO USA; and Timothy O'Neil, Audit Partner at Grant Thornton LLP. Panelists shared insights on ways publicly traded companies can ensure their voices are heard at the PCAOB and auditing firms alike.

Excerpts from this discussion are presented below and have been edited for length and clarity. The views expressed here reflect those of the speakers and do not necessarily reflect those of their organizations.

Q: How does the Office of Outreach and Small Business Liaison work with public companies? What's the best way for companies to reach you?

PCAOB: We conduct public forums with smaller public companies and brokers and dealers around the country each year, to provide updates on new standards and new activities going on at the PCAOB. These forums are also a good opportunity for us to hear from smaller firms about problems or issues they are having as they conduct their audits.

The PCAOB Office of Outreach and Small Business Liaison can be reached by phone at (202) 591-4135 or email at

Q: What type of questions should a company direct to PCAOB vs. the SEC?

Our staff responds to questions related to auditing standards and auditing-related matters with respect to the audits of public companies and brokers and dealers. When we get questions about accounting related matters, accounting standards or SEC filing and reporting matters—none of which are in our jurisdiction—we refer those to the SEC.

Q: How can publicly traded companies participate in PCAOB's standard-setting process? Are there other ways public companies can engage with PCAOB?

The principle way companies, accounting firms, investors, and others participate in the standard-setting process is through submitting comment letters to the PCAOB on proposals we have outstanding. Outstanding proposals are always posted on our homepage, with links to the releases describing the proposed changes to the PCAOB standards as well instructions on how to comment on our proposed standards. Those comments are the most valuable to the staff and the Board. We take those comments very seriously as we go through the standard-setting process.

The PCAOB is somewhat unique compared to other standard setting groups such as the FASB or the IAASB in that our standards go through two approval processes. Once a new standard or amendments to existing PCAOB standards are adopted by the PCAOB, changes to PCAOB standards are subject to approval by the SEC before changes to PCAOB standards become effective. It's a rigorous process, but it gives public companies, firms, and investors multiple opportunities to comment.

Management of public companies can also apply for membership in the PCAOB's Standing Advisory Group (SAG), which meets two or three times a year to advise the PCAOB on the standard setting agenda and related activities. Members of the SAG include individuals employed by public companies, accounting firms, investors, and other regulatory bodies.

Q: What role do accounting firms play in the standard setting process? Can you suggest how companies can better participate?

The comment forum is the most predominant way Grant Thornton drives standard setting. Leveraging relationships with the companies, private equity firms and investors on PCAOB's SAG is another opportunity for both auditing firms and companies to have impact.

We urge our partners, when they are meeting with management or with the audit committee, to have a dialogue around the PCAOB's agenda, what standards are coming down the pike, what they should expect when new standards are adopted. If a company is concerned about a given standard, I encourage them to work with their audit engagement team, or the firm itself at a higher level, to collectively craft a comment letter relevant to the company's audit agenda.

Q: We often hear from our listed companies that the PCAOB might recommend a new control, test or procedure to cover a specific item—perhaps for a specific company or industry—but instead of applying the new control to just the situation PCAOB identified, the audit firm in turn applies it to all clients. Is this the PCAOB's intent when it gives comments to auditors? If a company thinks this is happening, what recourse does the company have?

PCAOB: Based on this question, it seems there may be some confusion about the PCAOB's inspection process. The PCAOB's inspection process assesses compliance with existing auditing standards and is designed to identify and address weaknesses and deficiencies related to how a firm conducts audits under these standards. These are noted in the inspection report. The firm then goes through the process of remediating the deficiencies identified. In response, a firm may revise its existing quality control policies and procedures as well as the firm's methodology.

Q: BDO and GT, what advice would you give companies that feel they are in this situation? What recourse do they have?

In general, companies should expect their engagement team to articulate why they are performing a specific procedure. Responses in that dialogue should be rooted in a firm methodology, perhaps mapped back to a PCAOB standard or inspection finding. A company needs to challenge the auditing engagement team to understand whether they are identifying the right risks and if the responses to those risks make sense in the context of the financial statement that is currently being audited.

BDO: The PCAOB typically will only comment on a material matter, and auditing firms take those matters very seriously. As part of our QC process, we will determine why the issue occurred, if it is specific to that particular engagement and if corrective actions should be limited to that engagement, or if it is a broader QC issue that may be a methodology concern. I would encourage companies that feel they are in an over-auditing situation to have a dialogue with the engagement partner as to why they think a procedure may be necessary and to further understand what is driving it.

PCAOB: If company management is concerned about over-auditing in a particular area, then management should take it up with the audit committee. Each year, the audit engagement team discusses an overview of the audit strategy with the audit committee. This could provide an opportunity for management to have a productive dialogue with the auditor and the audit committee as to a particular auditing issue management may be concerned about.

Q: On June 1, the PCAOB introduced a new audit standard, AS #3101, that will initially make certain changes to the audit report, and eventually change the way auditors describe "Critical Audit Matters" in both the audit report and when interacting with audit committees. PCAOB, can you discuss this new standard?

The new AS #3101 is a standard that's been adopted by the Board, but not a standard of the PCAOB yet, since it is subject to a notice and comment process by the SEC. The SEC will post it in the Federal Register and public companies, broker-dealers, accounting firms, investors and others will have another opportunity to comment on this standard. The SEC will consider public comments received in deciding whether the new standard and related amendments are consistent with the requirements of the Sarbanes-Oxley Act, the securities laws, in the public interest or for the protection of investors.

The new standard retains the pass/fail model that is in the existing standard today and contains a new element related to the communication of critical audit matters, or CAMs, in the auditor's report. Critical audit matters are matters arising from the audit of the financial statements that are communicated or required to be communicated to the audit committee, relate to accounts or disclosures that are material to the financial statements, and involve especially challenging, subjective, or complex auditor judgment. If there are no critical audit matters to be communicated, then that fact should be disclosed in the report.

PCAOB board members don't intend for the CAMs to result in boiler plate language. The Board anticipates the new standard will make the auditor's report more relevant, useful and informative to investors and other financial statement users with respect to a particular company. CAMs are determined using a principles-based framework and should be tied to a particular audit engagement in which they arise. The communication of CAMs in the auditor's report should inform investors and other financial statement users of matters arising from the audit of the financial statements that involved especially challenging, subjective, or complex auditor judgment, and how the auditor addressed those matters. We anticipate there will be different CAMs between companies within the same industry. The point is to make sure the information is useful to the investing public.

We also made some other changes to the audit report in the adopted standard, including a new disclosure of audit tenure (that is the year in which the auditor begins serving consecutively as the company's auditor).

If approved by the SEC, we plan to phase in the effective date for Standard AS #3101 over several years. The new auditor's report format, excluding the reporting requirements of CAMs, would be effective for audits of fiscal years ending on or after December 15, 2017. The communication of CAMs would become effective for audits of large accelerated filers for fiscal years ending on or after June 30, 2019. Communication of CAMs for audits of all other companies would become effective fiscal years ending on or after December 15, 2020.

Q: BDO and Grant Thornton, how do you think the adoption of this standard will change your interaction with your public company clients? What do you think will be the most challenging aspect of adopting this new standard?

I'm not sure the interaction with public companies will change. The CAMs information that's expected to be included in the report is akin to an MD&A in a public company filing, meant to give insight into our audit approach. That information is already communicated not only to management, but also to those charged with governance. I think where the sensitivity will come in is that this is not generally public information currently. While management absorbs it, understands it, and challenges it, audit committees and those charged with governance in a similar fashion will have some sensitivity as to what they would like us to include and not include in a report. I expect certain firms and/or companies will have robust discussions around CAMs, and others will disclose them in more vague and general terms.

BDO: Discussions related to the new standard are already happening with engagement teams, and those are robust discussions, in terms of those CAMs: what those disclosures are, how they will be written, and discussions between the auditor and the companies in terms of the robustness of CAMs disclosures.

Q: We hear from our listed companies that audit fees are increasing because of the additional testing and audits being required by the PCAOB, and auditors have no incentive to keep them down. Do auditors use a cost/benefit analysis when deciding what procedures are necessary? How can this be addressed in a meaningful and constructive way?

We have to perform our audits to achieve high audit quality, in accordance with the auditing standards which govern our work. There's not much in terms of cost that we can do from that perspective. We are in a competitive market across all the auditing firms—margins are actually declining because of what it requires in today's world to perform a high quality audit. So we need to stay focused on performing the procedures that are necessary, and companies need to be involved in a dialogue to understand why we are doing certain things. As we discussed today, companies can also be involved in the standard setting process.

GT: There's a minimum level of effort on an audit, whether it be public or private, and a company should determine that either through their own research or their engagement team articulating what that minimum level of effort is. Because as Blake [BDO] said, that effort is rooted in the standards. There will be issues that go above and beyond the standards, because of unique industry factors or circumstances related to a given transaction or company situation.

Companies can help keep costs down by understanding the minimum level of effort, determining whether the team can leverage internal audit for controls testing, and identifying ways to leverage other information the company is using to get to the right answers.

Q: In other countries, audit reports provide much more detail than is currently provided in the U.S. Do you foresee that audit reports will become more granular in nature and less standardized? If so, how?

The proposed PCAOB standard we spoke about earlier adding CAMs to reports is a first step in that direction. It's hard to make a global comment because every jurisdiction is a little different. For example, in certain European jurisdictions, you see director information, compensation and other information in auditor's reports; this information is already public here in the U.S. but it exists in different areas. I do think we will start to see a bit more standardization across the global economy, because global investors want to see reporting that's somewhat similar, not only from an accounting standard perspective but from an audit perspective as well.

Listen to June 7th webinar >>

Visit the PCAOB homepage to view current auditing standard proposals >>

Read more about the PCAOB's Office of Outreach and Small Business Liaison >>
Publication Date*: 6/16/2017 Identification Number: 1390 Mailto Link
Frequently Asked Questions
Comment Solicitation: Shareholder Approval Rules
Identification Number
Comment Solicitation: Shareholder Approval Rules
Publication Date: June 14, 2017

Click here to read our Comment Solicitation >>

Last year, Nasdaq solicited comments on our shareholder approval rules. These rules were adopted in 1990 and have remained largely unchanged since then. The comment solicitation was designed to elicit views on whether the rules could be updated given changes in the capital markets since then, without sacrificing the crucial investor protections they provide.

Following review of the comments provided, Nasdaq is considering a rule amendment to: (i) change the definition of market value for purposes of the shareholder approval rules from the closing bid price to a five day trailing average of the closing price; and (ii) eliminate the requirement for a company to obtain shareholder approval for issuances of common stock at a price less than book value.  As part of these changes, Nasdaq would also require that an issuance of 20% or more of the company's outstanding securities be approved by the company's independent directors where shareholder approval is not required.

We encourage all interested parties to review the detailed description of these proposed changes in our Comment Solicitation and provide comments before July 31, 2017. 

Electronic responses are preferred and may be addressed to:

You may also review last year's comment solicitation here.
Publication Date*: 6/14/2017 Identification Number: 1389 Mailto Link
Frequently Asked Questions
Thinking Outside the Audit Committee Box: A Better Way to Manage Risk
Identification Number
Thinking Outside the Audit Committee Box: A Better Way to Manage Risk
Publication Date: May 23, 2017

An ever-increasing reliance on evolving technologies has left corporations vulnerable to cyber-attack and business model disruption. At the same time, enterprise risk management has landed squarely in the sights of institutional investors. As a result, boards must enhance their oversight of risk management.

Audit committee members, who have had responsibility for risk management on many boards, are feeling strained as regulatory demands intersect with that increased responsibility; in a recent survey of nearly 1,500 audit committee members by KPMG, half of those surveyed reported their committees may not have the time or expertise needed to be effective in all areas of responsibility.

Thus, there is a growing awareness that boards may need to evolve, including by altering board committee structures and reallocating workflows. To help us better understand these issues, we asked Betsy Atkins, veteran of 23 boards and 13 IPOs, to share her expertise on providing effective oversight of risk management in the boardroom.

Q: What is a board’s primary role with respect to enterprise risk management?

A: The board’s primary roles related to enterprise risk management are ensuring the company’s strategy is still relevant, examining the real risks the company faces and determining what risk oversight mechanisms are most effective. The lifecycle of S&P 500 companies has declined from about 60 years in 1958 to below 20 years now below 20 years now, begging the question “Why do so many established public companies go out of business?”

While some get acquired, go private, or become bankrupt, too many disappear because they don’t innovate or stay relevant. The rate of change in business today is alarming—a very real threat for the shareholders is that a company quietly loses market share for three or four years and then suddenly wakes up to realize they’ve lost nearly thirty percent of their market. When that happens, we see Blockbuster and Borders get replaced on the S&P 500 by Netflix and Amazon. Both of those companies might still be in business if their boards had been keeping an eye on new business models, digitally-born companies, and marketplace disrupters.

Q: What are some strategies boards can employ to better manage risk?

A: There are a number of tactics for load-leveling the risk management responsibility across a board, including:

Separating the oversight of future-looking risks from backward-looking risks.
Divide risks into two main categories: backward-looking risks and future-looking risks. Forensic, backward-looking risks include financial internal controls, review of quarterly financial statements, and compliance with FASB regulations. These are historically—and appropriately—the strength and domain of the audit committee.

Future (and emerging) risks include cyber-attacks, cyber breaches that damage brands, disrupted business models, and emerging digital marketplaces. Technology risk, too, needs to be examined. Although disaster recovery has long been a purview of the audit committee, oversight of cyber security and technology risks do not necessarily belong on the audit committee agenda.

Assigning oversight of forward-looking risks to the governance committee.
Audit committees are disproportionately busy on corporate boards. Compensation committees are also quite busy during certain times of the year, leaving governance and nominating committees as the least busy.

The nominating mandate is clear and happens in short bursts: refresh and renew the board. But what is governance on behalf of shareholders? Often, it’s limited to code of conduct, tone at the top, and preventing foreign corrupt illegal practices and sexually predatory behavior. However, governance really ought to be ensuring—on behalf of the shareholders—that the company is relevant, innovative, and vibrant.

I chair the Nominating and Corporate Governance Committee on the Board of HD Supply. Our Audit Committee looks at internal controls, financial reporting, and other functions that Audit Committees historically have performed. We created a more future looking-role for the Nominating and Governance Committee to look at business strategy, including the digital transformation of the company’s business. We’ve had outside speakers from major consultancies like McKinsey, Boston Consulting Group, and Accenture come in and educate us. We’re also working with artificial intelligence experts who can help us understand how to apply that technology to increase B2B sales revenue.

Incorporating working sessions into board meetings.
Like other boards, at HD Supply we have a nominating and corporate governance, audit, and compensation committee readout. But what’s a little different from other boards I’ve served on is that we have a lively discussion around the board table during these readouts, regularly debating our major initiatives of digital and business model transformation.

And we believe in working board dinners, held at our headquarters in the training center versus at a restaurant. We bring in the company’s senior leadership team, as well as contemporary and knowledgeable external speakers, to discuss topics we want to immerse ourselves in.

Leveraging technology to manage risks by monitoring corporate health.
There are a number of metrics that should be tracked to assess corporate health and flush out potential risk factors; these are related to compliance, digital advancement, product and service development pipelines, market share, customer satisfaction, and employee turnover.

There are companies and platforms out there, like Boardvantage that can capture and track those types of metrics to develop an automated corporate health dashboard. Are we as digitally advanced as Amazon? Are we developing and introducing new products and services as quickly as Lowes? Are we an innovation leader, laggard or fast follower? Are we growing market share or losing it? Are we using artificial intelligence as effectively as our competitors? These are the benchmarks we want to monitor.

Viewing board composition as a competitive asset.
It is incumbent on boards to consider, and actively discuss on the governance committee, whether the board should be viewed as a competitive asset to the shareholders or just fiduciaries who do oversight. If the determination is “we are a competitive asset” then the board really ought to look at the competencies around the table the same way a company looks at its management leadership team.

Boards ought to carefully consider, given the turbulent sea of changes that businesses are navigating, how best to refresh and bring on a director or two with skill sets they’ll need in the next three to five years. Boards should forward-appoint members the same way corporations forward-hire, rather than waiting passively for a retirement to free a seat at the table.

By employing these tactics, boards can better fulfill a critical governance mandate: identify business-killing risks before it’s too late.

Betsy Atkins serves as President and Chief Executive Officer at Baja Corp, a venture capital firm and is currently the Lead Director and Governance Chair at HD Supply. She is also on the board of directors of Schneider Electric, Cognizant and Volvo Car Corporation and served on the board of directors at Nasdaq LLC and at Clear Standards as CEO and Chairman.

A self-proclaimed “veteran of board battle scars,” Ms. Atkins will be collaborating with Nasdaq to produce a series of corporate governance “nuts and bolts” articles.

Other popular posts featuring Betsy Atkins on the Governance Clearinghouse:

Seven Critical Elements of a Board Refreshment Plan >>
What Makes a Great Board? >>
Publication Date*: 5/23/2017 Identification Number: 1378 Mailto Link
Frequently Asked Questions
Top Cybersecurity Concerns for Every Board of Directors: Data Mapping and Encryption
Identification Number
Top Cybersecurity Concerns for Every Board of Directors: Data Mapping and Encryption
Publication Date: May 17, 2017

This is the fourth of a four-part series of white papers authored by Cybersecurity expert John Reed Stark. This series -- published for the first time on Nasdaq's Governance Clearinghouse --outlines a strategic framework for boards of directors to effectively analyze and supervise corporate cybersecurity risks.

This final part of the series Top Cybersecurity Concerns for Every Board of Directors discusses the board's oversight responsibilities with respect to two of the largest enterprise undertakings in the field of cybersecurity: data mapping and encryption.

  • Data Mapping: Every cyber-attack response begins with the forensic process of preserving any electronically stored information (ESI) that may be relevant to the cyber-attack. The most well-run companies establish sophisticated and intelligent data classification schemes to mitigate the costs and challenges of preserving ESI after an attack. Creating an accurate data map for a company is imperative: before a company can figure out how to protect its data, the company needs to know where that data is.

  • Encryption: While encryption systems require constant maintenance, and may complicate communications lines, encryption is typically a company's last line of defense from cyber-attacks. Target's hackers had access to everything, from the deli meat scales to the cash registers, because there were no controls such as encryption limiting access. Merely encrypting sensitive data is not enough—the type of encryption is of equal importance.
This four-part series of white papers covers the following cybersecurity topics:

Part 1, Cybersecurity Governance: critical components related to the governance practices, policies and procedures of a strong cybersecurity program.

Part II, People: cybersecurity recruitment, training and retention as well as hiring outside firms for digital forensics and data breach response.

Part III, Technology: the technical systems that provide the foundation for cybersecurity infrastructure. 

Part IV, Data Mapping and Encryption: an overview of the board's oversight responsibilities with respect to encryption and data mapping.

By using these white papers as a guide, boards of directors can become not only more preemptive in evaluating cybersecurity risk exposure but they can also successfully elevate cybersecurity from an ancillary IT concern to a core enterprise-wide risk management item. 

Read John Reed Stark's Latest White Paper on Data Mapping and Encryption >>

John Reed Stark is President of John Reed Stark Consulting LLC, a data breach response and digital compliance firm. Formerly, Mr. Stark served for almost 20 years in the Enforcement Division of the U.S. Securities and Exchange Commission, the last 11 of which as Chief of its Office of Internet Enforcement. He also worked for 15 years as an Adjunct Professor of Law at the Georgetown University Law Center, where he taught several courses on the juxtaposition of law, technology and crime, and for five years as managing director of a global data breach response firm, including three years heading its Washington, D.C. office. Mr. Stark is the author of, "The Cybersecurity Due Diligence Handbook," available as an eBook on Amazon, iBooks and other booksellers.
Publication Date*: 5/17/2017 Identification Number: 1375 Mailto Link
Frequently Asked Questions
Learn More About the Shareholder Services Association
Identification Number
Learn More About the Shareholder Services Association
Publication Date: May 16, 2017

Nasdaq recently talked to the SSA to learn more about its mission, the benefits of membership, and its advocacy efforts on behalf of the shareholder services industry. They also shared the agenda for their 2017 Annual Conference that will take place in Florida on July 18-20.

Read our interview with the SSA >>
Publication Date*: 5/16/2017 Identification Number: 1376 Mailto Link
Frequently Asked Questions
WEBINAR RE-PLAY: A Conversation with PCAOB, BDO and Grant Thornton
Identification Number
WEBINAR RE-PLAY: A Conversation with PCAOB, BDO and Grant Thornton
Publication Date: June 8, 2017

Nasdaq hosted a web seminar with representatives from the PCAOB, BDO USA and Grant Thornton to discuss the PCAOB resources available for public companies on June 7.

Listen to the Re-Play Here >>
Publication Date*: 5/16/2017 Identification Number: 1374 Mailto Link
Frequently Asked Questions
Vell Report Encourages More Board Diversity in Small Tech Firms
Identification Number
Vell Report Encourages More Board Diversity in Small Tech Firms
Publication Date: May 12, 2017

A new report conducted by Vell Executive Search took an inside look at how companies can improve diversity within the board room. The report, titled “Women Board Members in Tech Companies: Strategies for Building High Performing Diverse Boards,” examined 581 large public technology companies in the U.S. and Canada, and found that while many of these firms are embracing women on boards, there is still room for improvement, especially among smaller companies. The report found that while the technology industry has made strides in large firms, focus is needed on the entire sector, beyond those large companies, in order to gain balance on boards. Recommendations to help achieve diversity include extending succession planning timelines, providing internal training in governance matters, and assisting smaller companies to find diverse board members.

Read the Vell Executive Search Report>>
Publication Date*: 5/12/2017 Identification Number: 1373 Mailto Link
Frequently Asked Questions
Nasdaq Talks to . . . PCAOB's Office of Outreach and Small Business Liaison about Its Mission and How It Can Help Public Companies
Identification Number
Nasdaq Talks to . . . PCAOB's Office of Outreach and Small Business Liaison about Its Mission and How It Can Help Public Companies
Publication Date: May 9, 2017

Nasdaq often hears questions from listed companies about their annual financial statement audit or a specific accounting directive. To help answer these questions, Nasdaq investigated and found that, although the Public Company Accounting Oversight Board (PCAOB or the Board) does not have an official "ombudsman," it does have an Office of Outreach and Small Business Liaison. Read our interview below to find out how this office can help answer these questions.

Want to know more?  You can listen to a re-play of a recent webinar Nasdaq hosted with PCAOB, BDO, and Grant Thornton here >>

Q: What is the Office of Outreach and Small Business Liaison?

A: The Office of Outreach and Small Business Liaison was established in 2010 after the passage of the Dodd-Frank Act. The Office plans and conducts forums for auditors of smaller public companies and for auditors of smaller broker-dealers. The Office also acts as a liaison between the Board and accounting firms and others affected by the Board's work; assists with arranging Board member and PCAOB staff speaking engagements; and serves as a contact for anyone who may have questions about the Board's regulatory activities or needs assistance in locating publicly available information issued by the Board.

Q: How can you help public companies?

A: The PCAOB website contains a number of resources which inform companies about the work of the PCAOB including inspection reports of registered accounting firms and summaries of inspection findings. More information on these pages is provided below.

In addition to our website, PCAOB Board Members and Senior Staff speak to representatives from public companies at events across the country. This includes groups of CFOs as well as Audit Committee members.

In addition to the website, public companies may contact our office if they have questions related to anything on the website.

Q: What's the best way to reach you?

A: The office can be reached by telephone at (202) 591-4135 or by email at either or

Q: What are the most common questions you get? How do you respond?

A: The Office of Outreach receives questions on many topics. The most common requests typically involve assistance with locating information on registered firms. Generally, staff from the office will respond directly to the person who contacts us. In some instances, due to the technical nature of the question(s) posed, messages are sent to the appropriate division within the PCAOB for a response. Additionally, if the question or request relates to an issue outside of the PCAOB's jurisdiction, we will direct people to the organization or agency best suited to respond.

We encourage people who contact us to provide enough detail in their message so that the request can be handled promptly.

Q: How can a company participate in PCAOB's standard-setting process? Are there ways for PCAOB to accept input from public companies? What is it?

A: The PCAOB collects comments from all interested parties, including public companies, as part of the standard-setting process. If a proposal is open for comment, it will be listed on the PCAOB home page. The PCAOB has also made available a rulemaking docket which lists the status of all rulemaking projects, including standards. More information on the comment process is available here. All comment letters that are received are posted on the PCAOB website.

Additionally, all PCAOB standards are subject to SEC approval. Once a proposed standard is submitted to the SEC, there is an additional period in which comments are accepted.

The PCAOB also has a Standing Advisory Group which advises on the development of auditing and related professional practice standards. Public company executives and audit committee representatives are among the members of the group.

Broad-based organizations whose members are public companies such as Financial Executives International, the Society for Corporate Governance, the American Bankers Association, and others may seek to meet with Board members and senior staff to discuss issues of mutual interest. Public companies could also reach out to the Board through Nasdaq.

Q: What other resources are available at PCAOB for public companies with auditor-related questions or concerns?

A: As noted above, the PCAOB website has a number of documents and pages that may be of interest to public companies. The Board frequently issues general reports along with staff inspection briefs. In addition, the Board has created a page with information specifically for audit committee members. Information on firms registered with the PCAOB is available through the registration and reporting system. Users of the system can search for any firm and see inspection reports and enforcement actions for each firm as well as view filings required by the PCAOB. Questions not specifically answered on our web site should be directed to the email address and phone numbers listed above.

We encourage anyone interested in the work of the PCAOB to sign up for email updates or to follow us on Facebook, Twitter and LinkedIn.
Publication Date*: 5/9/2017 Identification Number: 1371 Mailto Link
Frequently Asked Questions
10 Nasdaq Companies in the Russell 3000 Reach Gender Parity in the Boardroom
Identification Number
10 Nasdaq Companies in the Russell 3000 Reach Gender Parity in the Boardroom
Publication Date: May 3, 2017

The latest Equilar Gender Diversity Index, a quarterly study of female directors in the Russell 3000, found that 10 Nasdaq companies have reached gender parity in the boardroom: Ascena Retail Group, Avid Technology, Connecticut Water, Heska Corporation, Hologic, HSN, Navient, Select Comfort, Trevena, and Viacom. The report also showed signs of progress in addressing gender diversity, including the fact that 25% of new board members in the first quarter of 2017 were female.

Read the Equilar Report >>

Read Nasdaq’s interview with the CEO of Connecticut Water about the role board diversity plays in strengthening corporate governance and improving company performance >>
Publication Date*: 5/3/2017 Identification Number: 1366 Mailto Link
Frequently Asked Questions
Reputation Risk and Opportunity Governance: A 5-Point Blueprint for Boards by Andrea Bonime-Blanc, JD/PhD
Identification Number
Reputation Risk and Opportunity Governance: A 5-Point Blueprint for Boards by Andrea Bonime-Blanc, JD/PhD
Publication Date: May 2, 2017

Andrea Bonime-Blanc is the Chief Executive Officer of GEC Risk Advisory and Author of The Reputation Risk Handbook.

Reputation risk and opportunity management is the front line job of management – however, it is the job of the board to provide reputation risk and opportunity oversight for their company. And most boards don't even think about reputation risk until the crisis or scandal hits and their company's reputation, as well as their own personal reputations possibly, may be at risk.

In this article, we define reputational risk, identify recurring themes that were present in cases where reputation risk has gone wrong, and offer a high level five point blueprint for boards to oversee reputation risk and opportunity at their companies. Why do this? Because effective reputation risk management – just like effective enterprise risk management – is not only useful to mitigate losses and liabilities but also to build reputation opportunity and value with and from key stakeholders (customers, employees, regulators, etc.).

Reputation Risk Defined

Within the context of an organization (whether a company, a government agency, a university or a non-profit), reputation risk is a strategic risk that can amplify other underlying and related risks especially non-financial or ESG (environmental, social and governance) risks when those risks have not been properly identified, managed or mitigated. Here is a simple definition of reputation risk I offer in my book, The Reputation Risk Handbook:

Reputation risk is an amplifier risk that layers on or attaches to other risks – especially ESG risks – adding negative or positive implications to the materiality, duration or expansion of the other risks on the affected organization, person, product or service.

When one couples the notion of an amplifier risk with the notion of stakeholder expectations and impact, one can surely start seeing the gestalt of why reputation risk has both qualitative and quantitative dimensions.

Reputation Risk Management Gone Wrong

It is important to note a recurring theme throughout cases where reputation risk went wrong: something or some things did not work well within these companies in advance of the crisis and there are three critical topics that seem to appear in most of these cases:

  1. The Board did not have a proactive stance on effective risk oversight, let alone reputation risk oversight.
  2. The CEO/c-suite were not creating or supporting a culture of accountability and customer-centricity thus allowing for the erosion key stakeholder trust.
  3. The company itself does not appear to have effective risk management and/or views risk as a liability that happens to unlucky companies (instead of a manageable asset that also has embedded opportunity and potential value).

Why Good Reputation Risk Management and Oversight Matter

Reputation risk matters for worse and for better because it’s what happens when the expectations of stakeholders – potentially a multitude of them – are missed, met or exceeded. Reputation risk acts as an amplifier and accelerator of an underlying risk that is not managed at all, poorly managed or is managed up to and possibly beyond the expectations of key stakeholders.

While stakeholder expectations can be characterized as being largely behavioral, emotional or intangible, what happens as a consequence of exceeding, meeting or missing stakeholder expectations is far from intangible:

  • An organization’s meeting or exceeding its stakeholders’ expectations can have neutral to positive qualitative and quantitative consequences.
  • An organization’s missing its stakeholders’ expectations can have negative consequences – both qualitative and quantitative.

Reputation Stakeholders

How well an organization understands and incorporates a qualitative assessment of its key stakeholders and their expectations is where the qualitative and quantitative dimensions of reputation risk meet: one does not make sense without the other and one feeds upon the other. The below chart from my book, The Reputation Risk Handbook, shows a range of some of the key stakeholders that organizations should be considering in such an assessment.

Outside Inside Graph 1

The bottom line is this: flying without a reputation risk net is tantamount to hoping for the best in a world full of challenges, risks, threats and (lost) opportunities. Adopting such a framework, in turn, provides the resilience needed for long-term survival and even out-performance as risks are managed and new opportunities are identified on the way to effectively managing reputation risk.

With these themes in mind, let’s take a look at the five keys to successful ongoing board reputation risk oversight.

A Five Point Reputation Risk Governance Blueprint

Below is what I would consider to be the five key tasks of a board intent on overseeing reputation risk and opportunity effectively for their company:

  1. As an Amplifier and Strategic Risk, Reputation Risk should be on the Board Agenda Regularly. Reputation risk does not occur in isolation but in relation to other underlying risks. As such, reputation risk must be on every board agenda together with strategic and enterprise risk oversight.
  2. Boards Must Oversee Effective Enterprise Risk Management (ERM). Reputation risk cannot be properly understood, managed or supervised without robust underlying ERM that identifies all risks and allows related reputation risk to be properly gauged.
  3. The Board Must Know Who the Company’s Key Stakeholders Are. Why? Because every stakeholder has expectations of a company’s behaviors and results both financial and non-financial. If and when those expectations are not met, both qualitative and quantitative consequences will follow, most of them negative. The reverse is true as well: the better an organization understands, nurtures and tends to its principal stakeholders, the better off that organization will be when and if crises occur, with both qualitative and quantitative consequences, most of them neutral or positive.
  4. A Cross-Disciplinary Team of Company Experts Should Manage Reputation Risk. And it is up to the Board to understand from such experts – from the chief risk officer and head of public relations and communications to the general counsel and the audit executive. They are best prepared to understand the reputation risk of the company if they prepare accordingly. That team must also be synchronized with a proper and effective crisis management program.
  5. Reputation Risk is Directly Connected to Corporate Resilience, Opportunity & Value Creation. It is the board’s role to ensure that the company and its management develop and implement resilience measures to counteract and mitigate material risk and to take advantage of risk opportunity – reputation risk oversight is a critical part of this process. The more prepared an organization is for its risks, the greater chance it will have to successfully manage the risk, associated crises and value opportunities.

For more information and case studies, readers should go to the thought leadership page of the GEC Risk Advisory website.


Dr. Andrea Bonime-Blanc is CEO founder of GEC Risk Advisory and a global governance, risk and value creation strategist. Her firm specializes in governance, risk, ethics, compliance, corporate responsibility, reputation and crisis advice to the private, public, governmental and non-profit sectors worldwide. She is author of The Reputation Risk Handbook and Emerging Practices in Cyber-Risk Governance and has been consistently recognized by Ethisphere as one of the “100 Most Influential People in Business Ethics.” In 2017, she was appointed Ethics Advisor to the Financial Oversight and Management Board of Puerto Rico, created by the U.S. Congress to oversee the restructuring of the Puerto Rican economy. She tweets @GlobalEthicist and writes the Risk2Value Blog.

The views and opinions expressed herein are the views and opinions of the author at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular company, industry or security mentioned herein and nothing contained herein should be construed as legal or investment advice.

Publication Date*: 5/2/2017 Identification Number: 1364 Mailto Link
Frequently Asked Questions
Fredrik Voss, Nasdaq Vice President, Talks About What Blockchain Could Mean to Your Company, Part 2
Identification Number
Fredrik Voss, Nasdaq Vice President, Talks About What Blockchain Could Mean to Your Company, Part 2
Publication Date: April 28, 2017

Following up on our interview last year, we had the chance to speak again with Fredrik Voss, who is spearheading Nasdaq's blockchain innovation initiative. Fredrik described the advances and accomplishments over past year, and gave us some idea of what to expect in the future. Excerpts from our conversation follow.

Q: Last year, Nasdaq announced a blockchain-based solution for voting in Annual General Meetings in Estonia, an application of the technology that went beyond settlement and clearing, an area that seems to be garnering a lot of attention. What made you choose this project?

A: We chose that project for a couple of reasons. One, we deliberately wanted a project that wasn't related to the issuance and settlement of assets on blockchain. We wanted to do something else. We also wanted a project where we really had to explore issues around identity on the blockchain: the identity of a person, identity of a person representing a firm and then firms and people representing other firms in a proxy arrangement.

So those were two things we wanted to explore and then we wanted to find a space where we could do that with internal knowledge and by leveraging the blockchain technology and know-how from our partner Chain. It so happens that in Estonia, we actually do run annual general meetings for a number of companies, as a service. So we had a good understanding of the current business process, so to speak. Also, we would have to rely on a central security depository (CSD) for a share ownership data and we actually own and operate the CSD in Estonia.

As we explored leveraging that environment, we also identified that the Estonian government has put in place a system called e-Residency, which is an advanced way of handling digitized identity for Estonian citizens, but anyone can become an electronic resident of Estonia through that mechanism. So a lot of planets aligned while we picked that particular use case and that particular market as the pilot.

Q: With respect to annual meetings, what are the advantages of a blockchain-based system versus the traditional model?

A: You can obviously do electronic remote voting using traditional technology but the blockchain (or distributed ledgers) has some inherent capabilities that make them quite attractive for a use case like annual meetings, in that it's very easy to track the provenance of a digitized asset. A digitized asset can be anything, but in this case, it's a vote, and it is easy to track its whereabouts in a blockchain user base.

One of the problems with the proxy process today is actually demonstrating to the shareholder that their vote was cast in accordance with the instructions of the shareholder. It is actually difficult to do that. But with blockchain technology, you can easily track the whereabouts of that vote. Also, with this system, the ledger is immutable; you cannot change the records, you can undisputedly prove that votes were cast in accordance with the instructions.

Basically, the way it works is that when a vote is coming up, you poll the CSD, and you issue the right number of voting tokens to the shareholders. An individual shareholder can then transfer that voting token to a delegate, or of course they can vote on their own as well. Then you can actually track the whereabouts of that voting token in the network. You can also see in which ballot – if it was in the yes one or the no one –it was cast. There are some inherent functions in blockchain that make it an easy technology to use for that particular use case.

Q: So a company is no longer just sitting back and waiting for the votes to come in? They actually have total visibility into the whole process from beginning to end?

A: Exactly. They have total visibility from the issuance of those voting tokens. You can allow various parties to see where the votes are in the network, and if you are the shareholder, for example, and if you delegated your vote to someone, you can actually see where it is, you can see when it's cast, you can see in what ballot it was cast, depending upon the rules of the voting process. You can allow the issuing company to see the complete picture of where the votes are for everyone in the network.

The technology provides transparency and certainty to these processes. You cannot quite emulate that using the existing technology of trusted third parties and traditional databases. That would be a more complex and cumbersome solution to build than versus leveraging the inherent capabilities of blockchain ledgers.

Q: In a report issued in January 2017, the Estonia AGM project was described as "successful" and well received by the user community. What were the highlights from this effort?

A: As highlighted in the report, we tested our solution in cooperation with a recently listed Nasdaq Tallinn company, LHV Group, an Estonian financial group. Some reactions from LVH's management team were:
  • Mr. Erki Kilu, CEO of LHV Pank: Testing the prototype was simple and user friendly. The options were intuitive and required minimal amount of clicks. It is a joy to use a blockchain-based system that actually works and which is awaited by the market and can be used by thousands of people at the same time.
  • Mr. Madis Toomsalu, CEO of LHV Group: It is a good initiative (i.e. start-up) and has a lot of potential. Testing of the prototype was convenient and simple. If the future solution enables mobile ID authentication as well and the security is granted, then we would definitely consider using the product in the future.
Some feedback we received from various investors included:
  • "The GUI was very clean and intuitive, design is nice."
  • "Everything was logical, simple and understandable. The only disappointment is that I did not find any bugs to report."
  • "Quick and simple way to vote. The future seems bright!"
They appreciated the transparency in the process. We had proxy companies and custodians involved in the process, and for them, the fact that they now could validate and have evidence that they have fulfilled their obligations was helpful for them. We also learned a couple of things on what is needed to do to make it a complete product, so that was helpful as well.

Q: Looking back on the Estonia project, in what areas do we still need to make improvements?

A: I think the core piece of the solution is very solid. To make this a complete and attractive solution for the users there are some areas we can improve upon. Currently, for example, you have to use a laptop to participate remotely. Obviously you want to be able to provide handheld capabilities. What we delivered was sort of a first minimum viable product or a pilot, and there are some analytics and additional features we'd like to add to it when we turn it into a full blown product.

Q: Do you think that blockchain technology will facilitate shareholder engagement?

A: Totally. That's one of the key promises of the technology. We explore, broadly speaking, three uses of the technology. The first would be post-trade issuance and settlement, as you mentioned earlier. We're also looking to regulatory transparency. But we also are looking at whether this technology can be used to bring issuers and investors closer to each other. And I think this project proves that is the case.

We think that a solution like this could promote a more active investor base. It will be a cheaper, more intuitive, more effective way of participating. For example, in a shareholder meeting, it doesn't mean that everyone wants to participate on their own, but the delegation methodology is a more attractive solution for the issuer, the investor and the proxy custodian. So this project is actually evidence that the technology potentially has that capability.

Of course, to continue on that theme, that voting token we talked about earlier could basically be any digitized asset. If you're a coffee company, the token could be a beverage coupon that you can easily send to your shareholders using the electronic ledger network, as an example of something you could do in the future. So we definitely think the technology will facilitate shareholder engagement.

Q: Nasdaq is utilizing blockchain technology with private companies through the Nasdaq Private Market. How are private companies utilizing the blockchain technology?

A: That is the first project we embarked upon, what we call the Linq project, which combines Nasdaq solutions with technology developed by our partners at Chain. That falls into the first bucket of the areas we've explored: the issuance, settlement and transfer (in the case of secondary market transactions) of ownership of securities. So that is mainly how we've used the technology in the private company space.

So basically, a private company using this solution issues shares, and it can transfer those shares to its investors. When investors trade in the secondary market, they can transfer ownership of those shares using this technology. This is all electronic, secure, and done in real time. But there is no trusted third party in the middle. There is no central depository involved so this is a true peer-to-peer network that's leveraging the technology. It is actually the technology that keeps track of who owns what, instead of a trusted third party in the middle, like a depository.

Q: With private companies, what advantages does the distributed ledger provide over traditional systems?

A: In the U.S. for example, you've traditionally had paper certificates. You've had capitalization tables being managed in Excel spreadsheets. You have had these certificates being shipped by common carrier, and stored in vaults. You're talking about a labor intensive, error prone infrastructure…but the key feature has been a peer-to-peer network between these parties. Now you can actually keep this peer-to-peer network if this industry does not want to have a depository function in the middle. This technology secures the processes, provides capitalization information in real time, and is cheaper than the way it happens right now.

Q: How do you see the landscape changing in 2017? What roadblocks are limiting the mass adoption of the blockchain technology?

A: In terms of blockchain in capital markets, we are sort of moving out of the proof of concept (POC) era. Not only at Nasdaq, but among the blockchain industry as a collective, there are fewer POCs, and we are seeing more and more solutions, products being deployed for real assets with real customers. So we are leaving the POC era and entering into more of a pilot era with real products. It's going to be interesting to follow how those products perform over the next, let's say, two years. We are seeing increased certainty in the technology. That said, blockchain is not yet, of course, a mature technology.

We will see a lot of evolution in blockchain protocols over the coming years and there are still certain issues around functionality that need to be developed. But we and others increasingly believe that actually these types of enhancements they will be achievable and where companies like our partners Chain are in the forefront. So the technology seems to be increasingly validated as a good candidate for use in capital markets. Now the focus is on the obstacles or challenges limiting wide-scale adoption, and they are mainly non-technology related and non-technical in nature.

One challenge is actually going from vision to concrete designs of how these solutions, these networks, are going to work. The blockchain has wonderful potential as an enabler of faster transaction processing, lower need for capital, better operations, lower cost for IT, among other things. That is the vision – but actually bringing that down into a concrete design that a community of users can agree upon? That's not a show stopper but it takes a bit of time to achieve. So that's one area.

A second area is legislation and regulation. Some of these new business models and market structures that are being thought about are so innovative that they are simply not contemplated by existing laws and regulations. The issue is not that they are prohibited, the issue is that there's a legal uncertainty around them in the current regulatory context. You cannot expect capital market participants to allocate billions worth of assets into solutions where there is legal uncertainty. So there needs to be some legal and regulatory innovation in parallel with the technical innovation. Again, that is not a show stopper – we change laws and regulations all the time, but it takes a bit of time and effort to do it.

Third is something Nasdaq has been thinking about from the beginning: the integration and transition processes. Whatever you want, the fact of the matter is that this technology is being implemented in a pre-existing context – a rather complex technology infrastructure. It needs to be integrated in an efficient way. And then, of course, if your business idea or your business model relies upon replacing a pre-existing piece of infrastructure, you also need to have a credible transition plan to put in the new and get rid of the old technology. You don't want to be stuck halfway through a transition process because then you end up having to support both the old infrastructure and the new infrastructure. We don't want that to happen.

So while technology evolution is still very important, that is less of a concern. Now, more and more focus in terms of challenges is being directed to these three things I just spoke about.

Q: What effect do you think the proposed changes to Delaware General Corporate Law (DGCL) will have on the adoption of blockchain technology for corporate purposes?

A: That is an example of an initiative that addresses the challenge of legislative and regulatory uncertainty. If you can create legal certainty that, for example, shares issued in the blockchain format actually represent ownership in the company that would be tremendously helpful. So I think these proposed changes are a sign that these challenges are starting to be addressed, and that is positive for the landscape.

Q: Besides annual meetings and settlement and clearing, what other uses of blockchain do you foresee for publicly-held and private companies?

A: In terms of the corporate nature of things, those are definitely the key areas. Particularly, issuance, settlement, and transfer of ownership combined with services like voting. That is core. There are a lot of use cases that could be relevant for companies in certain industries.

We know, although we are not active in some of those industries ourselves, that there are a lot of use cases being explored in the insurance industry, in supply chain management, and a number of initiatives in the healthcare industry. So there could be broad implications – some in specific industries, but also general features that address needs for all companies, regardless if they are private or public.

Q: Basically new infrastructure for them to utilize at that point?

A: New and better infrastructure. Of course, if the technology delivers on its promises in terms of creating better transparency into who owns a company's shares, you can think of all kinds of interesting things that a company can do with that information to become a more valuable company to its shareholders.

Q: Last question: do you have any other projects planned for 2017?

A: Yes, there are a number of exciting projects going on. Some are public; some are yet to be publicized. One that has been publicized is that we are working together with a company called The New York Interactive Advertising Exchange (NYIAX) to create a blockchain-based marketplace for advertising instruments.

We are continuing to work on the Linq concept with our partners at Chain and expanding the feature sets. We're expanding the markets for which it is used. We already use it for company shares and we've announced that we're going to use it for alternative investments as well. And as I said, we are working on the features included in the Linq solution as well.

We have also added blockchain capabilities to the Nasdaq financial framework, which is basically a platform for capital market applications, where a user of that platform can use any data store they want. You can use the blockchain or you can use a traditional data base or you can use them in combination.

And then we have a couple of other projects that we actually cannot talk about publicly yet, but when we can, we can add them to the list.

Q: Sounds good. Let's catch up again next year and you can tell us more about this.

A: Yes, we should.

Frederik Voss is a Vice President at Nasdaq responsible for Nasdaq's blockchain innovation initiative.
Publication Date*: 4/28/2017 Identification Number: 1360 Mailto Link
Frequently Asked Questions
Equilar Study Finds Over-Boarding Directors More Common, Better Paid
Identification Number
Equilar Study Finds Over-Boarding Directors More Common, Better Paid
Publication Date: April 21, 2017

The idea of multi-boarding, also known as “overboarding”, has become a topic of debate for investors, board members, and advisors. Although some argue public directorships on multiple boards can positively promote shareholder engagement and corporate governance experience, others question if directors with multiple board commitments are putting sufficient time and energy into their other commitments. A recent Equilar study found that multi-boarding is more present in larger companies, has increased 48.6% to 53.6% in the past five years, and has led to greater director pay-outs. The study also revealed that the increase of women on boards, and a desire for directors familiar with issues scrutinized by shareholders and stricter regulatory requirements, may lead to candidates who are well-versed with these issues serving on more boards.

Read more from Equilar >>
Publication Date*: 4/21/2017 Identification Number: 1357 Mailto Link
Frequently Asked Questions
Is Your Audit Committee Overloaded?
Identification Number
Is Your Audit Committee Overloaded?
Publication Date: April 20, 2017

Strained audit committee agendas are a growing concern of the corporate governance community. In addition to the already weighty oversight responsibilities over financial reporting, internal controls, and the qualification and independence of a company's independent auditor, audit committees are increasingly tasked with taking a larger role in corporate risk management. Nasdaq asked Angela Brock-Kyle, an experienced risk and governance consultant and audit committee veteran, to share her insights on this topic. She described the warning signs of potential audit committee overload and outlined strategies to mitigate it.

Q: Are audit committees overloaded and if so, what is causing this trend?

A: Yes, some audit committees are overloaded and overwhelmed, but the causes depend on the particular situation.

One factor causing this trend is that audit committees are often viewed as the natural place for boards to move items that are new or of concern, whether from a risk perspective or understanding a new regulation. That practice may be driven by the fact that boards often rely on the audit committee to be a "committee of experts" that can quickly slice and dice to get to the core of new issues and come back with either a plan of attack or some reassurance that things are well in hand.

Another factor is that business changes seem to, immediately or long term, drive new issues toward the audit committee. As companies grow and evolve, they offer new products or new services, enter new geographic regions, or they begin dealing with new suppliers. In addition, the paradigm shifts that all companies are dealing with, for example in the technology space, means boards must examine cyber risk, understand big data, and become familiar with any number of other technology-related issues.

Like many organizations, audit committees in and of themselves are subject to inertia. If you compare what was on their docket five years ago to their agenda today, they may not have made necessary changes to the pace of meetings or the intervals between meetings, or taken a "white board" approach to thinking about how to do things differently or what other resources might be brought to bear on the situation.

Q: What are some red flags that an audit committee may be overtaxed?

A: A number of signs may indicate that an audit committee is struggling to address the scope of its assigned workload in the proper level of detail:
  • Meetings that are consistently rushed, because a committee is still allocating the same hour or 90 minutes to cover double the number of topics that were covered before.

  • Board books that are edited right up to the start of the meeting or sometimes during the meeting. Although that can happen from time to time, it shouldn't happen at all. If there isn't predictability, deadlines and order to the process of updating board books in advance of meetings, that is one indication of being overwhelmed.

  • Too many one-off or sidebar conversations, where some audit committee members are muttering amongst themselves or reaching out to the audit chair to express concerns that issues aren't being handled properly because there isn't enough time during the meeting.

  • A board assessment result that indicates board members aren't confident the audit committee is doing its job properly.

  • Lack of a structured board refreshment process to identify who should be on the audit committee and what skills and knowledge they bring to the table.

  • No time or effort to access expertise outside of the company, either for director education or industry education.
Q: What strategies can the board implement to effectively manage a robust audit committee agenda?

A: Start with a clean perspective. Don't rely on the way the committee has done things in the past: focus instead on what needs to be done, what issues the audit committee should be handling and how they should handle them. Look across that broad landscape to develop strategies to ensure the audit committee is effective.

In my experience, there are several strategies that work well:

Delegate work to other board committees or audit subcommittees.
A good first step is to examine the audit committee "kitchen sink" and talk through whether all agenda items properly belong there. Some items may belong under the purview of another committee, or a subcommittee should be convened to better handle certain topics. Subcommittees are an effective way to compartmentalize issues and have a subset of the audit committee work on problem A, and a different subset of the committee work on issue B.

"Right size" the audit committee meeting schedule.
It's critical to look at the calendar to ensure there are enough official audit committee meetings scheduled to support the audit agenda and any special situations that arise. The committee can also consider scheduling more meetings between the official board meetings, with relevant experts. For example, if there's a technology issue that's arisen and you don't have that expertise on your audit committee—which is a regular occurrence these days—there should be room in the meeting schedule to tap outside resources that can help the committee understand those issues or bring things back online without over-burdening the agenda.

Tap outside expertise to fill in knowledge gaps and triage agenda items.
Many corporate boards view themselves as being time constrained and don't reach out to a wider than normal array of resources (both inside and outside the company) to get a holistic perspective of how the company is doing. Taking the time to gain additional insights helps the audit committee to focus meeting time on the right topics for the right amount of time.

Although there may be ten different issues on the agenda, they should not all receive the same weight or attention. And some of them can drop off for a while, and then come back. For example, there are often issues a board may think are critically important, but once they get outside information on those topics, they realize they have it better covered than they thought. Or, they become aware of other simmering issues. I've had more of the latter experiences, where with the help of outside resources we identified issues that had not fully developed and nipped them in the bud.

Building time into the calendar for regular engagements with experts inside the company, like the CFO, internal audit, the CRO, the CISO, and other folks who have important perspectives frequently proves as helpful as meetings with outside experts like external auditors.

Be flexible on the spot to fully accommodate agenda items.
I once participated in an audit committee meeting that had a crowded agenda and a new audit committee member. That meeting absorbed not just the time that was allocated to the audit committee, but also the time that was allocated to the board meeting immediately following. While it took much more time than expected, after the meeting a few committee members expressed that it was one of the best audit committee meetings that they had participated in. When it's possible, an on-the-spot extension of a meeting time to sufficiently cover a crowded agenda helps ensure committee members are satisfied that critical issues are well in hand.

Q: Is the audit committee the right place for risk management?

A: No, I don't believe that the audit committee is the right place for risk concerns to land, unless they are related to the audit process. While the audit committee can handle certain risk issues, enterprise risk is a subject that everyone on the board needs to engage in and share their perspectives. There are three topics that the entire board owns: dealing with the CEO and compensation issues, strategy, and risk management.

A collective effort should be made by the board to gather information from many resources (inside and outside the company), to engage with accounting firms and law firms, to read about all sorts of governance issues and current events. They should position themselves to understand, at a minimum, as much about the company as the CEO understands. Then board members can lift their heads above the treetops and survey the landscape from that perspective to get a sense of the range of risks, and put their heads together as an entire group (not a subset!) to strategize how to address and mitigate those risks.


Betsy Atkins

Angela Brock-Kyle is founder and CEO of B.O.A.R.D.S., a privately held governance, strategy and risk advisory firm. In addition, Angela sits on public and non-profit boards. She serves as audit chair and member of the nominating and governance committees of Infinity Property and Casualty Corporation (NASDAQ: IPCC); a trustee of Guggenheim's Rydex Funds on the audit, governance and risk and compliance committees; a trustee of the YMCA Retirement Fund on the investment and compensation committees; and formerly served on the audit committee of the United Way. Angela enjoyed a 25-year career with TIAA, where she served as a senior leader in the asset management and risk management organizations.
Publication Date*: 4/20/2017 Identification Number: 1356 Mailto Link
Frequently Asked Questions
Five Key Components for Building and Maintaining an Ethical Workplace Culture
Identification Number
Five Key Components for Building and Maintaining an Ethical Workplace Culture
Publication Date: April 11, 2017

A strong ethical culture is essential to effective compliance risk management. There is no shortage of compliance failures to illustrate how a weak ethical culture can sabotage even the best corporate compliance programs. Almost universally, misconduct took hold in these cases because employees felt pressure to prioritize performance over compliance and, in response to such pressure, figured out how to evade controls meant to ensure compliance.

Given the importance of ethical culture in producing positive outcomes and enabling business goals as well as its profound impact in preventing significant compliance failures, boards and executive management teams should make sure the company’s approach to building and maintaining an ethical culture incorporate these key best practices:

1. Establish clear accountability for ethical culture as a management function

Ethics and compliance functions rely on similar skillsets, leverage similar tools and operationally need to be well-coordinated. While program management for ethics and compliance program elements can be combined, ultimately, an ethical workplace culture is determined primarily by senior executive management, not by an Ethics and Compliance Department.

To ensure that managers understand their accountability for setting the company’s ethical culture:
  • Establish an Ethics Steering Committee comprised of senior business and operations executives along with senior representatives from compliance, Human Resources (HR) and Communications to ensure the ethics program is fully integrated in the business’ operations;

  • Appoint a senior executive as the Ethics Officer (as a part time role) for each geography or business unit to evaluate and reinforce the ethical culture; and

  • Connect ethical conduct to compensation and make it part of each executive’s performance objectives.
2. Evaluate your employee-facing compliance policies so they enable rather than inhibit ethical culture

Overly detailed and technical policies can undercut an ethical culture. This is especially true when responsibility for compliance falls on individual “line” employees and managers. Think of the core messages that are commonly associated with ethical business – “we are a values-based organization” or “we trust our employees to exercise good judgment.” – Now consider a lengthy compliance policy that reads like an excerpt from a federal regulation. The implied message this type of policy can convey may inhibit an ethical culture, and instead, imply counterproductive messages such as – “we are only concerned with bare legal or technical compliance” or “you could try your best but still get something wrong.”

To demonstrate that compliance policies are ethical culture enablers:
  • Create a policy committee comprised of average level employees and managers to review new company policies to make sure they address employee needs with appropriate but not hyper-technical detail;

  • Post employee compliance policies on their own intranet site supported by strong search functions; and

  • Use reading level software on all policies – targeting readability at below the average education level of your employees as many are likely not familiar with the topic.
3. Include ethical behaviors in promotion criteria

When employees perceive that ethical behavior helps them climb the corporate ladder, it reinforces the emphasis that the organization places on building and maintaining an ethical culture. Many companies require some form of risk screening for employees under consideration for promotion to senior level positions. In some instances, this involves reviewing HR files to make sure there have not been any disciplinary actions or significant policy violations; in others, it can involve credit, litigation or public records review to make sure that the individual does not pose risks to the organization before ascending into a position of greater trust and influence. Keep in mind, however, that a lack of unethical conduct is not the same as affirmatively demonstrating ethical behavior.

To help ensure that your promotion process reinforces the importance of an ethical workplace culture:
  • Incorporate specific ethical behaviors into performance and promotion expectations, such as keeping promises and commitments, upholding values while under pressure and demonstrating honesty and transparency;

  • Require a manager to document instances of employee integrity before a promotion to a senior level position; and

  • Conduct 360 degree reviews of high potential staff prior to promotion.
4. Ensure executives and managers have the skills to build and maintain an ethical culture

It can be tempting to confuse personal ethics with ethical leadership – to believe that because someone is an ethical individual with personal integrity that he/she will naturally become an ethical leader. To be sure, ethical leadership starts with personal integrity. But it also means understanding team dynamics, motivations and pressures and how those may influence employee perceptions and behaviors. Lastly, and perhaps the most intimidating to many managers, ethical leadership involves speaking confidently and effectively about the company’s values and “ethical narrative.”

To help ensure that your managers are ready to be ethical leaders:
  • Explicitly incorporate ethical leadership into general leadership development courses, helping new managers understand that ethical leadership is just a key dimension of good leadership;

  • Require managers to share a personal message about their values or a story about an ethical dilemma they have faced; and

  • Provide managers with prepared discussion frameworks to help with discussions about ethical issues with their staff.
5. Prepare managers to identify and respond to employee ethics and compliance concerns

As with most workplace concerns, employees are most likely to raise ethics and compliance concerns with their managers – in most studies, reporting to management is favored by large margins over going to HR, the law department or the hotline. It is therefore all the more important to train managers to recognize signals from their employees. An employee’s offhand “comments” at the end of a meeting might be viewed by an untrained manager as just office banter, but for the employee, who was likely mulling over this issue for days and the potential risks and rewards of coming forward, he or she just raised the issue to management and expects some sort of response. In addition to missing the opportunity to address an issue early-on, if the manager misses these signals repeatedly over time, the team’s ethical climate can begin to erode as issues are not addressed and bad behavior becomes enculturated.

To help ensure that your managers can identify and respond to issues effectively:
  • Make identification and responding to employee ethics and compliance reports part of your annual training program for managers;

  • Provide managers toolkits on how to respond to employee concerns, including what to say and who to contact based on the issue involved; and

  • Reinforce the importance of engaging company resources quickly rather than trying to solve the problem themselves.
The author, Michael Kallens, is an Associate General Counsel in Nasdaq’s Office of General Counsel and is a senior member of Nasdaq’s Global Ethics and Compliance Team. Michael has led industry working groups on developing best practices for corporate ethics programs and is a frequent speaker on ethics and compliance topics. In 2014, he received the Outstanding In-House Counsel Award from the Association of Corporate Counsel-National Capital Region for his work in the area of corporate ethics and compliance.
Publication Date*: 4/11/2017 Identification Number: 1349 Mailto Link
Frequently Asked Questions
Women in Fortune 500 Board Rooms
Identification Number
Women in Fortune 500 Board Rooms
Publication Date: April 10, 2017

Women represent roughly 20% of board members in Fortune 500 companies, compared to just 11.2 percent in the late 1990’s. While this increase has been positive, a recent Bloomberg article asked what kind of roles and responsibilities women are now getting on board committees? The article suggests several possibilities for why women have been underrepresented as chairs of major committees, including that certain committees with a high percentage of woman chairs may become more important over time and women may chair committees that focus on areas where their skill sets better fit. The article notes that in major decision-making committees, diversity of knowledge, skill, and demographics may translate into more favorable outcomes. While it is unclear exactly why women are still underrepresented in board rooms, the article reminds readers that less diverse firms have been noted to have more governance-related controversies.

Read more from Bloomberg >>
Publication Date*: 4/10/2017 Identification Number: 1350 Mailto Link
Frequently Asked Questions
Seven Critical Elements of a Board Refreshment Plan
Identification Number
Seven Critical Elements of a Board Refreshment Plan
Publication Date: April 3, 2017

We asked Betsy Atkins, veteran of 23 boards and 13 IPOs, to share her perspective on the art and science of board refreshment. In addition to her board service, Ms. Atkins is also well known for making very early stage investments in Yahoo and eBay through her venture capital firm Baja Corp. Following is her sage advice on structuring an effective board refreshment cycle.

1) View the corporate board as a strategic asset, not just a fiduciary.

The first step to an effective board refreshment plan is understanding why refreshment is so important. Historically, the function of boards was to act as a financial fiduciary and steward for shareholders. However, for the past decade or so, the role of boards has been evolving as boards are being held for “futureproofing” against threats, and ensuring the competitive relevance of the company.

Just as a company’s leadership team is forward-hired based on long-term strategy, the board is now equivalently an asset to be reviewed for critical expertise and experience, and refreshed as needed. Unfortunately, it’s still not common for a board to have a holistic view of board composition as a strategic asset, and many corporate boards still view themselves as fiduciaries.

2) Take a proactive versus reactive approach.

It’s never been more important to address the topic of refreshment internally- if the board doesn’t proactively think about it, somebody outside the organization is going to raise it. Index funds that were traditionally passive are now beginning to push for diversity, governance refreshment and renewal, and are raising questions on term limits and age limits.

A board should have an annual governance committee calendar with explicit agenda items, just as it does for compensation committees and audit committees. A typical governance committee refreshment calendar might run as follows:
  • Q1: Review board composition, long-term succession planning and rotation schedules.

  • Q2: Map board skill sets to the corporation’s long-term strategic plan.

  • Q3: Review the board skills matrix to identify gaps.

  • Q4: Outline a plan for executing graceful rotations and engaging search firms to assist in filling gaps.
A standardized annual process for board refreshment establishes expectations on term limits from the beginning, ensures recruitment of new members is not a shotgun affair, and takes the personal element out of rotating members off the board. Board refreshment becomes a pure, professional process for identifying and filling needed skill sets.

3) Annually map board skill sets against the company’s long-term strategic plan.

In the absence of a detailed vision of board composition, it’s human nature to place a premium on good working relationships. Therefore, it’s very important when taking a strategic approach to board refreshment to identify whether the board’s skill sets align with the company’s long-term strategic needs.

A board needs to look closely at its company’s long-term strategy, map that against the skills around the table, identify potential gaps, and create a matrix. The skills matrix is not a one-and-done task-it’s a living document, updated every year against the company’s strategy. For example, the board of a bricks-and-mortar retailer planning to establish an ecommerce channel might determine it needs a board member with ecommerce, web advertising and data analytics expertise.

4) Do not let search firms drive the recruitment process.

Too often a board’s decision to replace a member is triggered by a retirement, an activist, or an institutional shareholder. The result of a passive refreshment process is that search firms wind up driving recruitment by default. A far better practice is for the governance committee to lead the board through it as part of the natural refreshment cycle. That way, the board gets the critical skills it needs and new members understand from the beginning that it’s not a lifetime appointment.

When refreshment is driven by a standardized process based on maintaining competitive skill sets, the board isn’t caught back on its heels if a board member is suddenly incapacitated or an activist rattles the doors. It’s also easier to tell a colleague that it’s time to surrender their board seat to somebody who has more critically relevant experience.

5) Set guidelines for retirement or term limits.

Retirement ages are extending, because people are staying active longer and working longer. Age limit guidelines are an effective way to trigger graceful rotations and maintain director independence. The term is guideline—not mandate—because it’s important to retain the ability to waive the age limit as part of governance. For example, at Berkshire Hathaway they’ll likely waive any age limit as long as Warren Buffet is sharp.

Europe is leading the way in board term limits; some European countries have already mandated 10-year terms. Institutional shareholders in the U.S. are taking note and beginning to discuss term limits as a method to maintaining director independence. Term limits also keep a board’s skill set fresh—but again, the governance committee has to retain the ability, by exception, to waive it. Microsoft isn’t going to ask Bill Gates to step down anytime soon.

6) Don’t get too comfortable with board colleagues.

It’s only human that people who serve together on a board will over time become friends, just as coworkers often do. So it becomes awkward to tell a long-time board colleague that they aren’t the right person going forward. To make it more difficult, boards lack the hierarchy of a private corporation. Instead they are led by a group of peers, with a lead director or a chairman who should together with the governance/nominating chair own the board makeup and refreshment topic.

Executing a proactive approach to refreshment eliminates the awkwardness of asking long-time colleagues to leave a board, because transitioning board members off becomes part of a natural, smooth cycle. The expectation is set from the beginning that board appointments are not for life.

7) Measure boardroom diversity using a holistic set of benchmarks.

Diversity shouldn’t be measured strictly by gender. What boardrooms need is diversity of perspective: gender diversity, ethnic diversity, international diversity, entrepreneurial diversity, and don’t forget technical diversity as technology is the biggest disrupter of virtually every business.

Betsy Atkins serves as President and Chief Executive Officer at Baja Corp, a venture capital firm. She is currently Lead Director and Governance Chair at HD Supply. She is also on the board of directors of Schneider Electric, Cognizant and Volvo Car Corporation. She also served on the board of directors at Nasdaq LLC and as Clear Standards CEO and Chairman. She is also on the SAP Advisory Board, among many others.

A self-proclaimed “veteran of board battle scars,” Ms. Atkins will be collaborating with Nasdaq to produce a series of corporate governance “nuts and bolts” articles. Stay tuned for an upcoming interview with her about the importance of executive sessions as a risk mitigation strategy.

Do you have a question about corporate governance for Betsy Atkins? If so, please send your question to and we may address it in a future post.
Publication Date*: 4/3/2017 Identification Number: 1347 Mailto Link
Frequently Asked Questions
Top Cybersecurity Concerns for Every Board of Directors: Technology
Identification Number
Top Cybersecurity Concerns for Every Board of Directors: Technology
Publication Date: March 29, 2017

This is the third of a four-part series of white papers authored by Cybersecurity expert John Reed Stark. This series -- published for the first time on Nasdaq’s Governance Clearinghouse --outlines a strategic framework for boards of directors to effectively analyze and supervise corporate cybersecurity risks.

The technical systems in place at any company provide the foundation for cybersecurity infrastructure and should be one of the primary focuses of any board of directors. Top Cybersecurity Concerns for Every Board of Directors: Technology outlines the various technological system classifications involved in an effective cybersecurity program.

The data points covered in the attached white paper are organized into broad categories helpful for shaping analysis and scrutiny and include:
  • Evaluating logging capabilities
  • Vetting penetration tests and testing consultants
  • Adopting data loss protection (DLP) systems
  • Patching and updating software
  • Installing endpoint detection and response (EDL) tools
  • Assessing physical security of facilities
This four-part series of white papers covers the following cybersecurity topics:

Part 1, Cybersecurity Governance: critical components related to the governance practices, policies and procedures of a strong cybersecurity program.

Part II, People: cybersecurity recruitment, training and retention as well as hiring outside firms for digital forensics and data breach response.

Part III, Technology: the technical systems that provide the foundation for cybersecurity infrastructure.

Part IV, Data Mapping and Encryption (Coming in May): the board’s oversight responsibilities with respect to two of the largest enterprise undertakings in the field of cybersecurity: encryption and data mapping.

By using these white papers as a guide, boards of directors can become not only more preemptive in evaluating cybersecurity risk exposure but they can also successfully elevate cybersecurity from an ancillary IT concern to a core enterprise-wide risk management item.

Read John Reed Stark's Latest White Paper on Cybersecurity Technology >>

John Reed Stark is President of John Reed Stark Consulting LLC, a data breach response and digital compliance firm. Formerly, Mr. Stark served for almost 20 years in the Enforcement Division of the U.S. Securities and Exchange Commission, the last 11 of which as Chief of its Office of Internet Enforcement. He also worked for 15 years as an Adjunct Professor of Law at the Georgetown University Law Center, where he taught several courses on the juxtaposition of law, technology and crime, and for five years as managing director of a global data breach response firm, including three years heading its Washington, D.C. office. Mr. Stark is the author of, "The Cybersecurity Due Diligence Handbook," available as an eBook on Amazon, iBooks and other booksellers.
Publication Date*: 3/29/2017 Identification Number: 1345 Mailto Link
Frequently Asked Questions
Defining Nominating and Governance Committee Roles
Identification Number
Defining Nominating and Governance Committee Roles
Publication Date: March 22, 2017

Proactive and engaged nominating and governance committees are crucial in ensuring board effectiveness, according to a new E&Y Center for Board Matters study. The study analyzed various committee guidelines and practices from Fortune 100 companies to help define what is expected from these committees in their leadership role. The nominating and governance committees oversees stakeholder communications and plays a large role in regulating corporate governance through performance evaluations, director education, and risk management, in addition to director candidate selection and education.

Read more from E&Y >>
Publication Date*: 3/22/2017 Identification Number: 1342 Mailto Link
Frequently Asked Questions
BDO's 2017 Meeting Alert: Preparing for Your Company's Annual Meeting
Identification Number
BDO's 2017 Meeting Alert: Preparing for Your Company's Annual Meeting
Publication Date: March 20, 2017

Nasdaq talks to Amy Rojik, a Partner with BDO USA, LLP’s Center for Corporate Governance and Financial Reporting, about their 2017 Shareholder Meeting Alert and how corporate governance topics have changed in the wake of the 2016 election.

Q: What are some of the topics that corporate management and boards may want to be prepared to address in connection with their 2017 annual meetings?

A: This season, there is no shortage of topics to be considered. We have compiled several along common themes pertaining to: growing anticipation for promised deregulation, trade and tax reform under the new administration; readiness to execute on significant accounting standard changes that go beyond financial reporting and will impact systems and operational considerations for companies; transparency of communications and disclosures related to cyber-breach and cyber-readiness; use of non-GAAP metrics; and responses to whistle-blowing and ethics compliance along with conduct of shareholder meetings themselves. Global economic and M&A concerns continue to confound many companies with international operations and global customer bases as well as the scrutiny of director time, expertise and diversity relative to the boards they serve.

Q: How has this list changed since 2016’s proxy season?

A: The most notable changes stem from the 2016 election results and how the new administration is positioning itself in gaining congressional approval for its deregulation and reform goals. These changes are intended to ease the burden for corporations, particularly smaller organizations, in terms of compliance, tax measures, and trade arrangements to promote U.S. businesses on a global stage. While there is great anticipation about this agenda and much focus on recent Executive Orders, there remains a significant amount of work to be done that will require full collaboration with Congress to not only appoint and get new regime leaders in position, but to provide detailed plans of action that Congress can consider and approve.

Some of the areas addressed in the prior year have changed a bit in scope for 2017. Last year, the issue of “overboarding” was very prominent as proxy advisor firms had unveiled plans to oppose non-executive directors serving on more than five boards. This year, the overall composition of the board is under examination. The ever-growing subject matter that the modern board must address highlights the need for those charged with governance to demonstrate diverse thinking, a wide breadth of knowledge, and the ability to execute oversight responsibilities given the time requirements such duties demand.

Growing uncertainty around the implementation of previously planned executive compensation disclosures, internal controls under Sarbanes-Oxley and other proposed regulations are now in question under the Trump administration that will require boards to stay abreast of regulatory developments.

Cybersecurity, M&A and global economic concerns remain - and will continue as hot-button corporate governance issues in 2017.

Political contribution concerns, leveraging data, succession planning, and proxy access are not as prominent on this year’s agenda, but they remain relevant concerns that boards should be prepared to address should they be raised by shareholders.

Q: What are the strongest influencers driving shareholder concerns (e.g., the new administration, global economic challenges, geo-political unrest)?

A: Yes, yes, and yes - and at the pinnacle is transparency of communications related to these concerns. The U.S. is under a sizeable microscope given events in recent months that impact not only domestic concerns but also global markets as the U.S. rolls out new policies, regulations and diplomatic strategies designed to protect U.S. interests and spur growth for our corporations. While there is currently much talk and speculation, the devil will be in the details as rulemaking and policy begin to crystalize. Shareholders will want to hear that the company is remaining vigilant during the shifting landscape in the current political environment, and that it has plans in place for a number of alternative outcomes. Companies will need to be knowledgeable and transparent on how changes may impact them from a variety of angles including taking stock of tax planning strategies at the state, federal and international levels. Businesses also need to consider where their global operations may be in terms of favorable importer/exporter trade practices should the sentiment of “American protectionism” continue to rise.

Companies hoping that cyber breach stories will just go away are deluding themselves as cyber-attacks are becoming more sophisticated. The impacts of these events can be so profound that organizations are strongly advised to be thinking through worst-case scenarios that look beyond their own operations to further include consideration of the potential exposure their third-party business partners may present. Boards should be analyzing the company’s resources as well as the resources directly accessible by the board. They should also be discussing the value in performing cyber risk assessments and having such measures validated by independent advisors to determine the efficiency and effectiveness of the organization’s cyber risk management system.

Continuing with the transparency theme:
  • Disclosure is critical for companies across a variety of other fronts. Scrutiny by the SEC of non-GAAP measures used by public companies continues to be front and center in terms of why such metrics are necessary and how they are disclosed. Moreover, unprecedented accounting changes being brought about by new revenue, leasing, and financial instrument standards are requiring significant effort and receiving considerable attention by regulators - particularly regarding how companies have assessed the impact of implementation and how they are portraying that to the markets within annual and interim required disclosures under SEC SAB 74.
  • Corporate growth through M&A activity is not new, but recent failed transactions highlight the need for boards to have sound due diligence and integration policies in place to ensure successful bids.
  • Finally, last year’s highly publicized Wells Fargo scandal has put whistle-blowing programs – or their failure – in the spotlight. Management and boards of directors must be able to ensure that strong compliance, controls, and ethics messaging and training exist within corporations.
The concept of holding virtual or on-line shareholder meetings (versus hosting in-person events) is another newer area that is getting some attention – both positive and negative. Companies pursuing this new means of interactive communication must be able to clearly communicate the benefits – cost savings and greater participation - while proactively addressing any negative perceptions – selective engagement - associated with the new technology.

Q: Your paper states that engagement is a two-way street, with investors holding up their end of the bargain. Do you think the investors are ready for it?

A: Most major investors—especially BlackRock, State Street and Vanguard—have equipped themselves for engagement, and most are committed to strengthening their engagement capability. Engagement is strongly supported by FCLT Global (not-for-profit organization dedicated to developing practical tools and approaches that encourage long-term behaviors in business and investment decision-making) and all of the major investor associations.

Q: Can you point to some additional pieces of thought leadership and/or learning opportunities to help companies prepare?

A: BDO’s Center for Corporate Governance and Financial Reporting contains a variety of resources, including the BDO 2017 Shareholder Meeting Alert. Within the alert itself, we point directly to additional thought leadership and educational programming germane to specific topics of interest and encourage our readers to explore such resources according to their interests.

 BDO USA, LLP is a professional services firm providing assurance, tax, advisory and consulting services to a wide range of publicly traded and privately help companies. Amy Rojik is Partner, National Assurance and has been with BDO for 13 years.
Publication Date*: 3/20/2017 Identification Number: 1340 Mailto Link