referencelibrarybanner
Listing ETP Banner
Reference Library - Advanced Search
Find
 


Library 



 
Timeframe
Category
 
Sub-Category
** To make multiple selections, select the first criterion and then press and hold the Ctrl Key **
 
1- 50 of 66 Search Results for:
Libraries:   Governance Clearinghouse
Filters:   All Years; Issues and Trends;
 
Search   Clear


Collapse All
Printer Friendly View
Mailto Link 
Page: 1 of 2
Frequently Asked Questions
  5 Barriers to Gender Parity in the Boardroom
Identification Number 1493
Clearhouse
5 Barriers to Gender Parity in the Boardroom
Publication Date: February 14, 2018

Despite calls to action from a swelling number of advocacy groups and the investment community, women remain drastically underrepresented in the boardrooms of Corporate America.

A Business Journals study published last month found that men outnumbered women by a six-to-one ratio in the boardrooms of the 3,000 publicly traded companies included in the study. That ratio increases significantly for companies with market caps under $1 billion.

In honor of International Women's Day in March, Nasdaq's Governance Clearinghouse is publishing a series of articles that will explore practical solutions to closing the gender gap in public company boardrooms. To kick off this series, we've invited Coco Brown of The Athena Alliance to share her perspective on the top barriers women face when breaking through the boardroom ceiling.

We want our readers to join this important conversation: What ideas or approaches do you believe would improve gender diversity in the boardroom? Send your ideas to governancenews@nasdaq.com no later than February 28th. We will compile the most compelling ideas and publish them on International Women's Day in March.

The Athena Alliance has a unique boots-on-the-ground role in moving the needle towards gender parity in the boardroom. Because we serve on the front lines of this initiative, we have a close-up perspective of the obstacles women face as they seek seats at the table. A lack of motivation and absence of a cohesive effort on the part of corporate America are still formidable obstacles to resolving this issue, but some of the barriers women face are self-inflicted—and it's important to shed light on that side of the equation as well.

Here are the five key barriers that we believe are obstructing progress towards gender parity in the boardroom:

1. Traditional board configurations severely limit the pool of qualified female candidates.

This issue is resolving itself organically, but slowly. As the fiduciary mandate of boards has expanded to include oversight of forward-looking risks and opportunities, boards are beginning to view themselves through an investor lens to self-assess for collusion, insular thinking, and lack of relevant skillsets. A traditional board configuration of sitting and former CEOs and CFOs can leave a board with critical skill gaps.

There are relatively few female CEOs to choose from when recruiting board members, which has contributed to the perception that the female executive talent pool is shallow. However, as boards begin to cast wider nets in search of relevant, modern skillsets, they open up seats to a deep well of qualified female candidates. There are many women with tested leadership experience in disciplines that modern boards need, such as engineering, digital technology, cyber risk management, supply chain management, operations, marketing, organizational structure and people.

2. There is no champion galvanizing the majority to resolve this issue.

As boards seek to broaden their skillsets, they could potentially accelerate progress towards gender parity by creating new opportunities for women to make meaningful contributions in the boardroom. While promising, this trend alone is not enough—women must have genuine access to these opportunities at a proportional rate to men, and men have to want to bring them in.

It's very difficult to create balance from imbalance without buy-in and intentional action from the majority in power. Men occupy 80-100% of decision-making seats on the average board, and therefore are in the best position to move the needle. Yet many men do not see a problem with gender imbalance, and/or do not believe there are enough qualified women to fill board seats.

Boardrooms began to diversify rapidly in the U.K. when Lord Davies championed the cause. An iconic male business leader in the U.S., who has the clout and charisma to coalesce efforts of the investment community and advocacy groups, could build powerful momentum towards moving the needle.

3. Boards aren't accessing diverse networks in their recruitment process.

Most boards rely heavily on their own networks to fill a candidate slate, just as professionals leverage their networks to find new job opportunities for themselves or fill jobs within their own organizations. The average profile of a board director is a 63-year-old white male. 60-year-old white men are mostly surrounded by other 60-year-old white men (and younger men who remind them of themselves). Women do this too, and so do people of different ethnicities and backgrounds. The problem isn't the method—it's access to diversity.

Progress hinges on opening up and expanding isolated and insular professional networks. In the absence of an iconic male business leader who can galvanize a movement to increase diversity in the boardroom, we need to create an organic groundswell by exposing influential men to networks of board-ready women.

While there are a growing number of databases cataloguing executive "board ready" women, these are not going to move the needle appreciably. Databases are essentially a collection of digital resumes. I personally have not obtained a job through a resume since I was 23 (and I'm not sure I did even then). It's all about networks. To be useful, static databases should be brought to life through face-to-face interactions.

Zack Rosen, CEO of Pantheon, recently attended an Athena Alliance event, one of only seven men who showed up out of 100 male executives invited. Zack emailed me the next day, stating that our event was "hands-down the best event I have attended all year." Why? Because although he showed up to show solidarity with our organization, he wound up leaving with unexpectedly valuable business contacts. "I never make that number of high-impact connections at one event. All of the women I interacted with were rare talents," Zack shared.

Zack was introduced to me through one of his investors, OpenView Venture Partners. Their senior managing partner, Scott Maxwell, also saw this sort of power in the Athena Alliance community and sent three CEOs from other companies in OpenView's portfolio to Athena's Seattle launch, who were in turn equally impressed and pleasantly surprised by how easy it can be to diversify their own top tier network in meaningful ways when motivated to move beyond the usual events and circles. These grassroots "guy-talking-to-the-guys" testimonials are an authentic and very effective means of bringing talented women into powerful male networks.

4. Women aren't always visible, or aren't visible in the right ways.

Women professionals limit their visibility in two ways: spending too much time in circles of women, and failing to realize their own worth.

Working women have long relied on the support of women's conferences, women's affinity groups, and women's business groups. By gravitating to gender-specific organizations, women are guilty of exactly what we accuse men of doing—limiting our networks to people who are like us. Women should instead build networks that include and leverage powerful men.

A side effect of underrepresented groups is too few role models. When women perceive that only the Sheryl Sandbergs and Meg Whitmans are qualified for board service, they incorrectly assume that they aren't yet at the right stratosphere to make themselves visible. It always shocks me (yet it happens often) when we invite a highly-qualified woman to join Athena Alliance and discover she has no idea she is of value to a corporate board.

Women who do land on a slate of candidates need to elevate their representation of what they bring to the boardroom. When we coach Athena Alliance members for board interviews, we instruct them to take off their business operator hats and instead think holistically about their careers, experiences, and touch points to industry. We ask them to consider what they can bring from that perspective to boardroom conversations about global business risks and opportunities, emerging threats, and disruptive technology developments. If a candidate focuses too much of her interview on how she executes her day-to-day operating role, the board may underestimate her ability to function at a higher stewardship level.

5. Women aren't always qualified in the right ways.

As women take a long view of the career roles and experiences that will enhance their value to public company boards, they need to understand that boards always use open seats to think about going from "here" to "there." Boards recruit candidates who are where they are heading, not where they are or where they've been. They also seek candidates with a strong degree of currency and connection to the markets and industries their companies operate in.

Given that parameter, there are several factors that can eliminate a woman for board service:
  • She has been out of the C-suite for five or more years, so is perceived as lacking current relevance and an innovative edge.

  • She has been a consultant for more than five years (unless she is a partner at a large leading global consultancy or is broadly recognized as an authority in her discipline).

  • She has served as a top executive for only smaller cap companies that generate less than $300M in revenue.

That said, there are many women who are not on the SEC filings of public companies who should be considered qualified for board service. These women represent the top 10% of their company's leadership and have had certain professional experiences that make them valuable in the boardroom, including:

  • She has significantly scaled a company in size, serving as part of an early or founding executive team that took a company public or through a significant acquisition.

  • She is part of a senior leadership team that grew a company from a small-cap to a mid- or large-cap.

  • She holds a large domain of responsibility, serving as CxO or VP of a large function or business line within a company of significant size and stature.

  • She holds a high-demand leadership role, such as CMO, CTO, Chief Product Officer, COO, or CIO in a company of $300M in revenue or greater in size.

It also helps to have served on notable non-profit boards, as they are governed like public company boards and are a great proving ground for board leadership.

Please join this important solution-oriented conversation and share your perspective on how to close the boardroom gender gap. Send your ideas to governancenews@nasdaq.com no later than February 28th. We will compile the most compelling ideas and publish them on International Women's Day in March.

***

Coco Brown is founder and CEO of The Athena Alliance, an organization dedicated to advancing diversity in the boardroom by preparing executive women for board service and facilitating board matches. Before founding the Athena Alliance, Brown served as the president and chief operating officer of Taos, an information technology consulting and services company based in San Jose, California.


The views and opinions expressed herein are the views and opinions of the author at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular company, industry or security mentioned herein and nothing contained herein should be construed as legal or investment advice.

Publication Date*: 2/14/2018 Mailto Link Identification Number: 1493
Frequently Asked Questions
  Planning for Proxy Season: It's Time to Consider an Interactive Proxy
Identification Number 1491
Clearhouse
Planning for Proxy Season: It's Time to Consider an Interactive Proxy
Publication Date: January 30, 2018

To help companies prepare for the 2018 proxy season, Nasdaq's Governance Clearinghouse will post a series of articles over the coming months that feature new developments in technology, upcoming regulatory changes, and tips for enhancing your company's proxy presentation and readability.

Interactive proxies range in format from static PDFs with enhanced page navigation to sophisticated, multi-media documents that enhance the reader's overall experience. While only a small percentage of Nasdaq companies had some type of an interactive proxy in 2017, including East West Bancorp, Inc. (Nasdaq: EWBC), eBay Inc. (Nasdaq: EBAY), Intel Corporation (Nasdaq: INTC), Microsoft Corporation (Nasdaq: MSFT), and Nasdaq, Inc. (Nasdaq: NDAQ), we believe more companies will consider taking this step in the upcoming proxy season. There are a number of providers that offer a range of interactive proxy design and hosting services, including EzOnlineDocuments, ISS Corporate Solutions, and Mediant, with prices ranging from $3,000 up to around $20,000 depending on the provider and services selected.

In the first post of this series, Roy Saliba, Head of Product at ISS Corporate Solutions, highlights some of the reasons your company might consider adopting an interactive format as well as the nuts and bolts of creating an interactive proxy.

The Big Four: Advantages of an Interactive Proxy

1.   Increased shareholder participation in the proxy voting process

While an interactive proxy by itself will not compel a shareholder to vote their shares, it is another step that companies can take towards getting their shareholders more interested in reviewing the information in the proxy statement.

For investors, interactive proxies effectively break up an overwhelming proxy document into a better organized website with palatable sections to help foster a better understanding of overall content and key messages. Intuitive navigation, standardized presentation of data and content, and an overall better experience in digesting complex information help to engage shareholders in the voting process.

One of the key benefits for institutional investors is the integration of the ISS Corporate Solutions interactive proxy into ISS ProxyExchange, a platform used by institutional investors when making their proxy voting decisions. In an independent survey, institutional investors responded that proxy advisors' voting platforms are the primary source used to review a company's SEC filings and proxy materials, so having links to companies' interactive proxies embedded in the voting pathway allows for greater visibility for institutional investors.

2.   Insight into how investors and shareholders digest proxy content

Interactive proxy platforms embed analytics that can be leveraged to identify the sections of the proxy that are most often viewed, offering valuable insight into the key issues that shareholders are interested in or concerned about. This data enables companies to place greater emphasis on those areas in subsequent proxies and/or leverage those topics during shareholder engagement.

The ISS Corporate Solutions (ICS) interactive proxy solution currently allows companies access to a variety of analytics including:
  • geographical location of visitors
  • new versus returning users
  • type of device used (mobile/tablet/personal computer)
  • length of time visitors accessed the site
  • the specific pages viewed
  • the number of different pages viewed

3.   Increased shareholder engagement

The ICS interactive proxies were initially designed and developed in coordination with a group of institutional investors who were looking for an easier way to review proxy statements, particularly during peak proxy season. This group wanted a standardized format of searchable content to simplify the process of finding key information (versus scrolling through cumbersome PDFs or a single webpage on the SEC site). A key initial request was to streamline the overall navigation flow of the site so that readers could easily and intuitively locate content in the same manner for a large number of portfolio companies.

Retail and institutional investors alike have expressed a preference to reading proxy statements online (versus print), yet even those proxies available online in PDF format are designed for print and have not been optimized for an online experience. An interactive proxy offers companies an opportunity to tell their story in a modern and clean way on a digital platform that has been optimized to be scalable, mobile-friendly and interactive.

An interactive proxy is a strong statement by a company that it is focused on delivering the corporate governance story in the best possible way. Many companies come to think of their enhanced proxies as important Investor Relations and Public Relations assets.

4.   Integration of corporate branding

Interactive proxies allow companies to tell their governance stories using the most sophisticated technologies available today by transforming compliance documents into engaging and well-designed digital assets. The proxy statement is a key communications tool with a captive audience, but that opportunity is squandered if the information in it cannot easily be accessed or digested.

More and more companies are discovering the value of leveraging proxies to highlight key messages of their corporate governance stories. Brands are a powerful visual element of a corporation's identity, and the ability to integrate corporate colors and logos into an interactive proxy transforms it from only a compliance document into a communications asset as well.

Nuts and Bolts: Understanding the Process for Creating an Interactive Proxy

At ISS Corporate Solutions, we typically break up the process into two phases: customizing our proxy template platform for the client and populating it with their proxy content.

During the initial phase, we build out the template for a client company and customize it to match their corporate brand and identify with colors, logos, etc. This phase of the process typically takes about a week, and runs in parallel with the client creating the content of their print proxy. The second phase of populating the customized template with the actual proxy content typically takes between three to five business days, depending on how heavily stylized the print proxy is. This phase usually starts when the finalized proxy statement is sent to the printer.

ISS Corporate Solutions' interactive proxies are hosted on a separate site, so there are no specific requirements for a company's own website. However, we strongly encourage companies to add easily identifiable links to their interactive proxies on their IR sites, as companies that promote the interactive proxy on their investor relations pages and overall corporate websites see higher web traffic and increased engagement.

As companies see an increasing number of their peers adopting interactive proxies, and they become more widely used in the institutional community, we'll see continued growth in this space.

***

ISS Corporate Solutions (ICS) is a wholly owned subsidiary of Institutional Shareholder Services Inc. (ISS). ISS Corporate Solutions provides expertise in executive compensation, governance ratings, capital structure, sustainability, voting trends, and corporate governance research.

Publication Date*: 1/30/2018 Mailto Link Identification Number: 1491
Frequently Asked Questions
  10 Questions Your Company's Board Should Answer in 2018
Identification Number 1486
Clearhouse
10 Questions Your Company's Board Should Answer in 2018
Publication Date: January 16, 2018

Betsy Atkins encourages companies to kick off 2018 by proactively addressing the corporate governance hot-button issues of 2018—before their investors do.

Shareholders and institutional investors are holding companies accountable to an increasingly complex slate of stewardship principles.  How can a company prepare for the corporate governance challenges in the year ahead? We asked Betsy Atkins, veteran of 23 public company boards, how companies should begin to answer that question.  Betsy's answer: focus on the answers to these 10 questions.


Clearhouse
1. Is our company vulnerable to an activist attack or takeover?

How do you get an impartial, inside-out view of how an activist sees your company? Engage an investment bank that your company does business with to scan for weaknesses that attract activist attention. Large investment banks have practices on activist readiness and a vested interest in ensuring your company is defended.

Read More: The Rise of the Investor-Centric Activism Defense Strategy >>

Clearhouse
2. Is the board's committee structure optimized to leverage digital transformation?

All companies are tech companies today. Ensure your company remains contemporary and embraces digital transformation by adding a tech committee to the board. Focus this committee on the future. To ensure business model vibrancy, boards need to stay on top of tech trends and new business models, and actively consider integration of them into their companies' strategies.

If adding a tech committee to your board (as many companies are doing) isn't feasible, assign that focus to an underutilized committee. Your governance committee can review workloads across committees to determine the board's best approach for identifying and monitoring emerging opportunities and risks.

Read More from Betsy Atkins: Five Ways to Digitize Your Board >>

Clearhouse
3. Do we have a plan to accelerate board refreshment and diversity?

Costly corporate scandals continue to be linked to passive and/or weak boards with little to no diversity, which means investors and regulators will continue to beat the board refreshment drum loudly in 2018. During the 2017 proxy season, State Street Global Advisors voted against the reelection of directors at 400 companies when those companies failed to take adequate steps to add women to their boards.

From a boardroom perspective, the definition of "diversity" has eclipsed gender to also encompass age, race, global perspective, evolving skillsets, and most importantly diversity of thought.

Companies are wise to get ahead of this issue before it becomes a proxy battle or a regulatory mandate. Investors and regulators alike are pursuing campaigns to increase transparency and accountability around diversity in the boardroom. The Boardroom Accountability Project 2.0 initiative, jointly sponsored by NYC Comptroller Stringer and New York City Pension Funds, is a perfect example.

Read More about the Boardroom Accountability Project 2.0 >>

Clearhouse
4. Are we taking ESG issues into account?

ESG issues, historically thought of as a special interest for a minority subset of activist shareholders, are going mainstream. Advocacy for ESG agenda topics began in the EU and has now transitioned to passive investment firms here in the U.S. This is no longer a "gadfly" issue and while ESG reporting will impact some industries more than others, in 2018 companies should expect it to be a standard proxy concern for major shareholder groups.

Read More from the CFA Institute: 2017 ESG Survey Results >>

Clearhouse
5. Are we prepared to handle a real-time crisis?

A solid crisis preparedness plan is key to mitigating the impact of internal issues or external events when (or preferably before) they escalate to crisis level, especially in the age of social media where a hiccup can become a firestorm. Yet there are numerous recent examples of companies that did not execute crisis management well, and experienced catastrophic damage to their corporate brands as a result.

Start by analyzing your company's top ten enterprise risks, and ensure there is a detailed action plan in place for each of them. It's also important to set up relationships now with reputable and experienced public relations and social media firms to handle communications in the event of a crisis.

Read More: 8 Crisis Management Mistakes to Avoid >>

Clearhouse
6. Do we have a cyber security plan and data breach policy in place?

Adopting cyber security plans and data breach policies continues to be a top priority in 2018. Boards should confirm that corporate oversight of cyber risk and data security is robust, and includes the following:

  • regular external penetration testing as part of ERM and compliance;
  • a plan for dealing with a ransomware attack, including establishing a validated Bitcoin account;
  • anti-phishing training for employees;
  • established relationships with forensic cyber experts, law enforcement, and a third-party cyber mitigation company;
  • an annual review of cyber insurance policies; and
  • a data breach policy with crisis plan in place.


Read More from Betsy Atkins: Ransomware Defense for Boards >>

Clearhouse
7. Do we have a robust slate of future leaders?

Given that average CEO tenure in corporate America is below five years, proactive succession planning and a deep leadership bench have never been more important. Long-term CEO succession planning and leadership development should also ensure development, retention, and replacement of senior officers within a company.

Identify future leaders early and create personalized development plans to fill out the gaps in each person on your company's leadership bench. Assess internal succession candidates via regular interaction during board meetings and strategy presentations, individual meetings between directors and potential internal candidates, and internal and external feedback from a variety of sources—including meetings with stockholders.

Read More from Forbes: Succession Planning Needs To Be Your No. 1 Priority >>

Clearhouse
8. Are we ready for individual director scorecards?

ISS will begin rating individual board members, and while there will not be a director score, per se, the report will highlight a director's shareholder vote support and the Total Shareholder Return of the company since the director started serving on the board. This information could result in a "negative halo," impacting other boards that a director serves on in a negative way so make sure to have your Investor Relations narrative ready.


Clearhouse
9. Have we confirmed the company's culture is free of sexually predatory practices?

2017 was a watershed year for exposing the toxicity of sexual harassment in the workplace. As 2018 begins, there is zero tolerance for toxic corporate cultures that create inhospitable working environments. Nothing less than a company's overall corporate brand is at stake. Investors want to know that companies and boards are taking a proactive approach in addressing this issue, so now is the time to reconfirm there are no sexually predatory practices rooted in your company's culture. Protect your company's brand equity by ensuring that the "tone at the top" does not tolerate sexually predatory practices or gender and racial bias, and that HR conducts proper compliance training.

Read More from NAVEX Global: High-Profile Sexual Harassment Claims Show a Toxic Culture Can be a Product Defect >>

Clearhouse
10. Do we know how our CEO's pay compares to that of the company's median employee?

Know your pay ratios heading into proxy season! CEO pay has been reported for a long time, but beginning this year companies will need to comply with the SEC's pay ratio disclosure requirement. If the gap between your company's CEO and median employee pay is extreme, this may become a high visibility issue for investors and/or activists.

Be prepared for the difficult tasks of communicating your CEO pay ratio to both internal and external audiences as well as handling the repercussions that may result from the entire company knowing the median employee's pay.

Read More from Davis Polk: Pay Ratio Disclosure Rule: The SEC's Latest Guidance Should Ease Compliance Costs for Companies >>

Read More from Willis Towers Watson: The Do's and Don'ts of CEO Pay Ratio Communications >>

***

Betsy Atkins serves as President and Chief Executive Officer at Baja Corp, a venture capital firm, and is currently the Lead Director and Governance Chair at HD Supply. She is also on the board of directors of Schneider Electric, Cognizant, and a private company, Volvo Car Corporation, and served on the board of directors at The Nasdaq Stock Market LLC and as CEO and Board Chairman at Clear Standards.


Revitalize Banner
Publication Date*: 1/16/2018 Mailto Link Identification Number: 1486
Frequently Asked Questions
  Ransomware Payment: Legality, Logistics, and Proof of Life
Identification Number 1483
Clearhouse
Ransomware Payment: Legality, Logistics, and Proof of Life
Part Three: Notification, Remediation, and Insurance
Publication Date: January 8, 2018 

This is the third in a three-part series of white papers authored by Cybersecurity expert John Reed Stark. The series offers guidance for boards of directors on the legal issues, logistical considerations and financial implications of responding to ransomware threats.

Government measures to mitigate ransomware crimes are still somewhat theoretical and may be insufficient to stem the dramatic growth of ransomware, leaving companies to manage on their own the increasing risk of the current ransomware crime wave. Even under a best-case scenario, where a victim has maintained archives and can keep the business alive, ransomware victim companies will incur significant remedial costs, business disruptions and exhaustive management drag. However, with the right preparation and response, victim companies can lead recovery efforts with confidence and remediate ransomware attacks effectively.

In Part Three, John Reed Stark outlines basic steps companies should take as preemptive measures to avoid falling prey to ransomware, provides an overview of thresholds for notification requirements to regulators including the SEC and FINRA, and discusses the intricacies of insurance compensation.

Ransomware Payment: Legality, Logistics, and Proof of Life is a three-part series of articles that provides guidance on the legal issues, logistical considerations and financial implications when managing ransomware threats:

Part One of this series, Background and Reality, provided the keys to understanding the impact of recent ransomware strains, including a discussion of the nature and growth of ransomware; the dangerous aspects of some recent ransomware attacks; and the role (or lack thereof) of law enforcement when managing a ransomware attack.

Part Two of this series, Investigation and Response, examines the intricacies involved in ransomware response, including ransomware investigative tactics; ransomware payment logistics; and the legalities of ransomware response.

Part Three covers the remaining range of key ransomware essentials including: notification requirements, ransomware remediation, and ransomware cyber insurance. Part Three also provides some final thoughts on the entire ransomware imbroglio together with some recommendations for the future.

Read Part Three of Ransomware Payment: Legality, Logistics, and Proof of Life >>

Also popular from John Reed Stark on the Governance Clearinghouse:
Top Cybersecurity Concerns for Every Board of Directors >>
Cyber Defense in the Boardroom >>

***

John Reed Stark is President of John Reed Stark Consulting LLC, a data breach response and digital compliance firm. Formerly, Mr. Stark served for almost 20 years in the Enforcement Division of the U.S. Securities and Exchange Commission, the last 11 of which as Chief of its Office of Internet Enforcement. He also worked for 15 years as an Adjunct Professor of Law at the Georgetown University Law Center, where he taught several courses on the juxtaposition of law, technology and crime, and for five years as managing director of a global data breach response firm, including three years heading its Washington, D.C. office. Mr. Stark is the author of, "The Cybersecurity Due Diligence Handbook," available as an eBook on Amazon, iBooks and other booksellers.

Publication Date*: 1/8/2018 Mailto Link Identification Number: 1483
Frequently Asked Questions
  U.S. Capital Markets and the Road Ahead
Identification Number 1477
Clearhouse
U.S. Capital Markets and the Road Ahead
Publication Date: December 14, 2017

We asked Tal Cohen, Senior Vice President of Nasdaq North American Equities, about the road ahead for U.S. capital markets. In this Q&A, Tal also shares his perspective about the current regulatory environment, the future of speed bumped markets, and explains why Nasdaq remains focused on its Revitalize Blueprint.

Q: What is the current regulatory environment under SEC Chairman Clayton?

A: Chairman Clayton has brought a renewed focused to IPOs in the primary market, in particular stemming the decline in the number of small and emerging growth public companies. He's been very consistent every time he's spoken that the SEC is focused on enhancing the attractiveness of the public markets for IPOs, and on ensuring Mr. and Mrs. 401K are not shut out of investments in emerging growth companies. Given that he was previously an IPO and M&A attorney, he's has both the background and the context to influence that debate.

Q: What are some of the initiatives Nasdaq is working to advance with the SEC?

A: Nasdaq is pursuing the proposals outlined in our Revitalize Blueprint, to enhance capital formation opportunities in the primary equity markets. In our blueprint, we are recommending that small and mid-cap companies be permitted to benefit from the choice to consolidate liquidity through the revocation of Unlisted Trading Privileges. We are also advocating for intelligent tick sizes, which we believe is a more tailored and effective approach for resolving sub-optimal tick sizes than the existing pilot.

On the product side, Nasdaq is focused on improving the trading experience on our markets by advocating for more stock splits, developing policies that support the growing ETF market, and rolling out enhancements to our closing cross. We are also filing a proposal with the SEC to introduce a midpoint extended life order (M-ELO) in our market that will help institutional investors buy or sell large orders or orders of significant size, and provide some level of protection when they do that.

Q: Do you think the SEC is rethinking speed bumped markets?

A: We think it's interesting that the commissioner who initially voted against IEX and the initial speedbump is now also clearly showing his views on a derivation of it that was recently proposed. We believe there is an opportunity to reengage the SEC on this issue, to make the case that speed bumps are a slippery slope. It's difficult for the industry to understand the implications of that, both from a public policy perspective and from a trading perspective.

We've asked the SEC to reexamine this topic on a broader basis than just CHX, to question whether the market has really benefitted from the speed bump during the past year. We also want the SEC to consider where this might lead over the next several years if speed bumps are allowed to continue to evolve and become part of the fabric of the market.

Nasdaq looked into the opportunity to take one of our exchange medallions and launch a speedbump market. But after some discussion, we decided there was a more elegant solution that we could put in place—one that didn't have the unintended consequences of a speed bump and that didn't have our customers incur additional costs to connect and take market data from a new, fourth exchange. And the manifestation of that solution is M-ELO.

M-ELO is our "day one" response to the speedbump market, one that provides protection for investors and minimizes the impact of market-moving events that can erode execution quality. We believe we'll be able to enhance and evolve M-ELO to meet a variety of different needs of institutional investors in the marketplace—needs that we don't capitalize on today.

Q: Are there other market structure developments on the horizon that will impact listed companies?

A: The access fee pilot could have some impact on listed companies. An overarching point we make to the SEC, and the industry, is that we need to involve the issuer in secondary market pilots and discussions. We often think about the issuer after the fact. Instead, we need to solicit issuer feedback on these market structure changes upfront, as they could have a material impact on how issuer stocks trade and how investors feel about building positions or unwinding positions in those companies.

The access fee pilot is an excellent example. Lowering the incentive to provide liquidity could do one of two things: lead to wider spreads or more off-exchange activity. Is that in the best interest of the issuer? Is that something at the end of the day the issuer finds of value? An alternative might be to marginally lower the explicit cost of trading for an intermediary, but increase the cost of investing in a company for a buy side institutional investor. This would be more meaningful to the issuer, who's looking at their stock and wondering why on day one it had a one or two cent spread, but post the access fee pilot it's become a three to four cent spread. And they are wondering why their investor base now looks different and feels differently about their company.

As they design these pilot programs, the SEC should be mindful of allowing companies to opt out of a program, if they experience a degradation in stock trade performance or an adverse impact on their stock price. The SEC did not create that outlet when they initially designed the tick size pilot, which was a point of contention for issuers.

Q: Speaking of the Tick Size Pilot…have we seen any benefits from it?

A: Issuers have not seen an increase in liquidity, an increase in research coverage or any indication that this is helping the IPO market. Using those three things as the criteria on which we judge it, we have not identified a benefit for issuers.

From a trading perspective, the results have been mixed, and most of what we projected and forecasted is happening. There are wider spreads and, in some stocks, it's more costly to build a position to trade or execute. On the flipside, we have seen a greater persistency of the quote so the quote is more stable, and there's more size or quantity to be done at the inside. But that has come at a price, because both implicit and explicit costs seemed to have gone up for brokers.

Q: There are currently 13 exchanges and dozens of other trading venues a security can trade on. Is this too many?

A: It's not a question of whether there are too many exchanges—it's a question of whether the market as a whole is working for small and mid-cap issuers the way it does for large cap issuers and large ETFs. Multiple exchanges work for some of the market, but not all of the market.

Nasdaq's Revitalize Blueprint offers more tailored, nuanced solutions to dealing with competition and fragmentation within the public markets.

Q: Has there been feedback on Revitalize from issuers or the trading community that's made Nasdaq reconsider parts of the initial blueprint?

A: Nasdaq included 25 separate proposals within the Revitalize Blueprint, and we knew some of them would be hotly debated on both sides of the fence. The proposals in the blueprint were meant to engage capital markets stakeholders in a robust dialogue and then move discussions forward to solutions. Issuers and investors have come to us and said Revitalize shows thought leadership, and is an aspirational blueprint to help vet what the real issues are and then build consensus—particularly on the issues that are passionately debated by both sides.

Revitalize was structured that way by design, and as a result of the feedback so far, we now have a better sense of the issues we'll be able to get support for—and build consensus on—pretty quickly (like proxy reform) and the issues that will require deeper discussions (like shareholder activism, short-sale disclosure, and dual-class stock issuances).

Q: What is the next step in implementing Revitalize?

A: I think the next step for Nasdaq is to choose a handful of the 25 proposals within that blueprint to put forward, and then work with the industry, the SEC and the government on resolving those issues. We know that these issues are top of mind for the SEC.

This is not just a U.S. issue, or about one exchange versus another exchange in the U.S. The Revitalize Blueprint is about the health and vitality of the U.S. capital markets and their global competitiveness. It's about job creation. It's about wealth creation. It's about making the public markets once again attractive to issuers, and how that will, in turn, benefit Main Street investors at the end of the day.

Read more about Revitalize here >>

***

Tal Cohen joined Nasdaq in April 2016 as the Senior Vice President of North American Equities. Prior to joining Nasdaq, he was the Chief Executive Officer of Chi‐X Global Holdings, LLC. Tal currently serves as a Director on the Investment Industry Regulatory Organization of Canada (IIROC) Board and as a Director on the Canadian Depository for Securities (CDS) Board.
Publication Date*: 12/14/2017 Mailto Link Identification Number: 1477
Frequently Asked Questions
  Five Ways to Raise Your Board's Digital IQ
Identification Number 1455
Clearhouse
Five Ways to Raise Your Board's Digital IQ
Publication Date: November 20, 2017 

Technology is disrupting virtually every industry in some way, and a business case for digital literacy on the board is emerging. In this post, veteran board director Betsy Atkins shares five ways companies can raise their boards' digital IQ.


There can be little doubt in today's business environment that adding board members with broad experience in technology (including software, services, cloud, analytics and A.I.) will bring critical insights into the boardroom. According to a recent study by Deloitte, the percentage of public companies that have appointed technology-focused board members has grown from 10% to 17% during the past six years. For high performers—those companies that outperformed the S&P 500 by 10% or more for the past three years—this figure almost doubles to 32%.

However, board refreshment may not happen soon enough for some companies, and adding a few tech experts may not raise the digital IQ of the entire board to a level where decision making becomes nimble. In the interim, the question is, how can companies raise the digital expertise that existing board members bring to the table?

1. Conduct a technology IQ assessment.

An appraisal of the board's digital IQ should be incorporated into the annual board assessment to identify any areas of weakness. A digital IQ assessment will be different for each board depending upon the company it serves or the industry it operates in, but may examine some or all of the following elements:
  • Are there enough (or any) board members with relevant technology backgrounds?
  • Have board members worked within a variety of business models?
  • Did board members lead or serve on companies that initiated digital transformation?
  • Have board members experienced a significant change in company business model?
  • How does the board monitor technological innovations and/or looming disruptions?
  • Does the board benchmark technology adoption against competitors?
  • What metrics is the board tracking to measure progress in digital transformation?
  • Does the board meet with the company's CTO or CIO on a regular basis?
  • Is the board comfortable with change?

2. Embark on a technology learning tour.

Every company is a technology company in some way, and all boards should be continuously researching macro trends in technological innovation and digital enablement. An effective way to boost the entire board's digital IQ quickly is a technology learning tour, during which board members spend a few days immersed in one of the major technology hubs, such as Silicon Valley, China, or Tel Aviv.

The board I sit on at Schneider Electric just toured Alibaba in China. We also visited leading Chinese companies in Shanghai, Hangzhou, Shenzhen, and Hong Kong. This fall, I joined my fellow Volvo board members in meetings with Google, Amazon, venture capital groups in Menlo Park, and other cloud services providers as we seek to understand the potential for connected car infotainment. We also met with companies that specialize in machine learning and AI algorithms related to autonomous driving, to discern how advances in those technologies may apply to Volvo.

There are major macro tech trends impacting Schneider and Volvo that require their boards to establish a framework of tech knowledge in order to adequately leverage the opportunities these trends present. Schneider for example is an industrial energy management company, and board member knowledge of—and experience with—the industrial internet of things is critical as "hardware" companies like Schneider transition to develop and embed software in their infrastructure. For Volvo, cloud services, infotainment, SaaS Software, the digital customer journey, and machine learning/AI algorithms for autonomous drive are all macro trends that are directly relevant to the company's business.

3. Invite subject matter experts into the boardroom.

Continuing education can take place in the boardroom as well as outside of it. Boards can engage external digital experts to update members about emerging tech-related innovations, disruptions and risks. Boards should also monitor how competitors are leveraging technology to delight consumers, bring efficiencies to supply chains, and lower costs.

The Governance Committee of HD Supply brings in outside speakers two or three times a year for a working dinner. We've had cyber-risk speakers from FireEye and digital transformation speakers from Accenture and Boston Consulting Group. An upcoming speaker will be presenting an in-depth discussion of competitive industry assessment.

Internal company technology officers and department heads are also indispensable subject matter experts, and the board should be hearing regularly from the company's top digital managers. (I recently wrote a piece about the evolving role of the CIO.) The Volvo board's Technology and Innovation Committee regularly receives updates from Volvo's head of research and development, Chief Digital Officer, head of product development, and global head of strategy. Schneider has created a role of Chief Digital Transformation Officer reporting to the CEO. The Schneider Board will consider adding a Digital Oversight Committee.

4. Allocate time on the board agenda to technology transformation as well as cyber risks.

There is a lot of buzz right now about cyber risk and how boards should manage oversight of that—and rightly so. However, companies today face a much greater risk than data breaches and ransomware attacks: business model obsolescence. According to a study published by Innosight, businesses are disappearing at a rate of 50% every 10 years, primarily because they don't evolve quickly enough in the face of seismic shifts in consumer behaviors or technological innovations (think Blockbuster, Borders, and Radio Shack). Tenure on the S&P 500 has dropped from 33 years to 14 years during the past 7 years.

Companies that seek opportunities for competitive advantage in evolving technologies will have the greatest chance of survival. To ensure business model vibrancy, boards need to embrace tech trends and new business models, and actively consider integration of them into their companies' strategies. Board agendas should allocate time to digital transformation, just as they do cyber, general enterprise risk management and other risk mitigations.

Digital transformation is a forward-looking perspective, so it shouldn't be tasked to the audit committee (which is traditionally backward-looking). Governance committees, on the other hand, often have additional capacity to absorb tech-related strategic oversight. Governance is the board committee charged with oversight of strategic digital transformation at HD Supply.

As Deloitte reported in the study I referenced at the beginning of this article, it is becoming more common for boards to add technology committees dedicated to digital and technical transformation. Volvo's board has a Technology Innovation Committee, and the Schneider Electric board formed a Digital Transformation Committee.

5. Refresh the board with directors who lean in to change.

The velocity of change is so intense now that corporate survival depends upon the intellectual and emotional experience of people who are more comfortable leveraging change than pulling away from it. To be effective, every director today needs to have past experience navigating a company through rapid and truly transformative change.

It's also important that directors in today's business environment have job experience within a variety of enterprises and business models. If everyone around the boardroom table spent their entire career immersed in a single corporate domain or business model, the board may lack familiarity with change or the conviction to innovate. They will try to apply the one lens or framework that was effective one or two decades ago. Board members who have worked for multiple companies during their careers are more likely to have experience leveraging technologies to refresh or retool business models, bring down costs, or improve the customer journey.

***

Watch Betsy's interview with Nelson Griggs, President of Nasdaq Stock Exchange: Why Your Board Needs Technology Leadership.

Other popular posts featuring Betsy Atkins on the Governance Clearinghouse:
Seven Critical Elements of a Board Refreshment Plan >>
What Makes a Great Board? >>

Betsy Atkins serves as President and Chief Executive Officer at Baja Corp, a venture capital firm, and is currently the Lead Director and Governance Chair at HD Supply. She is also on the board of directors of Schneider Electric, Cognizant, and a private company, Volvo Car Corporation, and served on the board of directors at Nasdaq LLC and as CEO and Board Chairman at Clear Standards.

Publication Date*: 11/20/2017 Mailto Link Identification Number: 1455
Frequently Asked Questions
  Digital Transformation Catalyzes Diversity in Nasdaq Company Boardrooms
Identification Number 1454
Clearhouse
Digital Transformation Catalyzes Diversity in Nasdaq Company Boardrooms
Publication Date: November 16, 2017 

"Every company is now a technology company, and boards increasingly require a new kind of director," says Coco Brown, founder and CEO of The Athena Alliance, an organization dedicated to preparing executive women for board service and facilitating board matches. A veteran of the Silicon Valley tech industry, Ms. Brown talked to Nasdaq about how digital transformation is disrupting traditional board composition and creating new opportunities for women to make meaningful contributions in the boardroom.


Despite increased pressure from investors, gender diversity on boards is improving at a glacial pace of just 1% per year. Why? Because boards are still accustomed to—and most comfortable with—appointing former and current CEOs and CFOs of large enterprises, and women comprise a very small percentage of those roles.

There is, however, an intriguing exception to the male majority in the boardroom: the gender composition of non-executive digital directors. Russell Reynolds has been tracking statistics on digital directors in the boardroom since 2013. Their most recent survey tracking digital directors appointed to the boards of the Global 300 uncovered encouraging trends:

  • 37% of Global 300 digital directors are women.
  • 58% of digital directors added to Global 300 boards between 2014-2016 were women.
  • Global 300 boards with a digital director have greater gender parity than traditional boards.
The advent of digital directors heralds a larger evolution taking place in the boardroom. Companies today face a wide range of threats and opportunities related to digital transformation, most of which didn't exist 10 years ago. These include cyber risk, technology innovations (including AI and machine learning), business model shifts, digital marketing, and brand management. The rapid pace of change has left traditional boards lacking in two fundamental areas:

Cognitive and relational diversity: Cognitive refers to diversity of thought, while relational diversity is the ability to relate to a company's constituents directly (customers, employees, and communities).

Modern digital competence on a mass scale: Any company that expects to be around 5-10 years from now will need to digitize supply chains, sales engines, business processes, and customer and employee engagement, if it hasn't already.

Savvy boards recognize that to stay competitive, they must address these deficits, and continuing to recruit board members from the ranks of former CEOs and CFOs is not the answer. It is becoming increasingly common for boards to "widen the aperture" beyond traditional executive roles to recruit non-executive directors who have engineering, technology, operations, human resources, and marketing backgrounds. As a result, a whole new generation of thought leaders is beginning to take seats at boardroom tables:

  • Human Resources Officers (CHRO, CPO): These are a company's workforce and culture experts and are under-represented in the boardroom. They also advise on compensation, succession planning, stock programs, and employee and community relations.

  • Digital Technology Officers (CIO, CISO, CTO, Chief Product Officer, Cyber Security): These experts are attuned to some of the biggest technology-related threats, challenges and opportunities of the next 3 - 5 years.

  • Digital Delivery & Operations Officers (Head of Business Strategy, CMO, COO, Chief Customer Officer, Chief Revenue Officer): These roles have a pulse on the industry, shifting business environments, and evolving business models; they also have connections that can make a big difference.
Recent data indicates that recruiting outside of the CEO/CFO realm and into other C-Suite roles in small to mid-cap companies, or even SVP/VP roles of mid to large cap companies may accelerate progress towards gender parity in the boardroom: Russell Reynolds reported that while the total number of female directors of Global 300 companies stands at just 19%, women represented 26% of all digital directors appointed to Global 300 company boards between 2014-2016.

A number of Nasdaq companies have recently "widened the aperture" in board refreshment, appointing women to help lead their digital transformation in the boardroom, including:

Axon Enterprise, Inc. (Nasdaq: AAXN): Julie Cullivan is CIO and Senior Vice President of Business Operations at ForeScout Technologies, Inc. (Nasdaq: FSCT). Axon can leverage Julie's extensive sales operations, IT, and cybersecurity expertise as the company transforms its product line through AI and cloud technologies.

Banner Corporation (Nasdaq: BANR): Merline Saintil is the head of operations of Intuit's (Nasdaq: INTU) product and technology group. Banner recruited Merline to bring information technology expertise to the financial company's board.

Forrester Research, Inc. (Nasdaq: FORR): Yvonne Wassenaar, former CIO of New Relic and current CEO of Airware, is described by Forrester as "a thought leader in cloud, big data analytics, and business digitization." Forrester tapped Yvonne for the board to help guide the company as it undergoes the digital transformation of its business.

MobileIron, Inc. (Nasdaq: MOBL): Jessica Denecour is CIO of Varian Medical Systems. MobileIron believes its shareholders will benefit from Jessica's expertise in using IT to positively influence business outcomes.

Morningstar, Inc. (Nasdaq: MORN): Caroline Tsay is a technology start-up founder and former online channel division vice president at Hewlett Packard Enterprise. Morningstar's investment services have moved from analog to digital technologies, and Caroline has the mix of leadership experience and information technology expertise that Morningstar's board needed.

Telenav, Inc. (Nasdaq: TNAV): Karen Francis DeGolia is on the board of AutoNation, the largest automotive retailer in the U.S., and Executive Chairman of AcademixDirect, a technology marketing company serving the education industry. She joined the board of Telenav last December and was recently named Lead Director, adding her extensive experience in the automotive industry and emerging mobility technologies to Telenav's board.

Another unexpected statistic came from the Russell Reynolds survey mentioned earlier: 78% of the Global 300 still has no digital representation on the board. As companies continue to awaken to the realization that they need digital innovation expertise and diversity of thought on the board, women will find opportunities in greater numbers to demonstrate value and relevancy in the boardroom.

***

Coco Brown is founder and CEO of the Athena Alliance, an organization dedicated to advancing diversity in the boardroom by preparing executive women for board service and facilitating board matches. Before founding the Athena Alliance, Brown served as the president and chief operating officer of Taos, an information technology consulting and services company based in San Jose, California. She is also the founder and CEO of Executive Kinections, a Silicon Valley consultancy that advises executive teams in strategic planning and organizational design.

Publication Date*: 11/16/2017 Mailto Link Identification Number: 1454
Frequently Asked Questions
  Ransomware Payment: Legality, Logistics, and Proof of Life
Identification Number 1450
Clearhouse
Ransomware Payment: Legality, Logistics, and Proof of Life
Part Two: Investigation and Response
Publication Date: November 6, 2017 

This is the second in a three-part series of white papers authored by Cybersecurity expert John Reed Stark. The series offers guidance for boards of directors on the legal issues, logistical considerations and financial implications of responding to ransomware threats.

When confronted with a ransomware attack, the options all seem bleak. Pay the hackers – and the victim may not only prompt future attacks, but also has no guarantee that the hackers will restore their dataset. Ignore the hackers – and the victim may incur significant financial damage or even find themselves out of business. The only guarantees during a ransomware attack are the fear, uncertainty and dread inevitably experienced by the victim. That is why it is critical for all companies to approach ransomware response in a thoughtful, careful and meticulous manner, which is the focus of Part Two of this three-part series.

This three-part series of articles provides guidance on the legal issues, logistical considerations and financial implications when managing ransomware threats, including an exposition of the unique issues which can arise when seeking proof of life and opting to meet the monetary demands of ransomware attackers.

Part One of this series, Background and Reality, provided the keys to understanding the impact of recent ransomware strains, including a discussion of the nature and growth of ransomware; the dangerous aspects of some recent ransomware attacks; and the role (or lack thereof) of law enforcement when managing a ransomware attack.

Part Two of this series, Investigation and Response, examines the intricacies involved in ransomware response, including ransomware investigative tactics; ransomware payment logistics; and the legalities of ransomware response.

Part Three of this series will cover the remaining range of key ransomware essentials, such as notification requirements; ransomware remediation; and ransomware cyber insurance.

***

John Reed Stark is President of John Reed Stark Consulting LLC, a data breach response and digital compliance firm. Formerly, Mr. Stark served for almost 20 years in the Enforcement Division of the U.S. Securities and Exchange Commission, the last 11 of which as Chief of its Office of Internet Enforcement. He also worked for 15 years as an Adjunct Professor of Law at the Georgetown University Law Center, where he taught several courses on the juxtaposition of law, technology and crime, and for five years as managing director of a global data breach response firm, including three years heading its Washington, D.C. office. Mr. Stark is the author of, "The Cybersecurity Due Diligence Handbook," available as an eBook on Amazon, iBooks and other booksellers.

Publication Date*: 11/6/2017 Mailto Link Identification Number: 1450
Frequently Asked Questions
  Effective Boards and the Need for Emotional Intelligence
Identification Number 1447
Clearhouse
Effective Boards and the Need for Emotional Intelligence
Publication Date: October 31, 2017

In this Q&A, Nasdaq talks to Caren Merrick, veteran board member, angel investor and entrepreneur, about the importance of emotional intelligence or "EQ" on boardroom dynamics.

Q: Based on your experiences as a board member and a former CEO, how would you complete this sentence: "For a board to be effective . . ."

A: For a board to be effective, its members must demonstrate emotional intelligence. I don't see much written about the impact of emotional intelligence or EQ on board dynamics, yet it's an issue that someone raises almost every time I speak about boards. A general lack of EQ seriously handicaps a board's ability to problem-solve and make informed decisions.

When a board is recruiting a new member, emotional intelligence and relationship building skills are as important to vet as subject matter expertise and experience. Some of the biggest board blowups I've observed had to do with a board member who was more ego-driven to be a star contributor, or didn't know or respect the difference between their role and the CEO's role, or dug in and refused to budge on a particular issue.

A measured approach to navigating highly-charged situations is another often overlooked and undervalued ingredient of an effective board. When disagreements are handled poorly, boards can build factions and become very political.

Q: How has EQ impacted the boards you are sitting on now?

A: I am fortunate at this point in my career to be sitting on some of the most effective boards I've ever been associated with. The boards I'm serving on now have excellent EQ: We don't always agree on everything, but when we do disagree we are mindfully very constructive in our approach to resolving issues.

One board I sit on in particular, the Metropolitan Washington Airports Authority (MWAA), which oversees the $800m business operations of Washington Dulles International Airport and Washington Reagan National Airport in addition to the $6b Dulles Corridor Metrorail and other entities.

This board presents a unique challenge to the CEO Jack Potter, because his board members are all appointees. I've learned a great deal watching Jack cultivate a productive boardroom dynamic between a group of individuals he had no say in appointing, who were each put in place to represent distinct constituencies.

When there are disagreements—and there often are—Jack's approach is deliberative, measured, and involves all of the stakeholders. He's patient, asks a lot of questions and implements a rigorous process to analyze the pros and cons in order to uncover what's really at stake. He's also encouraged board members to think more regionally in their approach to governing the Authority. Since Jack became CEO and began implementing this approach, the MWAA board is functioning at a higher level than before and, I believe not coincidentally, our bond ratings have gone up.

Q: A board can be comprised of successful executives who represent a perfect balance of the right professional skillsets, yet still be dysfunctional. True?

A: Absolutely true. As an angel investor, I'm hyper aware of the high number of startups that ultimately fail, and one of the biggest reasons for that failure rate is investors having a different agenda for a company than its founders.

As an entrepreneur, I'm somewhat biased. In an ideal world, founders could build their public company boards from scratch with people who are wise, aligned, generous and completely independent. In reality, it's difficult to launch a company without using outside capital, so newly-public boards are often faced with the possibility of competing stakeholder agendas. It's very important to get transparency and clarity around those agendas right at the beginning, so the board can build consensus. Otherwise, there is a high risk of factions developing among board members aligned with existing investors versus those aligned with the CEO.

Alignment doesn't mean the board won't disagree—there should always be healthy debate in the boardroom—but alignment does significantly increase the odds of reaching constructive solutions and sustainable growth. This is important, because CEOs find it challenging to rotate investors off a board when major disagreements become a stumbling block.

Entrepreneurs are becoming increasingly savvy to the investor/founder alignment issue, and mindful of it when shopping for capital. I recently met a woman who walked away from venture funding because her investor changed the terms at the last minute. She decided, rather than bring on an investor board member who had their own agenda, she would patiently pursue other sources of funding.

Q: Are there any other factors, in addition to stakeholder alignment and EQ, which contributed to your own company's successful transition from a basement startup to a publicly-traded enterprise?

A: I learned from my own experience that the personal networks of board members are an indispensable resource in scaling a new company, particularly when it reaches an accelerated growth phase. A company requires different skillsets from the board at different stages of its lifecycle: During the early phase, a company is consumed with early wins and surviving; once it gains momentum, it needs board members with experience in scaling an enterprise from $20 million to $200 million, for example. Seasoned executives know the patterns involved in rapid growth, can spot challenges ahead, and help a company block and tackle.

When we took webMethods public, our entire board—angel investors, venture capitalists, founders, and management—were all focused on growth. We deliberately composed a board that was skewed toward functional expertise in growth, and had extensive personal networks we could leverage to make introductions to potential customers, influencers, partners, and key critical employees.

There are a lot of technology startups here in the D.C. region, because so many people here work for government agencies on various projects requiring a high level of technical expertise: DOE, Homeland Security, and EPA, just to name a few. When local tech innovators leverage their technical expertise and experience to start companies, one of the smartest things I consistently see them do is tap former agency heads to join their boards. Not only does the company get that person's technical and government expertise, but it gains access to their network and benefits by association from their professional credibility.

Q: If you knew then what you know now, is there anything you would have done differently when launching your own company?

A: Now that I'm a sitting board member, I realize in my past leadership roles, I should have taken much better advantage of my board members' expertise and the wisdom of their experiences. CEOs—myself included—move so fast defending so many fronts that they don't give themselves the time to check in with directors to discuss challenges or opportunities. Sadly, they leave a lot of valuable insight on the table.

Q: What is the greatest challenge boards face right now?

A: I think the greatest challenge most boards face is trying to stay ahead of what is going on in their markets and industries, and trying to imagine what the future looks like in light of major shifts in local and global economies. Obviously cybersecurity is a huge concern. My boards are requiring more and more of my time to stay current on market and industry dynamics to identify opportunities for the company to create value and avoid crippling risks.

Diversity in the boardroom is crucial for companies to successfully navigate the rapid pace of change happening now: not just gender and ethnicity, which are important, but also diversity of perspective, skillsets, age, and professional disciplines. Boards can no longer afford to be composed solely of former CEOs and CFOs, because they need functional expertise in customer relationship management, digital marketing, cybersecurity, ERP systems, and social media marketing (which is a huge new frontier for boards to understand and tackle).

I learn something new every time I meet with my boards: we have people who have led private equity ventures, enterprise resource planning, supply chain ventures, enterprise marketing, and technology. The questions and insights that come from the diverse perspectives seated around the table at these meetings are impressive and very educational.

***

Caren Merrick is the CEO of Caren Merrick & Co. Previously, she was founder and CEO of Pocket Mentor, a mobile application and digital publishing company that provides leadership development and career advancement. Caren currently serves on the boards of the Metropolitan Washington Airports Authority, WashingtonFirst Bankshares, Inc. (Nasdaq: WFBI), and The Gladstone Companies (Nasdaq: GAIN, GLAD, GOOD, LAND). She is also a co-founder and former Executive Vice President of webMethods, Inc., a business-to-business enterprise software solution, which went public on Nasdaq before being acquired.
Publication Date*: 10/31/2017 Mailto Link Identification Number: 1447
Frequently Asked Questions
  Seven Tactics to Engineer Better Boardroom Dynamics
Identification Number 1442
Clearhouse
Seven Tactics to Engineer Better Boardroom Dynamics
Publication Date: October 24, 2017 

Boardroom dynamics can make or break the effectiveness of a board. In this post, Joan Conley, Senior Vice President and Corporate Secretary at Nasdaq, shares seven tried and true tactics for engineering better boardroom dynamics.


Proxy season has come and gone, new board members have completed their orientations, and many corporate boards are wrapping up summer strategy sessions. New board members bring new boardroom dynamics—and shifting dynamics may for a period of time impact the effectiveness of a board. On the other hand, excellent group dynamics can optimize board productivity for shareholders. Nasdaq's playbook for creating a healthy team dynamic in the boardroom includes the following tactics for facilitating director engagement, innovation, and candor in the boardroom.

1. Acclimate new directors to board culture.

Even public company directors need a safe place to ask "dumb" questions. At Nasdaq, we share an overview of board culture during orientation of new directors. Between the board chair, the CEO, and myself, our new directors have the resources to confidentially ask off-line questions related to the board culture, operations, and meeting protocol.

Be prepared to answer questions that delve into the granularity of board culture, including the cadence of the board meeting, how to refer to the board chair, when to ask the CEO direct confidential questions, when to inject comments during the board meeting, and how offline conversations should be handled. Knowing these details in advance can alleviate concerns of new board members, allowing them to focus on building important working relationships and tackling board agenda items.

2. Review boardroom etiquette with new directors.

Generally, the boardroom etiquette list of "dos" and "don'ts" closely mirrors the rules we learned early in life: listen, contribute, take turns, ask questions, treat everyone with respect. However, boardroom culture and rules of order may vary widely from company to company. Providing an overview of the general protocols followed during a company's board meetings can encourage participation in a meaningful way.

3. Avoid over-processing new board members.

There is a clarity of vision that comes with a fresh perspective. The observations made by new board members during their onboarding phase and early meetings are insightful and valuable. It's therefore important to educate a board member about the company's business and culture enough to hit the ground running at their first meeting, but without interfering with the insights and candor a fresh set of eyes brings to the table.

4. Facilitate communication between corporate management and board members.

Energized and enthusiastic directors are keys to positive boardroom dynamics. At Nasdaq, the onboarding program is individualized. We strive to satiate board members' appetites for knowledge related to the areas of our business they are passionate about, whether it's technology, fintech, M&A, market trading, or regulation.

For example, if a board member comes to us with expertise in technology, we have them spend time with Nasdaq's CIO, Brad Peterson, and his team. We also expand their horizons by having them meet with all of the other Nasdaq business unit leaders to cross-pollinate the board member's technology expertise with education and experiences in other areas of Nasdaq's business.

Board members who make tangible contributions stay focused and engaged. In my experience, the more often we bring board members together with executives and business unit teams to share knowledge, the more energized Nasdaq's boardroom dynamics become.

5. Engage all directors.

A board member sitting on the sidelines at any meeting represents a lost opportunity for the group to benefit from hearing and debating potentially important questions, concerns or insights. Listen to who speaks and who doesn't speak during board meetings and employ a strategy to engage all board members. Such a strategy might include:

  • Drafting call-out questions to be used by the board chair to elicit input from all directors.
  • Reserving efforts to elicit engaging discussions from all directors during executive sessions of the board.
  • Allowing directors to process and develop their input ahead of time by alerting them of, and educating them about, key agenda issues in advance.
  • Having the board chair or CEO reach out to board members offline, to solicit their ideas and concerns and find out what may be holding them back.
Typically, once a director has successfully been encouraged to speak in a board meeting, they will continue to do so.

6. Rotate committee memberships.

Rotating committee memberships keeps viewpoints fresh, exposes board members to new aspects of the company's business and governance, and creates new working relationships among board members—all of which contribute to effective boardroom dynamics and the optimization of board productivity for shareholders.

7. Leverage seating arrangements.

There's an art to managing seating arrangements to maximize positive group dynamics, and I recommend every Corporate Secretary pay close attention to it. It's important to plan who sits next to whom during meetings and dinners, based on a number of variables:

  • Which members don't know each other well yet?
  • Which members need to engage based on the meeting agenda?
  • Whose turn is it to sit next to the Chair?
  • How can unproductive side-bar conversations be prevented?
Reviewing seating arrangements for meetings and dinners ahead of time with the CEO and chairman of the board is an extremely productive use of time and contributes to a more successful board meeting.

For more insights from Joan Conley, read Onboarding New Directors: Beyond the Board Manual >>

***

Joan Conley is Senior Vice President and Corporate Secretary of Nasdaq and its global subsidiary organizations and, in that role, is responsible for the Nasdaq Corporate Governance Program and Nasdaq Ethics Program. She also serves as Managing Director of the Nasdaq Educational Foundation and is a Director of the Nasdaq Entrepreneurial Center Board.

Publication Date*: 10/24/2017 Mailto Link Identification Number: 1442
Frequently Asked Questions
  The Rise of the Investor-Centric Activism Defense Strategy by Peter Michelsen and Derek Zaba of CamberView Partners
Identification Number 1439
Clearhouse
The Rise of the Investor-Centric Activism Defense Strategy by Peter Michelsen and Derek Zaba of CamberView Partners
Publication Date: October 17, 2017

CamberView Partners provides advice to public companies on engagement and shareholder relations, activism and contested situations, sustainability and complex corporate governance matters.

Shareholder activism is often thought of in binary terms: activist v. company, dissident nominees v. company directors. Media coverage dramatically frames the "showdown" of prominent and press-savvy activists taking on companies as both sides seek the upper hand on the way to the ballot box. While an "us vs. them" mentality makes for a compelling narrative, this framework has a major flaw: it doesn't include shareholders, who are the most important constituency in driving the outcome of proxy contests.

Gaining the support of shareholders, in particular large institutional shareholders, through a well-crafted "investor-centric" activism defense strategy is increasingly the key to success in activism situations. Below we outline how activism defense and the investor landscape have evolved and why the "investor-centric" strategy has become the optimal path to victory for most proxy contests, regardless of whether they culminate in the withdrawal of the activist, a shareholder vote or a mutually agreed settlement.

Where it Began – Tactics, Tactics, Tactics

Five years ago, it would not have been uncommon to find a whiteboard on the wall of a company boardroom in a contested situation filled with a list of tactical measures to thwart the activist's campaign: poison pills, changing bylaws, moving meetings to remote locations, lawsuits, and shifting record dates. The primary focus of a tactical strategy was to outmaneuver the hostile acquirer or activist, the latter of which was more often than not pursuing a straightforward "sell the company" or "lever up and distribute" thesis and had limited ability to sustain a multi-year campaign.

Today, investors and proxy advisory firms are more skeptical of actions taken by the Board that appear purely tactical or are otherwise perceived as impinging upon shareholder rights. Often, these actions carry the risk of souring investors who might otherwise be willing to support the company but feel disenfranchised from decisions that materially impact the value of their portfolio company. While such tactics may still be part of the activism defense toolbox, they should be considered with great care and in the context of their impact on maintaining support from companies' increasingly diverse and sophisticated shareholder base.

The Activist-Centric Defense Strategy

As tactical considerations became less effective as an activism defense strategy, boards turned their focus directly to the activists and their agendas. Specifically, some companies took actions with the goal of either preempting the activist or appeasing them, aiming to implement enough of the activist's thesis to make the remainder of their demands not worth fighting for. The resonant concept was that boards should "think like an activist." In some cases, these actions resulted in a settlement with the activist or the activist withdrawing after achieving a partial, but "sufficient," victory.

However, in present times the major problem with a defense strategy focused primarily on addressing the concerns of an activist is that while the activist may have been satisfied by the outcome, some or many of the activist viewpoints may not have been shared by the broader base of long-term investors. In fact, in recent years, there has been significant pushback from large institutional investors, whose risk profiles and investment time horizons often differ from those of a vocal activist fund, about the practice of companies reaching settlements without receiving input from other shareholders. An unsettled shareholder base can leave companies vulnerable to a follow-on campaign either by the initial activist or another activist with a different agenda.

Evolution of the Investor Landscape

The evolution of defense strategies has occurred against a backdrop of recent tectonic shifts in the investor landscape that have reinforced the centrality of the broader, long-term shareholder base in activism situations. The oversight failures of the early 2000s and 2008 financial crisis spurred many investors to become more active owners and voters. Over time, governance-focused institutional investors have built out their proxy voting teams, which has allowed them to engage with a broader range of companies and other market players. Activism itself has undergone a transformation, with activists seeking to shed their "corporate raider" label while building relationships with investors. Additionally, active managers under pressure to generate alpha are more receptive than ever to activist theses.

Underlying all of this is the increasing concentration and acceleration of fund flows into passively managed index funds and ETFs over the past several years. Today, the top five institutional shareholders hold more than 20%, on average, of S&P 500 companies and one of the three biggest index funds (BlackRock, Vanguard and State Street) is the largest single shareholder in 88% of companies in that same index. These passive investors are increasingly important as they tend to have a longer-term perspective which results in them being more willing to support a company if they believe in its long-term strategy regardless of potential short-term negative impacts to the business or stock price.

The growth of assets held by passive investors has also heightened the focus on corporate governance and board-related matters across the market. These topics are now a critical focal point in activism campaigns. As a result, success in an activist situation now increasingly requires companies to persuade and win the support of a range of constituencies much broader than the traditional portfolio manager and buy-side analyst community, including governance teams, proxy advisory firms and key asset owners such as public pension funds.

The Investor-Centric Defense

The evolution of the investor landscape, in addition to the aforementioned problems that have arisen with prior defense strategies, has elevated the concept of an "investor-centric" defense strategy. Unlike previous strategies, this approach begins well before an activist arrives with their demands and is built on companies understanding their investors' concerns through years of engagement and relationship building. As the Chairman and CEO of Vanguard recently wrote, quoting a corporate CEO during one of their engagements, "You can't wait to build a relationship until you need it."

Rather than "think like an activist," the right approach for companies is to "think like a shareholder representative": engage with investors, understand and incorporate their perspectives, and educate them on why the company is pursuing a particular strategy, particularly before an activist appears. Ongoing dialogue enables companies to build credibility with key decision-makers within both the investment and governance teams at institutions, even if there are topics where these disparate teams are not in complete agreement. Even in situations where there is a large and supportive base of retail investors, it is these key decision-makers who will make the ultimate difference between winning and losing.

While companies typically have very active investor relations efforts focused on portfolio managers and research analysts, they must also understand how to engage with all investor constituencies that will drive outcomes in a potential activist situation.

For actively-managed funds, where communication during an activism situation is frequent, feedback will generally be more direct and the decision-making process will be primarily focused on core economic issues. Companies that have built buy-in for their strategy in advance of a fight by being responsive to feedback from these funds will benefit from a higher probability that these investors will vote with management.

On the other hand, governance-focused investors often enter a fight with a limited understanding of the company and are concerned about a range of strategic, financial and governance elements. Building trust with this constituency often means demonstrating that the company has the right board in place to evaluate and oversee long-term strategy, and that the board is operating with a focus on the best interests of shareholders. While this trust can be established in the fast-paced environment of a proxy fight, companies that have proactively built relationships with governance teams and proxy advisors will generally fare better than those that are scrambling to do so under a stormy sky.

With all of this in mind, it is clear that companies in an active defense situation must evaluate every decision through the lens of how investor constituencies will view the action and how it will affect the potential vote. Even if a threatened proxy contest ends in settlement, the leverage that companies have in negotiation derives primarily from the support of these key investors.

Takeaways for Issuers

The delicate balance among boards, management teams, investors and activists is a constantly-changing equation. Over the past several years, a small number of asset managers have amassed trillions of dollars of assets and significant power. These investors represent the ultimate "swing vote" that can effectively determine the outcome of an activist situation and are more willing than ever to exercise their vote. Activists have adapted their approaches to appeal to this increasingly powerful bloc of voters, while public companies have been somewhat slower to proactively build relationships beyond traditional investor relations efforts.

Given these new dynamics, it is critical that companies view their potential actions through an investor lens, whether three weeks before a meeting or during the off-season. A key step is engagement and relationship-building with all key investor constituencies before being confronted by an activist. If an activism situation occurs, company management and board will be able to draw on the trust generated with key decision-makers, will have had the opportunity to tell their story on critical strategic and governance issues, and will have heard and addressed the feedback and concerns of their investors.

***

Peter Michelsen is President and Co-Head of the Contested Situations Practice of CamberView Partners.

Derek Zaba is a Partner and Co-Head of the Contested Situations Practice of CamberView Partners.

CamberView Partners provides advice to public companies on engagement and shareholder relations, activism and contested situations, sustainability and complex corporate governance matters. CamberView helps its clients succeed by providing unique insight into investors' perspectives on long-term value creation, interpreting the evolving governance landscape and creating proactive strategies to stay ahead of investor challenges.

CamberView's services include: Shareholder Engagement, Governance Advisory, Sustainability, Complex IR Strategy, Say on Pay, "Vote No", Environmental, Social and Governance Shareholder Proposals, Activism Defense, Hostile M&A, Complex "Friendly" M&A, and Defense Preparedness.

 
 

The views and opinions expressed herein are the views and opinions of the author at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular company, industry or security mentioned herein and nothing contained herein should be construed as legal or investment advice.

Publication Date*: 10/16/2017 Mailto Link Identification Number: 1439
Frequently Asked Questions
  Tone from the Top: Influence Boards Don't Know They Have by Dr. Phillip Shero
Identification Number 1435
Clearhouse
Tone from the Top: Influence Boards Don't Know They Have by Dr. Phillip Shero
Publication Date: October 3, 2017 

Dr. Phillip Shero is the President of MasterMinds Leadership and works with CEOs and Board Chairs to build bridges of trust and accountability.

In a recent conversation, the Corporate Secretary of a Fortune 500 company proudly explained to me their culture of accountability and intentional investment in leadership at all levels.

"That sounds amazing," I said. "Tell me, what is the board's role in creating and sustaining that culture?"

He said, "There's not much the board can do about that. Culture is the CEO's job."

Therein lies the problem.

We have done such a good job emphasizing management's responsibility to drive culture that directors don't see the levers of culture available to them. If we want to succeed at creating the right "tone at the top," boards must recognize and embrace their levers of influence.


No Accidental Success

Consistent success over time is not an accident. It is purposeful. If the culture was truly exceptional at his company, I could not believe that the board was not involved.

I asked further questions and pointed to examples the Corporate Secretary had already given me to help him see the board's role in their success. His eyes went wide and he said, "Yes! I guess we did play a part." He was then able to cite several practical situations where the board set a tone for accountability and leadership development. Even in situations where the board was not directly involved, he was able to see how the members knew of and supported management's efforts to develop leadership and accountability.

One of his examples was an annual board meeting where the achievements of two dozen high potential employees were celebrated. He affirmed that the directors knew who these up-and-coming leaders were and were proud of their development.

His story is a clear case of unconscious competence: until that conversation, he did not realize what his board was doing right or how powerfully it supported their company's culture and tradition of leadership development.

Where are the Levers of Culture for Directors?

The Corporate Secretary was right in this: the two functions of management and governance have different arenas of responsibility. Directors do not have the same proximity to employees or opportunity to influence culture daily that the CEO and executive team have.

However, directors do have three levers to intentionally influence the culture of their organizations. These are the levers of Leadership, Alignment, and Perspective.

1) The Leadership Lever: Hiring the right CEO and building a relationship of genuine trust.

Boards select a CEO for many reasons—not least of which is his/her ability to drive profit. However, we know that not all profit is equally good. An executive can slash jobs and create profit instantly, but the effects on morale and culture will diminish those returns over time.

David Katz writes in Harvard Law School's Forum on Corporate Governance that cultural fit is one of two key elements in the CEO selection process. I believe his criterion can be strengthened further—a CEO candidate must have demonstrated ability to create and sustain healthy cultures, not just fit the culture that already exists.

Selecting the right CEO is a massive culture lever for directors, but it can only be moved about every 5 years. Therefore, directors must give attention to relationship quality.

The CEO selection lever has a dial to the side, which measures the trust, transparency, and relationship quality between the Board and CEO. Directors can influence organizational culture by turning up that dial to increase trust and transparency in the boardroom. One of the best ways I know to begin creating more trust between directors and the CEO is by getting to know each other outside of board meetings. Any process that creates the ability to share and recognize each other's strengths and weaknesses will strengthen the foundations for trust.

2) The Alignment Lever: Modeling the culture and rewarding a single standard.

It may come as a surprise to think of the culture of the boardroom as a reflection and lever of influence on the culture of the organization. Edgar Schein described culture as a combination of shared beliefs, values, and actions (or artifacts). All three are present in a board meeting: shared beliefs (what is true and/or real), shared values (what is important), and shared actions (what we do).

The cultural artifacts of the boardroom include how people are greeted, what makes it onto the agenda, how much time is given to different topics, what relationships are cultivated, whether interrupting speech is tolerated, and whether healthy conflict is possible or encouraged.

Along with modeling the desired culture in the boardroom, directors can leverage their interactions with the CEO to influence culture through relentless pursuit of alignment.

One way to pursue alignment is by rewarding a single standard. Note this example of a double standard: the board desires a culture where Millennial workers are developed and retained, but the CEO is rewarded for cutting lower-level jobs to achieve projections.

Directors can measure their current alignment through use of strategy-focused board surveys, facilitated by a third party. Many board surveys are heavily weighted toward compliance with standards and regulations, which tell little about internal alignment. However, a survey weighted toward strategic issues can reveal misalignment between governance and management early enough to make corrections.

3) The Perspective Lever: Asking the right questions and cultivating multiple perspectives.

As humans, directors and chairs must overcome the built-in social pressures that suppress hard questions. I continue to read about and hear from directors who do not ask questions out of concern that they would look uninformed or out of step.

In recent years, directors have been encouraged to ask more questions about more types of risk, including cybersecurity. Boards know they are responsible for risk. Yet, there is a disconnect when it comes to asking relevant and probing questions about culture, often until it blows up on the news. When bad news breaks, defective cultures are usually blamed on CEOs, with boards taking little responsibility. Consider recent news related to companies with broken cultures that resulted in a variety of toxic practices, including customer abuse, sexism, gender bias, and massive sales fraud. In each case, the assumption is that the CEO is at fault for bad culture. The board bears little or no responsibility.

A report issued by one company cited management's failure to correct an oppressive sales culture. The board did acknowledge some responsibility, but the report couched it as a structural issue—i.e. the board failed to fix a flawed, decentralized structure. Even with that admission, board members complained that they were not made aware of complaints and cultural problems. Perhaps so, but did they ask the right questions?

In addition to asking deeper questions about culture, directors can move the lever of culture by cultivating multiple perspectives. The board should ensure that it hears from various sources. If an internal study is commissioned, let the person who led the study present the report to the board personally. If an external consultant assesses the culture, the board should hear their findings in person. When it comes time to conduct evaluations, invite a third party to facilitate the survey and interpret the results.

The need to cultivate multiple perspectives is not an indictment of the CEO's or chair's lack of objectivity. Nor does it indicate lack of trust. Instead, hearing from multiple voices allows the directors and CEO to listen together, reflect together, ask questions together, and eliminate bias together. Important cultural indicators emerge from this shared listening, which can be easily overlooked when the same few sources always provide and interpret information.

Directors need to ask themselves the hard, honest questions about their attention to cultural health, and they need to brace themselves for the answers. What voices have been invited to speak in the boardroom outside of the top management team, audit firm, and legal advisors? What insights and new perspectives did they gain from hearing them? How deeply did they dig to understand the information that was shared?

Shifting "Tone at the Top" by Moving the Levers

Boards that want to shift the "tone at the top" must first recognize that they, as directors, have real influence on the culture of the organization. Directors can work together and individually to move the levers of Leadership, Alignment, and Perspective to actively extend their influence and shape the culture of the organization.

***

Dr. Phillip Shero is the President of MasterMinds Leadership and an executive coach to CEOs, senior management teams, and boards. He lived in Uganda for 15 years, where he became the co-founder and first president of LivingStone International University, an accredited liberal arts institution dedicated to producing ethical and empowered leaders in Africa. His firm specializes in executive leadership development, coaching high performing senior teams, and strategic planning. Dr. Shero writes weekly on leadership and publishes on LinkedIn.

The views and opinions expressed herein are the views and opinions of the author at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular company, industry or security mentioned herein and nothing contained herein should be construed as legal or investment advice.

Publication Date*: 10/4/2017 Mailto Link Identification Number: 1435
Frequently Asked Questions
  Ransomware Defense for Boards by Betsy Atkins with input from Bill Lenehan
Identification Number 1427
Clearhouse
Ransomware Defense for Boards by Betsy Atkins with input from Bill Lenehan
Publication Date: September 20, 2017

For all the clever coding involved, most ransomware delivers a very crude but deadly message when it strikes your company. Important company files are locked, and may be destroyed, unless you pay a specific ransom amount, anonymously, with a short deadline. At that point, panic sets in. But if your top management, IT team and board of directors have devoted some time, thought and resources in advance, you'll know how to respond (and might dodge the bullet altogether).

In my own recent boardroom experience, how boards should deal with cybersecurity is one of the hottest topics. I've been an evangelist for getting boards active in setting and assuring effective corporate digital policies. Much of this should be basic good governance for the twenty first century. Realize that a cyber-attack is now a matter of when not if. Make your board digitally savvy so it can ask smart questions on technology, threats, and liabilities. Assure things like up-to-date platforms, software, and third-party testing.

I should note that the majority of company hacking attacks still involve these conventional threats -- the cyber equivalent of smash-and-grab theft. However, the special dangers posed by digital hostage taking demands a unique corporate governance role. If regular hackers penetrate your systems to steal money or data, there are few shades of grey. There may be debates between IT and the rest of management on budgeting for safeguards (the board should be IT's advocate and "nudger" on this, by the way). However, the priorities after a conventional breach are never in doubt -- assess and limit the damages and learn from the attack.

Ransomware is existentially different and goes to the heart of a board's governance and fiduciary role. Do we as a company pay a ransom demand or do we take the moral high ground and say no? Your board needs to tackle this question, with its uncomfortable blend of technology and ethics, now, before an attack. The major ransomware strains, such as Petya and WannaCry, offer a short time frame (sometimes as little as 24 hours) to pay up or face the consequences. Convening a board meeting that quickly to deal with a flash crisis would be both impractical and unwise. Further, the actual ransom itself can be oddly small. Would you really convene an emergency board session to discuss expending $1,000?

Real-world board experiences with ransomware suggests there is a better way. I've seen ransom demands first-hand at one of my boards, and spoke with Bill Lenehan, CEO at Four Corners Property Trust, who's also faced these traumas. We have observed a number of effective strategies specifically targeted at dealing with the unique threat of a ransomware attack:

Have the ethical discussion before a ransomware attack occurs. Your top executives and IT staff need guidance from the boardroom on the big question of whether or not the company should submit to a demand for ransom. The decision is not an easy one; losing business (and perhaps the business itself) by taking the moral high ground is not your call as a shareholder fiduciary. Your number one mission is to protect the business for investors. That may involve the tough decision to pay up if it will save data or needed access.

"Boards need to provide guidance and support on how this is handled," recalls Bill Lenehan. He finds laying out the issues directly to the board helps clarify their thinking. "I was talking with a 70-year old board chair, and said 'Let me throw you a curve. You're trying to close a $200 million acquisition, when suddenly, your employees get a ransomware demand for a total of $3000. If you don't pay, you jeopardize the deal, your relationship with numerous counterparties, and maybe the company itself.' The response, 'My God, I never thought of this!??'"

Hold this debate now at the board level, because when a hacker's WARNING screen pops up, it's too late for philosophy.

Shape a corporate ransomware response policy based on the ethics discussion. Take the strategic principles the board has developed for responding to ransomware attacks and turn them into a working tactical policy. Include functional steps, like who is to be notified, who makes the final payment decision, damage/cost tradeoffs to weigh, etc. Also, will you even be able to pay the crooks? It sounds distasteful, but assure that you have the mechanisms in place to quickly meet the ransom demands if you choose to.

"You don't want to be scrambling to pay, figuring out how to practically make this work," Bill Lenehan recalls from his own experience as CEO of Four Corners Property Trust. At 5:30 one morning, he received a text message from the company controller telling him there was a problem -- a short-term ransomware attack was spreading globally. "Our board chairman was out of the country, hours behind us, so what do I do as CEO? Would I pay, or not pay, do I need to inform my board, or just hurry to set up a Bitcoin account?"

The CEO and other staff should not have to make these decisions on the fly -- and if they do, it's the fault of the board, which didn't prepare in time. "Ransomware is not the fault of the CEO," notes Lenehan. "It's like a school snow day -- you have to set your decision policies in advance." (Lenehan also notes that his small company has a staff of 12, and is as far off the business news radar as can be -- yet hackers still found them).

No policy can mean inability to respond at all. At a major company whose board I had served on, we faced a short-term ransomware demand, and decided we had to pay. But the hackers demanded payment in Bitcoin, and the company didn't have a Bitcoin account. This took two days to set up -- by which time the deadline had passed. In the missed deadline experience I referred to, we were able to negotiate a compromise. We were ultimately able to decrypt our files.

Also, ask what you'll do if other problems crop up. In Europe, a recent Petya attack demanded payment to the bit-napper's Posteo email account. But before victims could comply, Posteo had blocked the mailbox.

Beware risks related to ransomware attacks on third-party affiliates. Ransomware is not just an internal danger. Even after you shape a sound emergency policy for your corporate response, what about the suppliers, customers and advisors you depend on? Lenehan tells of a ransomware strike, not at his company, but at a major law firm they were depending on to close a $20 million acquisition. "The lawyers got an email from IT early in the morning telling everyone not to turn on their laptops and check them in immediately." A pending deal was suddenly frozen solid.

What would happen at this very moment if one of your top vendor's or client's IT system instantly went dark for an uncertain period of time? Are they able to back up their information with systems completely walled off from the afflicted ones?

Fight hackers with unconventional warfare. Above, I noted the generic things a board can do to improve the technical odds of avoiding and fighting cyber mischief. Push IT to innovate outside its normal comfort zone. Third-party vendors like Optiv, SecureWorks, and Stroz specialize in penetration testing, 24/7 threat monitoring and ethical hacking. Your IT staff says they have the latest software updates and threat assessments? Good -- let's contract with outside experts who can make sure. The expenses involved should be modest and today are a basic cost of doing business. Want to drive a car? You need to buy insurance. Want to operate in today's digital world? Invest in outside cyber-expertise.

Check that cyber insurance coverage is adequate. Speaking of insurance, check your liability and other business policies when it comes to hacking damages and, specifically, ransomware costs. What sort of losses are covered, which aren't, how much could ransomware losses total, what compliance measures must you have in place, and what are disqualifiers? Also, how should your company decide on making a claim? (If you file a claim for a ransomware payment of $5,000, will your premiums shoot up by ten times that amount?) "If someone demands $350 in Bitcoin, it may be like when someone keys your car in a parking lot," notes Lenehan. "Rather than making a claim, you just get it detailed out on your own dime."

Ultimately, boards and management need to respond to a ransomware crisis the same way they respond to any company crisis. They must assure good response tools and plans are in place and functioning, that tough questions are asked, and that everyone knows their role. But for the board, ransomware prep demands an added step -- asking if they're ready to make a deal with the devil.

***

Betsy Atkins serves as President and Chief Executive Officer at Baja Corp, a venture capital firm, and is currently the Lead Director and Governance Chair at HD Supply. She is also on the board of directors of Schneider Electric, Cognizant, and a private company, Volvo Car Corporation, and served on the board of directors at Nasdaq LLC and as CEO and Board Chairman at Clear Standards.

Bill Lenehan is the Chief Executive Officer of Four Corners Property Trust, a real estate investment trust that owns over 500 restaurant properties. He is also on the board of directors of Macy's, the department store company. Prior experience includes board service at Darden Restaurants and Gramercy Property Trust, among others. He spent ten years as an investor at Farallon Capital Management.

 

The views and opinions expressed herein are the views and opinions of the author at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular company, industry or security mentioned herein and nothing contained herein should be construed as legal or investment advice.

Publication Date*: 9/20/2017 Mailto Link Identification Number: 1427
Frequently Asked Questions
  Ransomware Payment: Legality, Logistics, and Proof of Life
Identification Number 1424
Clearhouse
Ransomware Payment: Legality, Logistics, and Proof of Life
Part One: Background and Reality
Publication Date: September 12, 2017 

Cybersecurity expert John Reed Stark has authored a three-part series of white papers offering guidance for boards of directors on the legal issues, logistical considerations and financial implications of responding to ransomware threats.

In the 2000 American thriller film Proof of Life, the title refers to a phrase commonly used to indicate proof that a kidnap victim is still alive. As an expert negotiator in kidnapping cases, Terry Thorne, played by Russell Crowe, is engaged to bargain for a corporate kidnap victim's safe return. Proof of Life's screenplay was partly inspired by Thomas Hargrove's book The Long March to Freedom, which recounts how the release of the once-kidnapped Hargrove was negotiated by Thomas Clayton, the founder of kidnap-for-ransom consultancy Clayton Consultants, Inc.

The film Proof of Life is not just a compelling narrative – its premise and main character also provide some useful insights into managing the emerging threat of ransomware. Ransomware, a special and more nascent type of malware, prevents or limits users from accessing their data by locking system screens or user files unless and until a ransom is paid.

Just like Clayton Consultants, the team advising a ransomware victim company (whether the victim is a hospital or global corporate conglomerate) must employ a thoughtful, careful and methodical protocol to survive the ransomware crisis. Like any hostage situation, when a cyber-attacker locks up critical data files the logistics and legalities of ransomware refusal, acquiescence or capitulation can be both elaborate and complicated.

To make matters worse, seeking law enforcement help for a ransomware attack unfortunately remains a very limited option. First, law enforcement has become inundated with ransomware reports and lacks the resources and wherewithal to assist victims. Second, most of the ransomware attackers are overseas, where merely obtaining an electronic evidence or interviewing a witness—let alone successful extradition and prosecution—are rarely possible. Finally, ransomware demands are often at monetary levels in the hundreds or thousands of dollars – too small to warrant federal law enforcement consideration and clearly outside of the jurisdiction of local law enforcement.

Thus, it should come as no surprise that a significant number of ransomware victims opt to pay the ransom. When padlocked files are business-critical (e.g., an important intellectual property formula); when encryption cannot be defeated (no matter how good the code-breaker) or when time is of the essence (e.g., when patient data is needed for life-saving surgery), paying the ransom can become the proverbial best worst option. Moreover, the typically de minimus ransomware payment demands (on average, about $679) are more akin to a financial nuisance than a material fiscal line-item, so from a cost-benefit perspective, payment can make the most sense.

This three-part series of articles provides guidance on the legal issues, logistical considerations and financial implications when managing ransomware threats, including an exposition of the unique issues which can arise when seeking proof of life and opting to meet the monetary demands of ransomware attackers.

Part One provides the keys to understanding the impact of recent ransomware strains, including a discussion of the nature and growth of ransomware; the dangerous aspects of some recent ransomware attacks; and the role (or lack thereof) of law enforcement when managing a ransomware attack.

Part Two will examine the intricacies involved in ransomware response including ransomware investigative tactics, ransomware payment logistics, and the legalities of ransomware response.

Part Three will cover the remaining range of key ransomware essentials including: notification requirements, ransomware remediation, and ransomware cyber insurance.

Read Part One of Ransomware Payment: Legality, Logistics, and Proof of Life >>

***

John Reed Stark is President of John Reed Stark Consulting LLC, a data breach response and digital compliance firm. Formerly, Mr. Stark served for almost 20 years in the Enforcement Division of the U.S. Securities and Exchange Commission, the last 11 of which as Chief of its Office of Internet Enforcement. He also worked for 15 years as an Adjunct Professor of Law at the Georgetown University Law Center, where he taught several courses on the juxtaposition of law, technology and crime, and for five years as managing director of a global data breach response firm, including three years heading its Washington, D.C. office. Mr. Stark is the author of, "The Cybersecurity Due Diligence Handbook," available as an eBook on Amazon, iBooks and other booksellers.

Publication Date*: 9/12/2017 Mailto Link Identification Number: 1424
Frequently Asked Questions
  What's New in Shareholder Engagement: Telling Your Own Story
Identification Number 1392
Clearhouse
What's New in Shareholder Engagement: Telling Your Own Story
Publication Date: June 22, 2017 

Tactical communication with shareholders is critical, as shareholder activism increases and institutions begin to rely more on their own independent research and less on the opinions of proxy advisory firms. By aligning corporate messaging with investor interests and concerns, companies build better relationships with their investment communities—and in the process, eliminate information vacuums that can be exploited by activists.

Proxy statements are an often-overlooked opportunity for companies to share compelling corporate governance stories and improve stockholder engagement. Investors are keenly interested in succinct and articulate explanations of the following:

  • the company's strategic and risk management plans;
  • the company's corporate governance values;
  • why executive officers are compensated appropriately; and
  • why the company believes it has the right people sitting on the board.

By transforming proxy statements from compliance tools into highly effective communication tools, companies can improve shareholder engagement and nurture investor support for annual meeting ballots. Following are best practices we have observed (and also applied here at Nasdaq) for utilizing proxies to tell a compelling corporate story.

Engage with shareholders proactively.
In addition to building relationships and ensuring shareholders support the company's strategy, a key goal of engagement is discovering investor perspectives on their areas of focus (such as board composition, pay-for-performance metrics, and engagement). Effective shareholder engagement is a two-way dialogue, some of which ought to take place with the company's largest investors outside of proxy season. If institutional investors aren't available to meet during the off-season, take advantage of quarterly earnings calls, industry conferences, and investor presentations to engage.

Bring the proxy process in-house.
Once the company has identified investor concerns and refined its corporate story, it should consider bringing the process for writing and editing the proxy in-house. An outside consultant or vendor cannot do a better job aligning corporate messaging with investor concerns than the company itself. Complex topics such as board composition, executive compensation policies, corporate strategies, and enterprise risk management should be explained succinctly and clearly, a task best left to corporate insiders.

When bringing the proxy development process in-house, it is helpful to create a benchmark of best-in-class proxies that stand out in terms of innovation and formatting. At Nasdaq, we spent months researching and creating a "look book" of noteworthy proxies that our development team used as a reference tool to guide improvements in the messaging, readability, disclosure, and formatting of the proxy.

Enhance disclosure and transparency.
When developing the elements of the company's story that address investor hot buttons, don't settle for the bare minimum in disclosure. Transparency around board composition, executive compensation, and corporate governance builds trust and assists investors in evaluating the board's effectiveness and independence. For example, shareholders like to map the skill sets on the board to the company's corporate strategies and enterprise risks. A holistic overview of board composition—including committee assignments, tenure, experience, and diversity—can be helpful for this, as is a board skills matrix. The structure and philosophy of executive compensation should also be outlined in a thorough and very readable analysis.

Enhanced disclosure is especially important when a company has a great governance story it hasn't been sharing effectively. Through our own research at Nasdaq, we have unearthed many Nasdaq-listed companies that have quietly achieved exemplary track records with regards to board composition and diversity. However, these efforts often go unnoticed because only a handful of companies highlight board composition metrics in their proxies using charts and graphs.

Transform the proxy into a communication tool.
Different types of investors read and use proxies differently: for retail investors, it's a reading document; for institutional investors, it's a reference document. To motivate institutional investors to support the company's annual meeting ballot, proxy messaging needs to be clear and compelling (and navigation intuitive) so investors can locate topics of interest quickly and understand them easily.

Readability is key—writing content in plain English, eliminating redundancies to condense the document, and hyperlinking a detailed table of contents are all ways to enhance the readability of a proxy. Key messages should be highlighted in such a way that shareholders can't miss them: In addition to enhancing the summary to include critical information, companies can draw attention to (and summarize) main ideas by incorporating charts, matrices, graphics, and bulleted lists.

Launch an interactive digital proxy.
A growing number of investors prefer to access proxies and vote online, and interactive proxies are transforming online stockholder engagement. The intuitive framework and visually appealing layouts of interactive proxy documents make it easy for shareholders to navigate and digest proxy content on their own terms, and on any device. These interactive versions include multiple features allowing for easy search and maneuverability, such as section and sub-section headers, expanded table of contents, and linked page references throughout the document.

Interactive proxy platforms also provide companies with useful analytics regarding which sections of proxy statements, and which search terms, are most popular with shareholders. User analytic data will be valuable to companies seeking to identify proxy content elements that most resonate with investors, as well as fine-tuning digital layouts and navigation.

During the past few weeks, a number of Nasdaq-listed companies published their 2017 proxy statements using an interactive format including eBay, Inc., Intel Corporation, Nasdaq, Inc., Northern Trust Corporation, and Otter Tail Corporation.

Perhaps the most compelling piece of PR advice dispensed by Don Draper, ad man extraordinaire of the series Mad Men, was this: "If you don't like what they are saying about you, change the conversation." By taking control of their own story, corporations can do just that.

Read More about Interactive Proxy Statements Here >>

Read More about Reasons to Bring the Proxy Process In-House Here >>

Publication Date*: 6/22/2017 Mailto Link Identification Number: 1392
Frequently Asked Questions
  Top Cybersecurity Concerns for Every Board of Directors: Data Mapping and Encryption
Identification Number 1375
Clearhouse
Top Cybersecurity Concerns for Every Board of Directors: Data Mapping and Encryption
Publication Date: May 17, 2017

This is the fourth of a four-part series of white papers authored by Cybersecurity expert John Reed Stark. This series -- published for the first time on Nasdaq's Governance Clearinghouse --outlines a strategic framework for boards of directors to effectively analyze and supervise corporate cybersecurity risks.

This final part of the series Top Cybersecurity Concerns for Every Board of Directors discusses the board's oversight responsibilities with respect to two of the largest enterprise undertakings in the field of cybersecurity: data mapping and encryption.

  • Data Mapping: Every cyber-attack response begins with the forensic process of preserving any electronically stored information (ESI) that may be relevant to the cyber-attack. The most well-run companies establish sophisticated and intelligent data classification schemes to mitigate the costs and challenges of preserving ESI after an attack. Creating an accurate data map for a company is imperative: before a company can figure out how to protect its data, the company needs to know where that data is.

  • Encryption: While encryption systems require constant maintenance, and may complicate communications lines, encryption is typically a company's last line of defense from cyber-attacks. Target's hackers had access to everything, from the deli meat scales to the cash registers, because there were no controls such as encryption limiting access. Merely encrypting sensitive data is not enough—the type of encryption is of equal importance.
This four-part series of white papers covers the following cybersecurity topics:

Part 1, Cybersecurity Governance: critical components related to the governance practices, policies and procedures of a strong cybersecurity program.

Part II, People: cybersecurity recruitment, training and retention as well as hiring outside firms for digital forensics and data breach response.

Part III, Technology: the technical systems that provide the foundation for cybersecurity infrastructure. 

Part IV, Data Mapping and Encryption: an overview of the board's oversight responsibilities with respect to encryption and data mapping.

By using these white papers as a guide, boards of directors can become not only more preemptive in evaluating cybersecurity risk exposure but they can also successfully elevate cybersecurity from an ancillary IT concern to a core enterprise-wide risk management item. 

Read John Reed Stark's Latest White Paper on Data Mapping and Encryption >>

***
John Reed Stark is President of John Reed Stark Consulting LLC, a data breach response and digital compliance firm. Formerly, Mr. Stark served for almost 20 years in the Enforcement Division of the U.S. Securities and Exchange Commission, the last 11 of which as Chief of its Office of Internet Enforcement. He also worked for 15 years as an Adjunct Professor of Law at the Georgetown University Law Center, where he taught several courses on the juxtaposition of law, technology and crime, and for five years as managing director of a global data breach response firm, including three years heading its Washington, D.C. office. Mr. Stark is the author of, "The Cybersecurity Due Diligence Handbook," available as an eBook on Amazon, iBooks and other booksellers.
Publication Date*: 5/17/2017 Mailto Link Identification Number: 1375
Frequently Asked Questions
  Learn More About the Shareholder Services Association
Identification Number 1376
Learn More About the Shareholder Services Association
Publication Date: May 16, 2017

Nasdaq recently talked to the SSA to learn more about its mission, the benefits of membership, and its advocacy efforts on behalf of the shareholder services industry. They also shared the agenda for their 2017 Annual Conference that will take place in Florida on July 18-20.

Read our interview with the SSA >>
Publication Date*: 5/16/2017 Mailto Link Identification Number: 1376
Frequently Asked Questions
  WEBINAR RE-PLAY: A Conversation with PCAOB, BDO and Grant Thornton
Identification Number 1374
WEBINAR RE-PLAY: A Conversation with PCAOB, BDO and Grant Thornton
Publication Date: June 8, 2017

Nasdaq hosted a web seminar with representatives from the PCAOB, BDO USA and Grant Thornton to discuss the PCAOB resources available for public companies on June 7.

Listen to the Re-Play Here >>
Publication Date*: 5/16/2017 Mailto Link Identification Number: 1374
Frequently Asked Questions
  Nasdaq Talks to . . . PCAOB's Office of Outreach and Small Business Liaison about Its Mission and How It Can Help Public Companies
Identification Number 1371
Clearhouse
Nasdaq Talks to . . . PCAOB's Office of Outreach and Small Business Liaison about Its Mission and How It Can Help Public Companies
Publication Date: May 9, 2017

Nasdaq often hears questions from listed companies about their annual financial statement audit or a specific accounting directive. To help answer these questions, Nasdaq investigated and found that, although the Public Company Accounting Oversight Board (PCAOB or the Board) does not have an official "ombudsman," it does have an Office of Outreach and Small Business Liaison. Read our interview below to find out how this office can help answer these questions.

Want to know more?  You can listen to a re-play of a recent webinar Nasdaq hosted with PCAOB, BDO, and Grant Thornton here >>

Q: What is the Office of Outreach and Small Business Liaison?

A: The Office of Outreach and Small Business Liaison was established in 2010 after the passage of the Dodd-Frank Act. The Office plans and conducts forums for auditors of smaller public companies and for auditors of smaller broker-dealers. The Office also acts as a liaison between the Board and accounting firms and others affected by the Board's work; assists with arranging Board member and PCAOB staff speaking engagements; and serves as a contact for anyone who may have questions about the Board's regulatory activities or needs assistance in locating publicly available information issued by the Board.

Q: How can you help public companies?

A: The PCAOB website contains a number of resources which inform companies about the work of the PCAOB including inspection reports of registered accounting firms and summaries of inspection findings. More information on these pages is provided below.

In addition to our website, PCAOB Board Members and Senior Staff speak to representatives from public companies at events across the country. This includes groups of CFOs as well as Audit Committee members.

In addition to the website, public companies may contact our office if they have questions related to anything on the website.

Q: What's the best way to reach you?

A: The office can be reached by telephone at (202) 591-4135 or by email at either outreach@pcaobus.org or info@pcaobus.org.

Q: What are the most common questions you get? How do you respond?

A: The Office of Outreach receives questions on many topics. The most common requests typically involve assistance with locating information on registered firms. Generally, staff from the office will respond directly to the person who contacts us. In some instances, due to the technical nature of the question(s) posed, messages are sent to the appropriate division within the PCAOB for a response. Additionally, if the question or request relates to an issue outside of the PCAOB's jurisdiction, we will direct people to the organization or agency best suited to respond.

We encourage people who contact us to provide enough detail in their message so that the request can be handled promptly.

Q: How can a company participate in PCAOB's standard-setting process? Are there ways for PCAOB to accept input from public companies? What is it?

A: The PCAOB collects comments from all interested parties, including public companies, as part of the standard-setting process. If a proposal is open for comment, it will be listed on the PCAOB home page. The PCAOB has also made available a rulemaking docket which lists the status of all rulemaking projects, including standards. More information on the comment process is available here. All comment letters that are received are posted on the PCAOB website.

Additionally, all PCAOB standards are subject to SEC approval. Once a proposed standard is submitted to the SEC, there is an additional period in which comments are accepted.

The PCAOB also has a Standing Advisory Group which advises on the development of auditing and related professional practice standards. Public company executives and audit committee representatives are among the members of the group.

Broad-based organizations whose members are public companies such as Financial Executives International, the Society for Corporate Governance, the American Bankers Association, and others may seek to meet with Board members and senior staff to discuss issues of mutual interest. Public companies could also reach out to the Board through Nasdaq.

Q: What other resources are available at PCAOB for public companies with auditor-related questions or concerns?

A: As noted above, the PCAOB website has a number of documents and pages that may be of interest to public companies. The Board frequently issues general reports along with staff inspection briefs. In addition, the Board has created a page with information specifically for audit committee members. Information on firms registered with the PCAOB is available through the registration and reporting system. Users of the system can search for any firm and see inspection reports and enforcement actions for each firm as well as view filings required by the PCAOB. Questions not specifically answered on our web site should be directed to the email address and phone numbers listed above.

We encourage anyone interested in the work of the PCAOB to sign up for email updates or to follow us on Facebook, Twitter and LinkedIn.
Publication Date*: 5/9/2017 Mailto Link Identification Number: 1371
Frequently Asked Questions
  Fredrik Voss, Nasdaq Vice President, Talks About What Blockchain Could Mean to Your Company, Part 2
Identification Number 1360
Clearhouse
Fredrik Voss, Nasdaq Vice President, Talks About What Blockchain Could Mean to Your Company, Part 2
Publication Date: April 28, 2017

Following up on our interview last year, we had the chance to speak again with Fredrik Voss, who is spearheading Nasdaq's blockchain innovation initiative. Fredrik described the advances and accomplishments over past year, and gave us some idea of what to expect in the future. Excerpts from our conversation follow.

Q: Last year, Nasdaq announced a blockchain-based solution for voting in Annual General Meetings in Estonia, an application of the technology that went beyond settlement and clearing, an area that seems to be garnering a lot of attention. What made you choose this project?

A: We chose that project for a couple of reasons. One, we deliberately wanted a project that wasn't related to the issuance and settlement of assets on blockchain. We wanted to do something else. We also wanted a project where we really had to explore issues around identity on the blockchain: the identity of a person, identity of a person representing a firm and then firms and people representing other firms in a proxy arrangement.

So those were two things we wanted to explore and then we wanted to find a space where we could do that with internal knowledge and by leveraging the blockchain technology and know-how from our partner Chain. It so happens that in Estonia, we actually do run annual general meetings for a number of companies, as a service. So we had a good understanding of the current business process, so to speak. Also, we would have to rely on a central security depository (CSD) for a share ownership data and we actually own and operate the CSD in Estonia.

As we explored leveraging that environment, we also identified that the Estonian government has put in place a system called e-Residency, which is an advanced way of handling digitized identity for Estonian citizens, but anyone can become an electronic resident of Estonia through that mechanism. So a lot of planets aligned while we picked that particular use case and that particular market as the pilot.

Q: With respect to annual meetings, what are the advantages of a blockchain-based system versus the traditional model?

A: You can obviously do electronic remote voting using traditional technology but the blockchain (or distributed ledgers) has some inherent capabilities that make them quite attractive for a use case like annual meetings, in that it's very easy to track the provenance of a digitized asset. A digitized asset can be anything, but in this case, it's a vote, and it is easy to track its whereabouts in a blockchain user base.

One of the problems with the proxy process today is actually demonstrating to the shareholder that their vote was cast in accordance with the instructions of the shareholder. It is actually difficult to do that. But with blockchain technology, you can easily track the whereabouts of that vote. Also, with this system, the ledger is immutable; you cannot change the records, you can undisputedly prove that votes were cast in accordance with the instructions.

Basically, the way it works is that when a vote is coming up, you poll the CSD, and you issue the right number of voting tokens to the shareholders. An individual shareholder can then transfer that voting token to a delegate, or of course they can vote on their own as well. Then you can actually track the whereabouts of that voting token in the network. You can also see in which ballot – if it was in the yes one or the no one –it was cast. There are some inherent functions in blockchain that make it an easy technology to use for that particular use case.

Q: So a company is no longer just sitting back and waiting for the votes to come in? They actually have total visibility into the whole process from beginning to end?

A: Exactly. They have total visibility from the issuance of those voting tokens. You can allow various parties to see where the votes are in the network, and if you are the shareholder, for example, and if you delegated your vote to someone, you can actually see where it is, you can see when it's cast, you can see in what ballot it was cast, depending upon the rules of the voting process. You can allow the issuing company to see the complete picture of where the votes are for everyone in the network.

The technology provides transparency and certainty to these processes. You cannot quite emulate that using the existing technology of trusted third parties and traditional databases. That would be a more complex and cumbersome solution to build than versus leveraging the inherent capabilities of blockchain ledgers.

Q: In a report issued in January 2017, the Estonia AGM project was described as "successful" and well received by the user community. What were the highlights from this effort?

A: As highlighted in the report, we tested our solution in cooperation with a recently listed Nasdaq Tallinn company, LHV Group, an Estonian financial group. Some reactions from LVH's management team were:
  • Mr. Erki Kilu, CEO of LHV Pank: Testing the prototype was simple and user friendly. The options were intuitive and required minimal amount of clicks. It is a joy to use a blockchain-based system that actually works and which is awaited by the market and can be used by thousands of people at the same time.
  • Mr. Madis Toomsalu, CEO of LHV Group: It is a good initiative (i.e. start-up) and has a lot of potential. Testing of the prototype was convenient and simple. If the future solution enables mobile ID authentication as well and the security is granted, then we would definitely consider using the product in the future.
Some feedback we received from various investors included:
  • "The GUI was very clean and intuitive, design is nice."
  • "Everything was logical, simple and understandable. The only disappointment is that I did not find any bugs to report."
  • "Quick and simple way to vote. The future seems bright!"
They appreciated the transparency in the process. We had proxy companies and custodians involved in the process, and for them, the fact that they now could validate and have evidence that they have fulfilled their obligations was helpful for them. We also learned a couple of things on what is needed to do to make it a complete product, so that was helpful as well.

Q: Looking back on the Estonia project, in what areas do we still need to make improvements?

A: I think the core piece of the solution is very solid. To make this a complete and attractive solution for the users there are some areas we can improve upon. Currently, for example, you have to use a laptop to participate remotely. Obviously you want to be able to provide handheld capabilities. What we delivered was sort of a first minimum viable product or a pilot, and there are some analytics and additional features we'd like to add to it when we turn it into a full blown product.

Q: Do you think that blockchain technology will facilitate shareholder engagement?

A: Totally. That's one of the key promises of the technology. We explore, broadly speaking, three uses of the technology. The first would be post-trade issuance and settlement, as you mentioned earlier. We're also looking to regulatory transparency. But we also are looking at whether this technology can be used to bring issuers and investors closer to each other. And I think this project proves that is the case.

We think that a solution like this could promote a more active investor base. It will be a cheaper, more intuitive, more effective way of participating. For example, in a shareholder meeting, it doesn't mean that everyone wants to participate on their own, but the delegation methodology is a more attractive solution for the issuer, the investor and the proxy custodian. So this project is actually evidence that the technology potentially has that capability.

Of course, to continue on that theme, that voting token we talked about earlier could basically be any digitized asset. If you're a coffee company, the token could be a beverage coupon that you can easily send to your shareholders using the electronic ledger network, as an example of something you could do in the future. So we definitely think the technology will facilitate shareholder engagement.

Q: Nasdaq is utilizing blockchain technology with private companies through the Nasdaq Private Market. How are private companies utilizing the blockchain technology?

A: That is the first project we embarked upon, what we call the Linq project, which combines Nasdaq solutions with technology developed by our partners at Chain. That falls into the first bucket of the areas we've explored: the issuance, settlement and transfer (in the case of secondary market transactions) of ownership of securities. So that is mainly how we've used the technology in the private company space.

So basically, a private company using this solution issues shares, and it can transfer those shares to its investors. When investors trade in the secondary market, they can transfer ownership of those shares using this technology. This is all electronic, secure, and done in real time. But there is no trusted third party in the middle. There is no central depository involved so this is a true peer-to-peer network that's leveraging the technology. It is actually the technology that keeps track of who owns what, instead of a trusted third party in the middle, like a depository.

Q: With private companies, what advantages does the distributed ledger provide over traditional systems?

A: In the U.S. for example, you've traditionally had paper certificates. You've had capitalization tables being managed in Excel spreadsheets. You have had these certificates being shipped by common carrier, and stored in vaults. You're talking about a labor intensive, error prone infrastructure…but the key feature has been a peer-to-peer network between these parties. Now you can actually keep this peer-to-peer network if this industry does not want to have a depository function in the middle. This technology secures the processes, provides capitalization information in real time, and is cheaper than the way it happens right now.

Q: How do you see the landscape changing in 2017? What roadblocks are limiting the mass adoption of the blockchain technology?

A: In terms of blockchain in capital markets, we are sort of moving out of the proof of concept (POC) era. Not only at Nasdaq, but among the blockchain industry as a collective, there are fewer POCs, and we are seeing more and more solutions, products being deployed for real assets with real customers. So we are leaving the POC era and entering into more of a pilot era with real products. It's going to be interesting to follow how those products perform over the next, let's say, two years. We are seeing increased certainty in the technology. That said, blockchain is not yet, of course, a mature technology.

We will see a lot of evolution in blockchain protocols over the coming years and there are still certain issues around functionality that need to be developed. But we and others increasingly believe that actually these types of enhancements they will be achievable and where companies like our partners Chain are in the forefront. So the technology seems to be increasingly validated as a good candidate for use in capital markets. Now the focus is on the obstacles or challenges limiting wide-scale adoption, and they are mainly non-technology related and non-technical in nature.

One challenge is actually going from vision to concrete designs of how these solutions, these networks, are going to work. The blockchain has wonderful potential as an enabler of faster transaction processing, lower need for capital, better operations, lower cost for IT, among other things. That is the vision – but actually bringing that down into a concrete design that a community of users can agree upon? That's not a show stopper but it takes a bit of time to achieve. So that's one area.

A second area is legislation and regulation. Some of these new business models and market structures that are being thought about are so innovative that they are simply not contemplated by existing laws and regulations. The issue is not that they are prohibited, the issue is that there's a legal uncertainty around them in the current regulatory context. You cannot expect capital market participants to allocate billions worth of assets into solutions where there is legal uncertainty. So there needs to be some legal and regulatory innovation in parallel with the technical innovation. Again, that is not a show stopper – we change laws and regulations all the time, but it takes a bit of time and effort to do it.

Third is something Nasdaq has been thinking about from the beginning: the integration and transition processes. Whatever you want, the fact of the matter is that this technology is being implemented in a pre-existing context – a rather complex technology infrastructure. It needs to be integrated in an efficient way. And then, of course, if your business idea or your business model relies upon replacing a pre-existing piece of infrastructure, you also need to have a credible transition plan to put in the new and get rid of the old technology. You don't want to be stuck halfway through a transition process because then you end up having to support both the old infrastructure and the new infrastructure. We don't want that to happen.

So while technology evolution is still very important, that is less of a concern. Now, more and more focus in terms of challenges is being directed to these three things I just spoke about.

Q: What effect do you think the proposed changes to Delaware General Corporate Law (DGCL) will have on the adoption of blockchain technology for corporate purposes?

A: That is an example of an initiative that addresses the challenge of legislative and regulatory uncertainty. If you can create legal certainty that, for example, shares issued in the blockchain format actually represent ownership in the company that would be tremendously helpful. So I think these proposed changes are a sign that these challenges are starting to be addressed, and that is positive for the landscape.

Q: Besides annual meetings and settlement and clearing, what other uses of blockchain do you foresee for publicly-held and private companies?

A: In terms of the corporate nature of things, those are definitely the key areas. Particularly, issuance, settlement, and transfer of ownership combined with services like voting. That is core. There are a lot of use cases that could be relevant for companies in certain industries.

We know, although we are not active in some of those industries ourselves, that there are a lot of use cases being explored in the insurance industry, in supply chain management, and a number of initiatives in the healthcare industry. So there could be broad implications – some in specific industries, but also general features that address needs for all companies, regardless if they are private or public.

Q: Basically new infrastructure for them to utilize at that point?

A: New and better infrastructure. Of course, if the technology delivers on its promises in terms of creating better transparency into who owns a company's shares, you can think of all kinds of interesting things that a company can do with that information to become a more valuable company to its shareholders.

Q: Last question: do you have any other projects planned for 2017?

A: Yes, there are a number of exciting projects going on. Some are public; some are yet to be publicized. One that has been publicized is that we are working together with a company called The New York Interactive Advertising Exchange (NYIAX) to create a blockchain-based marketplace for advertising instruments.

We are continuing to work on the Linq concept with our partners at Chain and expanding the feature sets. We're expanding the markets for which it is used. We already use it for company shares and we've announced that we're going to use it for alternative investments as well. And as I said, we are working on the features included in the Linq solution as well.

We have also added blockchain capabilities to the Nasdaq financial framework, which is basically a platform for capital market applications, where a user of that platform can use any data store they want. You can use the blockchain or you can use a traditional data base or you can use them in combination.

And then we have a couple of other projects that we actually cannot talk about publicly yet, but when we can, we can add them to the list.

Q: Sounds good. Let's catch up again next year and you can tell us more about this.

A: Yes, we should.

***
Frederik Voss is a Vice President at Nasdaq responsible for Nasdaq's blockchain innovation initiative.
Publication Date*: 4/28/2017 Mailto Link Identification Number: 1360
Frequently Asked Questions
  Equilar Study Finds Over-Boarding Directors More Common, Better Paid
Identification Number 1357
Equilar Study Finds Over-Boarding Directors More Common, Better Paid
Publication Date: April 21, 2017

The idea of multi-boarding, also known as “overboarding”, has become a topic of debate for investors, board members, and advisors. Although some argue public directorships on multiple boards can positively promote shareholder engagement and corporate governance experience, others question if directors with multiple board commitments are putting sufficient time and energy into their other commitments. A recent Equilar study found that multi-boarding is more present in larger companies, has increased 48.6% to 53.6% in the past five years, and has led to greater director pay-outs. The study also revealed that the increase of women on boards, and a desire for directors familiar with issues scrutinized by shareholders and stricter regulatory requirements, may lead to candidates who are well-versed with these issues serving on more boards.

Read more from Equilar >>
Publication Date*: 4/21/2017 Mailto Link Identification Number: 1357
Frequently Asked Questions
  Five Key Components for Building and Maintaining an Ethical Workplace Culture
Identification Number 1349
Clearhouse
Five Key Components for Building and Maintaining an Ethical Workplace Culture
Publication Date: April 11, 2017

A strong ethical culture is essential to effective compliance risk management. There is no shortage of compliance failures to illustrate how a weak ethical culture can sabotage even the best corporate compliance programs. Almost universally, misconduct took hold in these cases because employees felt pressure to prioritize performance over compliance and, in response to such pressure, figured out how to evade controls meant to ensure compliance.

Given the importance of ethical culture in producing positive outcomes and enabling business goals as well as its profound impact in preventing significant compliance failures, boards and executive management teams should make sure the company’s approach to building and maintaining an ethical culture incorporate these key best practices:

1. Establish clear accountability for ethical culture as a management function

Ethics and compliance functions rely on similar skillsets, leverage similar tools and operationally need to be well-coordinated. While program management for ethics and compliance program elements can be combined, ultimately, an ethical workplace culture is determined primarily by senior executive management, not by an Ethics and Compliance Department.

To ensure that managers understand their accountability for setting the company’s ethical culture:
  • Establish an Ethics Steering Committee comprised of senior business and operations executives along with senior representatives from compliance, Human Resources (HR) and Communications to ensure the ethics program is fully integrated in the business’ operations;

  • Appoint a senior executive as the Ethics Officer (as a part time role) for each geography or business unit to evaluate and reinforce the ethical culture; and

  • Connect ethical conduct to compensation and make it part of each executive’s performance objectives.
2. Evaluate your employee-facing compliance policies so they enable rather than inhibit ethical culture

Overly detailed and technical policies can undercut an ethical culture. This is especially true when responsibility for compliance falls on individual “line” employees and managers. Think of the core messages that are commonly associated with ethical business – “we are a values-based organization” or “we trust our employees to exercise good judgment.” – Now consider a lengthy compliance policy that reads like an excerpt from a federal regulation. The implied message this type of policy can convey may inhibit an ethical culture, and instead, imply counterproductive messages such as – “we are only concerned with bare legal or technical compliance” or “you could try your best but still get something wrong.”

To demonstrate that compliance policies are ethical culture enablers:
  • Create a policy committee comprised of average level employees and managers to review new company policies to make sure they address employee needs with appropriate but not hyper-technical detail;

  • Post employee compliance policies on their own intranet site supported by strong search functions; and

  • Use reading level software on all policies – targeting readability at below the average education level of your employees as many are likely not familiar with the topic.
3. Include ethical behaviors in promotion criteria

When employees perceive that ethical behavior helps them climb the corporate ladder, it reinforces the emphasis that the organization places on building and maintaining an ethical culture. Many companies require some form of risk screening for employees under consideration for promotion to senior level positions. In some instances, this involves reviewing HR files to make sure there have not been any disciplinary actions or significant policy violations; in others, it can involve credit, litigation or public records review to make sure that the individual does not pose risks to the organization before ascending into a position of greater trust and influence. Keep in mind, however, that a lack of unethical conduct is not the same as affirmatively demonstrating ethical behavior.

To help ensure that your promotion process reinforces the importance of an ethical workplace culture:
  • Incorporate specific ethical behaviors into performance and promotion expectations, such as keeping promises and commitments, upholding values while under pressure and demonstrating honesty and transparency;

  • Require a manager to document instances of employee integrity before a promotion to a senior level position; and

  • Conduct 360 degree reviews of high potential staff prior to promotion.
4. Ensure executives and managers have the skills to build and maintain an ethical culture

It can be tempting to confuse personal ethics with ethical leadership – to believe that because someone is an ethical individual with personal integrity that he/she will naturally become an ethical leader. To be sure, ethical leadership starts with personal integrity. But it also means understanding team dynamics, motivations and pressures and how those may influence employee perceptions and behaviors. Lastly, and perhaps the most intimidating to many managers, ethical leadership involves speaking confidently and effectively about the company’s values and “ethical narrative.”

To help ensure that your managers are ready to be ethical leaders:
  • Explicitly incorporate ethical leadership into general leadership development courses, helping new managers understand that ethical leadership is just a key dimension of good leadership;

  • Require managers to share a personal message about their values or a story about an ethical dilemma they have faced; and

  • Provide managers with prepared discussion frameworks to help with discussions about ethical issues with their staff.
5. Prepare managers to identify and respond to employee ethics and compliance concerns

As with most workplace concerns, employees are most likely to raise ethics and compliance concerns with their managers – in most studies, reporting to management is favored by large margins over going to HR, the law department or the hotline. It is therefore all the more important to train managers to recognize signals from their employees. An employee’s offhand “comments” at the end of a meeting might be viewed by an untrained manager as just office banter, but for the employee, who was likely mulling over this issue for days and the potential risks and rewards of coming forward, he or she just raised the issue to management and expects some sort of response. In addition to missing the opportunity to address an issue early-on, if the manager misses these signals repeatedly over time, the team’s ethical climate can begin to erode as issues are not addressed and bad behavior becomes enculturated.

To help ensure that your managers can identify and respond to issues effectively:
  • Make identification and responding to employee ethics and compliance reports part of your annual training program for managers;

  • Provide managers toolkits on how to respond to employee concerns, including what to say and who to contact based on the issue involved; and

  • Reinforce the importance of engaging company resources quickly rather than trying to solve the problem themselves.
***
The author, Michael Kallens, is an Associate General Counsel in Nasdaq’s Office of General Counsel and is a senior member of Nasdaq’s Global Ethics and Compliance Team. Michael has led industry working groups on developing best practices for corporate ethics programs and is a frequent speaker on ethics and compliance topics. In 2014, he received the Outstanding In-House Counsel Award from the Association of Corporate Counsel-National Capital Region for his work in the area of corporate ethics and compliance.
Publication Date*: 4/11/2017 Mailto Link Identification Number: 1349
Frequently Asked Questions
  Seven Critical Elements of a Board Refreshment Plan
Identification Number 1347
Clearhouse
Seven Critical Elements of a Board Refreshment Plan
Publication Date: April 3, 2017

We asked Betsy Atkins, veteran of 23 boards and 13 IPOs, to share her perspective on the art and science of board refreshment. In addition to her board service, Ms. Atkins is also well known for making very early stage investments in Yahoo and eBay through her venture capital firm Baja Corp. Following is her sage advice on structuring an effective board refreshment cycle.

1) View the corporate board as a strategic asset, not just a fiduciary.

The first step to an effective board refreshment plan is understanding why refreshment is so important. Historically, the function of boards was to act as a financial fiduciary and steward for shareholders. However, for the past decade or so, the role of boards has been evolving as boards are being held for “futureproofing” against threats, and ensuring the competitive relevance of the company.

Just as a company’s leadership team is forward-hired based on long-term strategy, the board is now equivalently an asset to be reviewed for critical expertise and experience, and refreshed as needed. Unfortunately, it’s still not common for a board to have a holistic view of board composition as a strategic asset, and many corporate boards still view themselves as fiduciaries.

2) Take a proactive versus reactive approach.

It’s never been more important to address the topic of refreshment internally- if the board doesn’t proactively think about it, somebody outside the organization is going to raise it. Index funds that were traditionally passive are now beginning to push for diversity, governance refreshment and renewal, and are raising questions on term limits and age limits.

A board should have an annual governance committee calendar with explicit agenda items, just as it does for compensation committees and audit committees. A typical governance committee refreshment calendar might run as follows:
  • Q1: Review board composition, long-term succession planning and rotation schedules.

  • Q2: Map board skill sets to the corporation’s long-term strategic plan.

  • Q3: Review the board skills matrix to identify gaps.

  • Q4: Outline a plan for executing graceful rotations and engaging search firms to assist in filling gaps.
A standardized annual process for board refreshment establishes expectations on term limits from the beginning, ensures recruitment of new members is not a shotgun affair, and takes the personal element out of rotating members off the board. Board refreshment becomes a pure, professional process for identifying and filling needed skill sets.

3) Annually map board skill sets against the company’s long-term strategic plan.

In the absence of a detailed vision of board composition, it’s human nature to place a premium on good working relationships. Therefore, it’s very important when taking a strategic approach to board refreshment to identify whether the board’s skill sets align with the company’s long-term strategic needs.

A board needs to look closely at its company’s long-term strategy, map that against the skills around the table, identify potential gaps, and create a matrix. The skills matrix is not a one-and-done task-it’s a living document, updated every year against the company’s strategy. For example, the board of a bricks-and-mortar retailer planning to establish an ecommerce channel might determine it needs a board member with ecommerce, web advertising and data analytics expertise.

4) Do not let search firms drive the recruitment process.

Too often a board’s decision to replace a member is triggered by a retirement, an activist, or an institutional shareholder. The result of a passive refreshment process is that search firms wind up driving recruitment by default. A far better practice is for the governance committee to lead the board through it as part of the natural refreshment cycle. That way, the board gets the critical skills it needs and new members understand from the beginning that it’s not a lifetime appointment.

When refreshment is driven by a standardized process based on maintaining competitive skill sets, the board isn’t caught back on its heels if a board member is suddenly incapacitated or an activist rattles the doors. It’s also easier to tell a colleague that it’s time to surrender their board seat to somebody who has more critically relevant experience.

5) Set guidelines for retirement or term limits.

Retirement ages are extending, because people are staying active longer and working longer. Age limit guidelines are an effective way to trigger graceful rotations and maintain director independence. The term is guideline—not mandate—because it’s important to retain the ability to waive the age limit as part of governance. For example, at Berkshire Hathaway they’ll likely waive any age limit as long as Warren Buffet is sharp.

Europe is leading the way in board term limits; some European countries have already mandated 10-year terms. Institutional shareholders in the U.S. are taking note and beginning to discuss term limits as a method to maintaining director independence. Term limits also keep a board’s skill set fresh—but again, the governance committee has to retain the ability, by exception, to waive it. Microsoft isn’t going to ask Bill Gates to step down anytime soon.

6) Don’t get too comfortable with board colleagues.

It’s only human that people who serve together on a board will over time become friends, just as coworkers often do. So it becomes awkward to tell a long-time board colleague that they aren’t the right person going forward. To make it more difficult, boards lack the hierarchy of a private corporation. Instead they are led by a group of peers, with a lead director or a chairman who should together with the governance/nominating chair own the board makeup and refreshment topic.

Executing a proactive approach to refreshment eliminates the awkwardness of asking long-time colleagues to leave a board, because transitioning board members off becomes part of a natural, smooth cycle. The expectation is set from the beginning that board appointments are not for life.

7) Measure boardroom diversity using a holistic set of benchmarks.

Diversity shouldn’t be measured strictly by gender. What boardrooms need is diversity of perspective: gender diversity, ethnic diversity, international diversity, entrepreneurial diversity, and don’t forget technical diversity as technology is the biggest disrupter of virtually every business.

***
Betsy Atkins serves as President and Chief Executive Officer at Baja Corp, a venture capital firm. She is currently Lead Director and Governance Chair at HD Supply. She is also on the board of directors of Schneider Electric, Cognizant and Volvo Car Corporation. She also served on the board of directors at Nasdaq LLC and as Clear Standards CEO and Chairman. She is also on the SAP Advisory Board, among many others.

A self-proclaimed “veteran of board battle scars,” Ms. Atkins will be collaborating with Nasdaq to produce a series of corporate governance “nuts and bolts” articles. Stay tuned for an upcoming interview with her about the importance of executive sessions as a risk mitigation strategy.

Do you have a question about corporate governance for Betsy Atkins? If so, please send your question to comments@nasdaq.com and we may address it in a future post.
Publication Date*: 4/3/2017 Mailto Link Identification Number: 1347
Frequently Asked Questions
  Top Cybersecurity Concerns for Every Board of Directors: Technology
Identification Number 1345
Clearhouse
Top Cybersecurity Concerns for Every Board of Directors: Technology
Publication Date: March 29, 2017

This is the third of a four-part series of white papers authored by Cybersecurity expert John Reed Stark. This series -- published for the first time on Nasdaq's Governance Clearinghouse --outlines a strategic framework for boards of directors to effectively analyze and supervise corporate cybersecurity risks.

The technical systems in place at any company provide the foundation for cybersecurity infrastructure and should be one of the primary focuses of any board of directors. Top Cybersecurity Concerns for Every Board of Directors: Technology outlines the various technological system classifications involved in an effective cybersecurity program.

The data points covered in the attached white paper are organized into broad categories helpful for shaping analysis and scrutiny and include:
  • Evaluating logging capabilities
  • Vetting penetration tests and testing consultants
  • Adopting data loss protection (DLP) systems
  • Patching and updating software
  • Installing endpoint detection and response (EDL) tools
  • Assessing physical security of facilities
This four-part series of white papers covers the following cybersecurity topics:

Part 1, Cybersecurity Governance: critical components related to the governance practices, policies and procedures of a strong cybersecurity program.

Part II, People: cybersecurity recruitment, training and retention as well as hiring outside firms for digital forensics and data breach response.

Part III, Technology: the technical systems that provide the foundation for cybersecurity infrastructure.

Part IV, Data Mapping and Encryption (Coming in May): the board's oversight responsibilities with respect to two of the largest enterprise undertakings in the field of cybersecurity: encryption and data mapping.

By using these white papers as a guide, boards of directors can become not only more preemptive in evaluating cybersecurity risk exposure but they can also successfully elevate cybersecurity from an ancillary IT concern to a core enterprise-wide risk management item.

Read John Reed Stark's Latest White Paper on Cybersecurity Technology >>

***
John Reed Stark is President of John Reed Stark Consulting LLC, a data breach response and digital compliance firm. Formerly, Mr. Stark served for almost 20 years in the Enforcement Division of the U.S. Securities and Exchange Commission, the last 11 of which as Chief of its Office of Internet Enforcement. He also worked for 15 years as an Adjunct Professor of Law at the Georgetown University Law Center, where he taught several courses on the juxtaposition of law, technology and crime, and for five years as managing director of a global data breach response firm, including three years heading its Washington, D.C. office. Mr. Stark is the author of, "The Cybersecurity Due Diligence Handbook," available as an eBook on Amazon, iBooks and other booksellers.
Publication Date*: 3/29/2017 Mailto Link Identification Number: 1345
Frequently Asked Questions
  Nasdaq Talks to . . . Martin Lipton of Wachtell, Lipton, Rosen and Katz about the New Paradigm in Corporate Governance
Identification Number 1328
Clearhouse
Nasdaq Talks to . . . Martin Lipton of Wachtell, Lipton, Rosen and Katz about the New Paradigm in Corporate Governance
Publication Date: February 27, 2017

Martin Lipton, a founding partner of Wachtell, Lipton, Rosen & Katz, specializes in advising major corporations on mergers and acquisitions and matters affecting corporate policy and strategy. We spoke with Mr. Lipton about his most recent publication, The New Paradigm – A Roadmap for an Implicit Corporate Governance Partnership between Corporations and Investors to Achieve Sustainable Long-Term Investment and Growth,” a blueprint for eradicating the short-termism that, he believes, is crippling long-term corporate growth and investment.

Q: Do you see any parallels between the corporate takeover atmosphere of the early 1980’s and modern activism, which has been accused of shifting corporate focus to the short-term?

A: There is a strong similarity between the corporate raiding of the ‘70s and ‘80s and activism. Modern activism is a reflection of the overwhelming control of public companies by the major institutional shareholders, which own somewhere between 65-85% of the stock of most listed companies. The real pressure on companies is meeting the expectations of the institutions that have the ability to control them, versus any other kind of defense to deal with in activist attack.

I believe the best free market approach to protect shareholders from attacks by activist hedge funds is my New Paradigm for corporate governance, which places the deciding power in the hands of a majority of shareholders who are acting with knowledge of corporate strategies and in accordance with their fiduciary duties.

Q: If you had to boil down your “New Paradigm” paper to one takeaway, what would it be?

A: The New Paradigm is a corporate governance framework that derives from the recognition by corporate CEOs and boards of directors, and by leading institutional investors and asset managers, that short-termism and attacks by short-term financial activists significantly impede long-term investment by corporations. The New Paradigm recalibrates the relationship between public corporations and their investors, conceiving of corporate governance as a collaboration among corporations, shareholders and other stakeholders to achieve long-term value and resist short-termism.

In this framework, if a corporation is diligently pursuing well-conceived strategies developed with the participation of independent, competent and engaged directors, and its operations are in the hands of competent executives, investors will refuse to support activists seeking to force short-term value enhancements without regard to long-term value implications. As part of their stewardship role, investors will work to understand corporate strategies and operations. Investors also will engage with corporations to ensure they understand investors’ opinions so corporations can adjust strategies and operations in order to receive investors’ support.

Q: In practical terms, who at the company should collaborate with investors and how do you recommend they do so?

A: The key is a double use of engagement: appropriate corporate governance involves real engagement between management and the board of directors, as well as between corporate management and investors. Institutions want to know that there is an independent, competent and experienced board of directors overseeing and engaged in what management is doing. Corporations need to know what governance their institutional investors expect of them.

As a practical matter, the relationship between a corporation and its investors should be overseen and participated in by the CEO and carried out on a day-to-day basis by the investor relations and corporate governance staff. There should be periodic participation by the lead independent director, independent chair (if any) and members of the board. Director participation is a case-by-case decision depending on circumstances, including whether the investors have interest in meeting with directors.

When engaging with institutional investors, it’s important for corporations to understand what investors want, to communicate effectively what management does not think appropriate and therefore will not do, and ensure investors have confidence in that. It’s also critical to be fully transparent with investors with respect to operations, and earnings, and other material information. Corporations should ensure that investor relations are first rate and that institutional investors are satisfied with the access they have to the board of directors if they desire to communicate directly with the directors.

Q: Your paper states that engagement is a two-way street, with investors holding up their end of the bargain. Do you think the investors are ready for it?

A: Most major investors—especially BlackRock, State Street and Vanguard—have equipped themselves for engagement, and most are committed to strengthening their engagement capability. Engagement is strongly supported by FCLT Global (not-for-profit organization dedicated to developing practical tools and approaches that encourage long-term behaviors in business and investment decision-making) and all of the major investor associations.

Q: While the paper calls for changes through market forces without new regulation, do you think there is anything that exchanges can contribute through the regulation of listed companies?

A: I’m very hopeful that a large number of major institutions, investors, and corporations will endorse the New Paradigm, and that we will see a significant decrease in the pressure for short-term performance as a result. Corporations need encouragement and support from their investors to make the long-term investments that lead to sustainable growth.

The exchanges could make a major contribution to the universal adoption of, and adherence to, the New Paradigm by endorsing it and stating that they believe it is an effective means of achieving long-term investment and growth. If both corporations and investors adhere to the New Paradigm, no new regulation would be needed.

Q: Another publication attracting attention in the corporate governance community is “Principal Costs: A New Theory for Corporate Law and Governance.” Why do you think principal-cost theory has taken so long to emerge, allowing instead for the agency-cost theory to dominate?

A: From the very outset of shareholder activism—say Milton Friedman in 1970— it was recognized that the cost of shareholders forcing changes in business strategy and operations could have an adverse impact on investment in research and development, on capital expenditures, on employment, employee training and attracting top executive talent. It just didn’t have a catchy name like “shareholder democracy” or “agency cost.”

What Professor Goshen has made clear is that it’s the function of the board of directors, and of investors dealing with the corporation, to find the optimal governance structure through exercising balanced stewardship. If you pressure for short-term performance, higher dividends or share buy backs, you are causing the corporation to reduce R&D and capital expenditures and increase leverage to the point that companies run into financial difficulties. There’s no better example than what happened in the fiscal crisis in 2008.

As Jack Welch has said, “maximizing shareholder value is the dumbest idea in the world. Shareholder value is a result, not a strategy…your main constituencies are your employees, your customers and your products.”

Q: Do you think the New Paradigm will affect the balance in the capital markets between short- and long-term investors?

A: I believe the New Paradigm will have a significant impact on promoting long-term investment. CEOs, management teams and boards of director are highly responsive to the views and requirements of their investors. If a majority of shareholders are acting with knowledge and in accordance with their fiduciary duties, it will promote a reasonable balance between short-term and long-term goals.

The International Business Council sought signatures from all participants in its January 2017 meeting to The Compact for Responsive and Responsible Leadership: A Roadmap for Sustainable Long-Term Growth and Opportunity. The Compact includes key features of The New Paradigm and I recommend adherence to The Compact and The New Paradigm by all corporations, institutional investors and asset managers.

Read The New Paradigm – A Roadmap for an Implicit Corporate Governance Partnership between Corporations and Investors to Achieve Sustainable Long-Term Investment and Growth >>

Read The Compact for Responsive and Responsible Leadership: A Roadmap for Sustainable Long-Term Growth and Opportunity >>

Read Principal Costs: A New Theory for Corporate Law and Governance >>

***
Martin Lipton has worked as a partner of Wachtell Lipton since 1965, representing corporations involved in many of the largest mergers, change-of-control contests and boardroom crises of the past 60 years. In 1992, Lipton co-authored “A Modest Proposal for Improved Corporate Governance” which became the template for the basic corporate governance principles adopted in the 1990s.
Publication Date*: 2/27/2017 Mailto Link Identification Number: 1328
Frequently Asked Questions
  Nasdaq Talks to…Don Kalfen of Meridian about Preparing for CEO Pay Ratio Disclosure
Identification Number 1303
Clearhouse
Nasdaq Talks to…Don Kalfen of Meridian about Preparing for CEO Pay Ratio Disclosure
Publication Date: January 11, 2017

Should public companies still plan on implementing the CEO Pay Ratio rule given that President-elect Trump has promised to repeal or reform Dodd-Frank? Nasdaq sat down with Don Kalfen of Meridian Compensation Partners to find out. Don leads Meridian's Technical Team and has more than 20 years of consulting experience in executive and director compensation and related issues.

The Pay Ratio disclosure rules—drafted by the SEC and mandated under Dodd-Frank—become effective in 2017 and, for calendar year companies, apply to their first annual report, annual proxy or information statement filed in 2018 . Don's interview with Nasdaq resulted in a robust nuts and bolts guide to the CEO Pay Ratio rule, including an overview of the rule, who must follow it, and how to calculate the required pay ratios, as well as his views on its (lack of) merit.

During our conversation, we asked Don to share his thoughts on whether the incoming Trump administration will repeal the CEO pay ratio rule:

President-elect Trump's specific view on the CEO pay ratio are not known. However, Mr. Trump's view on Dodd-Frank are clear: The President-elect will seek the repeal or sweeping reformation of Dodd-Frank. This could result in the repeal of the CEO pay ratio along with the other Dodd-Frank disclosure mandates. Further, over the past several years, Congressional Republicans have routinely introduced bills to repeal the CEO pay ratio. Despite these hopeful signs, at this point it would be premature to write off the Pay Ratio rule. It may be well into the summer of 2017 before the fate of Dodd-Frank and its various disclosure mandates start to become clear. Until then, we are advising companies to operate under the assumption that the Pay Ratio will go into effect in 2017, with initial public disclosure in 2018.

Don also shared his advice and planning steps for companies to begin preparing for the rule in advance of the 2018 proxy season:

Until the fourth quarter of 2017, for a calendar year company it is too early to determine a CEO pay ratio that complies with the Dodd-Frank requirements and the SEC rule on the pay ratio disclosure. A calendar year company is required to determine the covered employee population from which to derive the pay ratio as of a company-selected date occurring in its fourth quarter. Only after this determination has been made may a company calculate a compliant CEO pay ratio.

However, we suggest companies undertake the following planning steps during the current calendar year, and into the start of 2017 to get ahead of the curve:

Identify covered entities (and covered jurisdictions) and means of data collection. A company should identify each covered entity (i.e., every consolidated entity for financial statement purposes), the jurisdiction(s) of the entity and the means of collecting applicable employee pay data from each entity. This, importantly, includes how the company will collect data (e.g., via the company's country specific HRIS system, by hand input on paper documents, etc.), and determine currency conversions.

Determine employee exclusions. Once covered entities are identified and how pay data will be collected, a company should determine if any employees from covered entities may be excluded from the covered employee population (e.g., 5% exclusion of non-U.S. employees, countries where data privacy laws raise issues, independent contractors, etc.). In this regard, a company should consider retention of legal counsel to determine the extent to which non-U.S. employees may be excluded by reason of data privacy laws.

Determine covered employee population. Next a company should determine whether the median employee should be identified from the entire covered employee population or a subset of the employee population based on statistical sampling techniques. A company may need to retain a statistician to determine the appropriate sampling techniques.

Agree upon pay definition for determining median employee. A company should then determine how pay will be defined for purposes of identifying the median employee and to what extent pay may be annualized for certain categories of covered employees. Note, the pay definition for this purpose could be W-2 reported pay, base salary, or other consistently applied measure.

Conduct a simplified calculation based on U.S. employees only. A company should determine sample CEO pay ratio based solely on its U.S. employee population or a subset of this population. This will help a company further refine its processes for developing its CEO pay ratio disclosure and help to surface issues for resolution. Finally, this may provide some indication as to what will be the disclosed CEO pay ratio, and create a more informed expectation on how a company may need to develop disclosures regarding the pay ratio.

To read our full interview with Don Kalfen, click here.

***
With over sixty associates in ten offices in the U.S. and Canada, Meridian Compensation Partners provides executive compensation consulting and corporate governance services to over 500 major publicly traded and privately held corporations. Their core services include board level advisory services, compensation program design, research and competitive market intelligence on executive pay, and corporate governance matters.
Publication Date*: 1/11/2017 Mailto Link Identification Number: 1303
Frequently Asked Questions
  Top Cybersecurity Concerns for Every Board of Directors: People
Identification Number 1301
Clearhouse
Top Cybersecurity Concerns for Every Board of Directors: People
Publication Date: January 4, 2017

This is the second of a four-part series of white papers authored by Cybersecurity expert John Reed Stark. This series -- published for the first time on Nasdaq's Governance Clearinghouse --outlines a strategic framework for boards of directors to effectively analyze and supervise corporate cybersecurity risks.

Companies can invest heavily in top-of-the-line security software and state-of the-art systems, but without the proper approach toward their IT employees, those efforts will be for naught. This article focuses on a board's cybersecurity oversight pertaining to a company's most important cybersecurity resource (and threat): its employees.

Given the tumultuous risk associated with cyber-attacks, boards of directors and C-suite executives must address cybersecurity not as an IT issue, but rather as an issue of governance. Boards and C-suite executives should establish a cross-organizational team that regularly convenes to discuss, coordinate and communicate cybersecurity issues and is supported by outside cybersecurity response firms and law enforcement agencies.

This paper provides an overview of cybersecurity governance areas that involve people, including:
  • Cybersecurity recruitment and retention
  • Top-down commitment to cybersecurity
  • Employee cybersecurity training programs
  • Digital forensics/data breach response firms
  • Law firms specializing in data breach response
  • Pre-breach law enforcement liaisons
The first paper in this series provided an overview of the critical components related to the governance practices, policies and procedures of a strong cybersecurity program. The remaining papers in this series will broadly cover the following topics:
  • Technology: the technical systems that provide the foundation for cybersecurity infrastructure.
  • Data Mapping and Encryption: the board's oversight responsibilities with respect to two of the largest enterprise undertakings in the field of cybersecurity: encryption and data mapping.
By using these white papers as a guide, boards of directors can become not only more preemptive in evaluating cybersecurity risk exposure but they can also successfully elevate cybersecurity from an ancillary IT concern to a core enterprise-wide risk management item. 

Read John Reed Stark's White Paper on Top Cyber Security Concerns for Every Board of Directors: People >>

Read John Reed Stark's White Paper on Cybersecurity Governance >>

***
John Reed Stark is President of John Reed Stark Consulting LLC, a data breach response and digital compliance firm. Formerly, Mr. Stark served for almost 20 years in the Enforcement Division of the U.S. Securities and Exchange Commission, the last 11 of which as Chief of its Office of Internet Enforcement. He also worked for 15 years as an Adjunct Professor of Law at the Georgetown University Law Center, where he taught several courses on the juxtaposition of law, technology and crime, and for five years as managing director of a global data breach response firm, including three years heading its Washington, D.C. office. Mr. Stark is the author of, "The Cybersecurity Due Diligence Handbook," available as an eBook on Amazon, iBooks and other booksellers.
Publication Date*: 1/4/2017 Mailto Link Identification Number: 1301
Frequently Asked Questions
  EY Center for Board Matters: Top Board Priorities for 2017
Identification Number 1298
EY Center for Board Matters: Top Board Priorities for 2017
Publication Date: December 21, 2016

The EY Center for Board Matters expects Boards to increase focus on six priorities in 2017. These priorities include, among others: overseeing competitive strategy in a world of disruption and convergence; navigating the dynamic geopolitical and regulatory environment; optimizing long-term capital allocation strategies; and strengthening board composition through strategic alignment.

Read more from EY >>
Publication Date*: 12/21/2016 Mailto Link Identification Number: 1298
Frequently Asked Questions
  PwC Report Considers Investor and Company perspectives on ESG Disclosures
Identification Number 1293
PwC Report Considers Investor and Company perspectives on ESG Disclosures
Publication Date: December 9, 2016

A new PwC report found that investors are increasingly demanding more environmental, social, and governance (ESG) information disclosures by companies as an important factor in their decision-making processes, but companies are still divided on how and what to include. The study analyzed the relationship between investors and corporations, and found that while companies prioritize growth, investors are more focused on risk. Interestingly, while 65% of companies say that ESG considerations are very important to business strategy, only 31% of institutional investors indicated they were important to equity investment decisions. The report also noted that while over 80% of S&P 500 companies disclosed their ESG programs in 2015, investors do not believe the companies present the information in a way that allows easy comparison by investors. Most of those polled agreed that implementing a common standard for companies to use when disclosing ESG information, as well as increased dialogue and feedback, could help bridge the gap between investors and companies.

Read More from PwC >>
Publication Date*: 12/9/2016 Mailto Link Identification Number: 1293
Frequently Asked Questions
  Non-GAAP Financial Measures: Continuing the Conversation
Identification Number 1291
Non-GAAP Financial Measures: Continuing the Conversation
Publication Date: December 6, 2016

The Center for Audit Quality released a white paper, which explores the issue of non-GAAP information, providing context on its definition and use, pertinent regulatory developments, and the current level of auditor involvement. Additionally, the paper compiles sets of suggested questions for key stakeholder groups (management, investors, investment analysts, securities counselors, audit committee members, internal auditors, independent auditors, regulators, accounting standard setters, and academics) to consider regarding their preparation or use of non-GAAP financial measures.

Read the white paper >>
Publication Date*: 12/6/2016 Mailto Link Identification Number: 1291
Frequently Asked Questions
  EGCs Account for Majority of IPOs Since JOBS Act, EY Study Finds
Identification Number 1287
EGCs Account for Majority of IPOs Since JOBS Act, EY Study Finds
Publication Date: November 28, 2016

In its recent report “Update on Emerging Growth Companies and the Jobs Act,” EY notes that since enactment of the Jumpstart Our Business Startups (JOBS) Act in April 2012, Emerging Growth Companies (EGCs) have come to dominate the IPO market, citing its findings that 83% of all publicly-filed IPO registration statements and 87% of all IPOs that have gone effective during that time were EGCs. . The report also notes that a large majority of EGCs have relied on some of the accommodations afforded by the JOBS Act, including confidential submission of registration statements to the Securities and Exchange Commission (SEC), reduced executive compensation disclosures and including two rather than three years of audited financial statements.

Read more from EY >>
Publication Date*: 11/28/2016 Mailto Link Identification Number: 1287
Frequently Asked Questions
  Willis Towers Watson Looks at “Say on Frequency” Votes
Identification Number 1283
Willis Towers Watson Looks at “Say on Frequency” Votes
Publication Date: November 18, 2016

In a recent report, Willis Towers Watson looks at the Dodd-Frank required shareholder vote on the frequency with which companies must seek a shareholder vote on “say on pay”, either every one, two or three years, the so-called “say on frequency” vote. The report reviewed the “say on pay” frequency at Russell 3000 companies, finding that 82% of companies opted for annual, one percent for biennial and 17% for triennial shareholder votes. The report also identifies various institutional investorswho appear to prefer biennual or triennial frequencies as opposed to an annual vote.

Read more from Willis Towers Watson>>
Publication Date*: 11/18/2016 Mailto Link Identification Number: 1283