Listing ETP Banner
Reference Library - Advanced Search


** To make multiple selections, select the first criterion and then press and hold the Ctrl Key **
1- 50 of 62 Search Results for:
Libraries:   Governance Clearinghouse
Filters:   All Years; Issues and Trends;
Search   Clear

Collapse All
Printer Friendly View
Mailto Link 
Page: 1 of 2
Frequently Asked Questions
  Five Ways to Raise Your Board's Digital IQ
Identification Number 1455
Five Ways to Raise Your Board's Digital IQ
Publication Date: November 20, 2017 

Technology is disrupting virtually every industry in some way, and a business case for digital literacy on the board is emerging. In this post, veteran board director Betsy Atkins shares five ways companies can raise their boards' digital IQ.

There can be little doubt in today's business environment that adding board members with broad experience in technology (including software, services, cloud, analytics and A.I.) will bring critical insights into the boardroom. According to a recent study by Deloitte, the percentage of public companies that have appointed technology-focused board members has grown from 10% to 17% during the past six years. For high performers—those companies that outperformed the S&P 500 by 10% or more for the past three years—this figure almost doubles to 32%.

However, board refreshment may not happen soon enough for some companies, and adding a few tech experts may not raise the digital IQ of the entire board to a level where decision making becomes nimble. In the interim, the question is, how can companies raise the digital expertise that existing board members bring to the table?

1. Conduct a technology IQ assessment.

An appraisal of the board's digital IQ should be incorporated into the annual board assessment to identify any areas of weakness. A digital IQ assessment will be different for each board depending upon the company it serves or the industry it operates in, but may examine some or all of the following elements:
  • Are there enough (or any) board members with relevant technology backgrounds?
  • Have board members worked within a variety of business models?
  • Did board members lead or serve on companies that initiated digital transformation?
  • Have board members experienced a significant change in company business model?
  • How does the board monitor technological innovations and/or looming disruptions?
  • Does the board benchmark technology adoption against competitors?
  • What metrics is the board tracking to measure progress in digital transformation?
  • Does the board meet with the company's CTO or CIO on a regular basis?
  • Is the board comfortable with change?

2. Embark on a technology learning tour.

Every company is a technology company in some way, and all boards should be continuously researching macro trends in technological innovation and digital enablement. An effective way to boost the entire board's digital IQ quickly is a technology learning tour, during which board members spend a few days immersed in one of the major technology hubs, such as Silicon Valley, China, or Tel Aviv.

The board I sit on at Schneider Electric just toured Alibaba in China. We also visited leading Chinese companies in Shanghai, Hangzhou, Shenzhen, and Hong Kong. This fall, I joined my fellow Volvo board members in meetings with Google, Amazon, venture capital groups in Menlo Park, and other cloud services providers as we seek to understand the potential for connected car infotainment. We also met with companies that specialize in machine learning and AI algorithms related to autonomous driving, to discern how advances in those technologies may apply to Volvo.

There are major macro tech trends impacting Schneider and Volvo that require their boards to establish a framework of tech knowledge in order to adequately leverage the opportunities these trends present. Schneider for example is an industrial energy management company, and board member knowledge of—and experience with—the industrial internet of things is critical as "hardware" companies like Schneider transition to develop and embed software in their infrastructure. For Volvo, cloud services, infotainment, SaaS Software, the digital customer journey, and machine learning/AI algorithms for autonomous drive are all macro trends that are directly relevant to the company's business.

3. Invite subject matter experts into the boardroom.

Continuing education can take place in the boardroom as well as outside of it. Boards can engage external digital experts to update members about emerging tech-related innovations, disruptions and risks. Boards should also monitor how competitors are leveraging technology to delight consumers, bring efficiencies to supply chains, and lower costs.

The Governance Committee of HD Supply brings in outside speakers two or three times a year for a working dinner. We've had cyber-risk speakers from FireEye and digital transformation speakers from Accenture and Boston Consulting Group. An upcoming speaker will be presenting an in-depth discussion of competitive industry assessment.

Internal company technology officers and department heads are also indispensable subject matter experts, and the board should be hearing regularly from the company's top digital managers. (I recently wrote a piece about the evolving role of the CIO.) The Volvo board's Technology and Innovation Committee regularly receives updates from Volvo's head of research and development, Chief Digital Officer, head of product development, and global head of strategy. Schneider has created a role of Chief Digital Transformation Officer reporting to the CEO. The Schneider Board will consider adding a Digital Oversight Committee.

4. Allocate time on the board agenda to technology transformation as well as cyber risks.

There is a lot of buzz right now about cyber risk and how boards should manage oversight of that—and rightly so. However, companies today face a much greater risk than data breaches and ransomware attacks: business model obsolescence. According to a study published by Innosight, businesses are disappearing at a rate of 50% every 10 years, primarily because they don't evolve quickly enough in the face of seismic shifts in consumer behaviors or technological innovations (think Blockbuster, Borders, and Radio Shack). Tenure on the S&P 500 has dropped from 33 years to 14 years during the past 7 years.

Companies that seek opportunities for competitive advantage in evolving technologies will have the greatest chance of survival. To ensure business model vibrancy, boards need to embrace tech trends and new business models, and actively consider integration of them into their companies' strategies. Board agendas should allocate time to digital transformation, just as they do cyber, general enterprise risk management and other risk mitigations.

Digital transformation is a forward-looking perspective, so it shouldn't be tasked to the audit committee (which is traditionally backward-looking). Governance committees, on the other hand, often have additional capacity to absorb tech-related strategic oversight. Governance is the board committee charged with oversight of strategic digital transformation at HD Supply.

As Deloitte reported in the study I referenced at the beginning of this article, it is becoming more common for boards to add technology committees dedicated to digital and technical transformation. Volvo's board has a Technology Innovation Committee, and the Schneider Electric board formed a Digital Transformation Committee.

5. Refresh the board with directors who lean in to change.

The velocity of change is so intense now that corporate survival depends upon the intellectual and emotional experience of people who are more comfortable leveraging change than pulling away from it. To be effective, every director today needs to have past experience navigating a company through rapid and truly transformative change.

It's also important that directors in today's business environment have job experience within a variety of enterprises and business models. If everyone around the boardroom table spent their entire career immersed in a single corporate domain or business model, the board may lack familiarity with change or the conviction to innovate. They will try to apply the one lens or framework that was effective one or two decades ago. Board members who have worked for multiple companies during their careers are more likely to have experience leveraging technologies to refresh or retool business models, bring down costs, or improve the customer journey.


Watch Betsy's interview with Nelson Griggs, President of Nasdaq Stock Exchange: Why Your Board Needs Technology Leadership.

Other popular posts featuring Betsy Atkins on the Governance Clearinghouse:
Seven Critical Elements of a Board Refreshment Plan >>
What Makes a Great Board? >>

Betsy Atkins serves as President and Chief Executive Officer at Baja Corp, a venture capital firm, and is currently the Lead Director and Governance Chair at HD Supply. She is also on the board of directors of Schneider Electric, Cognizant, and a private company, Volvo Car Corporation, and served on the board of directors at Nasdaq LLC and as CEO and Board Chairman at Clear Standards.

Publication Date*: 11/20/2017 Identification Number: 1455 Mailto Link
Frequently Asked Questions
  Digital Transformation Catalyzes Diversity in Nasdaq Company Boardrooms
Identification Number 1454
Digital Transformation Catalyzes Diversity in Nasdaq Company Boardrooms
Publication Date: November 16, 2017 

"Every company is now a technology company, and boards increasingly require a new kind of director," says Coco Brown, founder and CEO of The Athena Alliance, an organization dedicated to preparing executive women for board service and facilitating board matches. A veteran of the Silicon Valley tech industry, Ms. Brown talked to Nasdaq about how digital transformation is disrupting traditional board composition and creating new opportunities for women to make meaningful contributions in the boardroom.

Despite increased pressure from investors, gender diversity on boards is improving at a glacial pace of just 1% per year. Why? Because boards are still accustomed to—and most comfortable with—appointing former and current CEOs and CFOs of large enterprises, and women comprise a very small percentage of those roles.

There is, however, an intriguing exception to the male majority in the boardroom: the gender composition of non-executive digital directors. Russell Reynolds has been tracking statistics on digital directors in the boardroom since 2013. Their most recent survey tracking digital directors appointed to the boards of the Global 300 uncovered encouraging trends:

  • 37% of Global 300 digital directors are women.
  • 58% of digital directors added to Global 300 boards between 2014-2016 were women.
  • Global 300 boards with a digital director have greater gender parity than traditional boards.
The advent of digital directors heralds a larger evolution taking place in the boardroom. Companies today face a wide range of threats and opportunities related to digital transformation, most of which didn't exist 10 years ago. These include cyber risk, technology innovations (including AI and machine learning), business model shifts, digital marketing, and brand management. The rapid pace of change has left traditional boards lacking in two fundamental areas:

Cognitive and relational diversity: Cognitive refers to diversity of thought, while relational diversity is the ability to relate to a company's constituents directly (customers, employees, and communities).

Modern digital competence on a mass scale: Any company that expects to be around 5-10 years from now will need to digitize supply chains, sales engines, business processes, and customer and employee engagement, if it hasn't already.

Savvy boards recognize that to stay competitive, they must address these deficits, and continuing to recruit board members from the ranks of former CEOs and CFOs is not the answer. It is becoming increasingly common for boards to "widen the aperture" beyond traditional executive roles to recruit non-executive directors who have engineering, technology, operations, human resources, and marketing backgrounds. As a result, a whole new generation of thought leaders is beginning to take seats at boardroom tables:

  • Human Resources Officers (CHRO, CPO): These are a company's workforce and culture experts and are under-represented in the boardroom. They also advise on compensation, succession planning, stock programs, and employee and community relations.

  • Digital Technology Officers (CIO, CISO, CTO, Chief Product Officer, Cyber Security): These experts are attuned to some of the biggest technology-related threats, challenges and opportunities of the next 3 - 5 years.

  • Digital Delivery & Operations Officers (Head of Business Strategy, CMO, COO, Chief Customer Officer, Chief Revenue Officer): These roles have a pulse on the industry, shifting business environments, and evolving business models; they also have connections that can make a big difference.
Recent data indicates that recruiting outside of the CEO/CFO realm and into other C-Suite roles in small to mid-cap companies, or even SVP/VP roles of mid to large cap companies may accelerate progress towards gender parity in the boardroom: Russell Reynolds reported that while the total number of female directors of Global 300 companies stands at just 19%, women represented 26% of all digital directors appointed to Global 300 company boards between 2014-2016.

A number of Nasdaq companies have recently "widened the aperture" in board refreshment, appointing women to help lead their digital transformation in the boardroom, including:

Axon Enterprise, Inc. (Nasdaq: AAXN): Julie Cullivan is CIO and Senior Vice President of Business Operations at ForeScout Technologies, Inc. (Nasdaq: FSCT). Axon can leverage Julie's extensive sales operations, IT, and cybersecurity expertise as the company transforms its product line through AI and cloud technologies.

Banner Corporation (Nasdaq: BANR): Merline Saintil is the head of operations of Intuit's (Nasdaq: INTU) product and technology group. Banner recruited Merline to bring information technology expertise to the financial company's board.

Forrester Research, Inc. (Nasdaq: FORR): Yvonne Wassenaar, former CIO of New Relic and current CEO of Airware, is described by Forrester as "a thought leader in cloud, big data analytics, and business digitization." Forrester tapped Yvonne for the board to help guide the company as it undergoes the digital transformation of its business.

MobileIron, Inc. (Nasdaq: MOBL): Jessica Denecour is CIO of Varian Medical Systems. MobileIron believes its shareholders will benefit from Jessica's expertise in using IT to positively influence business outcomes.

Morningstar, Inc. (Nasdaq: MORN): Caroline Tsay is a technology start-up founder and former online channel division vice president at Hewlett Packard Enterprise. Morningstar's investment services have moved from analog to digital technologies, and Caroline has the mix of leadership experience and information technology expertise that Morningstar's board needed.

Telenav, Inc. (Nasdaq: TNAV): Karen Francis DeGolia is on the board of AutoNation, the largest automotive retailer in the U.S., and Executive Chairman of AcademixDirect, a technology marketing company serving the education industry. She joined the board of Telenav last December and was recently named Lead Director, adding her extensive experience in the automotive industry and emerging mobility technologies to Telenav's board.

Another unexpected statistic came from the Russell Reynolds survey mentioned earlier: 78% of the Global 300 still has no digital representation on the board. As companies continue to awaken to the realization that they need digital innovation expertise and diversity of thought on the board, women will find opportunities in greater numbers to demonstrate value and relevancy in the boardroom.


Coco Brown is founder and CEO of the Athena Alliance, an organization dedicated to advancing diversity in the boardroom by preparing executive women for board service and facilitating board matches. Before founding the Athena Alliance, Brown served as the president and chief operating officer of Taos, an information technology consulting and services company based in San Jose, California. She is also the founder and CEO of Executive Kinections, a Silicon Valley consultancy that advises executive teams in strategic planning and organizational design.

The views and opinions expressed herein are the views and opinions of the author at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular company, industry or security mentioned herein and nothing contained herein should be construed as legal or investment advice.

Publication Date*: 11/16/2017 Identification Number: 1454 Mailto Link
Frequently Asked Questions
  Ransomware Payment: Legality, Logistics, and Proof of Life
Identification Number 1450
Ransomware Payment: Legality, Logistics, and Proof of Life
Part Two: Investigation and Response
Publication Date: November 6, 2017 

This is the second in a three-part series of white papers authored by Cybersecurity expert John Reed Stark. The series offers guidance for boards of directors on the legal issues, logistical considerations and financial implications of responding to ransomware threats.

When confronted with a ransomware attack, the options all seem bleak. Pay the hackers – and the victim may not only prompt future attacks, but also has no guarantee that the hackers will restore their dataset. Ignore the hackers – and the victim may incur significant financial damage or even find themselves out of business. The only guarantees during a ransomware attack are the fear, uncertainty and dread inevitably experienced by the victim. That is why it is critical for all companies to approach ransomware response in a thoughtful, careful and meticulous manner, which is the focus of Part Two of this three-part series.

This three-part series of articles provides guidance on the legal issues, logistical considerations and financial implications when managing ransomware threats, including an exposition of the unique issues which can arise when seeking proof of life and opting to meet the monetary demands of ransomware attackers.

Part One of this series, Background and Reality, provided the keys to understanding the impact of recent ransomware strains, including a discussion of the nature and growth of ransomware; the dangerous aspects of some recent ransomware attacks; and the role (or lack thereof) of law enforcement when managing a ransomware attack.

Part Two of this series, Investigation and Response, examines the intricacies involved in ransomware response, including ransomware investigative tactics; ransomware payment logistics; and the legalities of ransomware response.

Part Three of this series will cover the remaining range of key ransomware essentials, such as notification requirements; ransomware remediation; and ransomware cyber insurance.


John Reed Stark is President of John Reed Stark Consulting LLC, a data breach response and digital compliance firm. Formerly, Mr. Stark served for almost 20 years in the Enforcement Division of the U.S. Securities and Exchange Commission, the last 11 of which as Chief of its Office of Internet Enforcement. He also worked for 15 years as an Adjunct Professor of Law at the Georgetown University Law Center, where he taught several courses on the juxtaposition of law, technology and crime, and for five years as managing director of a global data breach response firm, including three years heading its Washington, D.C. office. Mr. Stark is the author of, "The Cybersecurity Due Diligence Handbook," available as an eBook on Amazon, iBooks and other booksellers.

Publication Date*: 11/6/2017 Identification Number: 1450 Mailto Link
Frequently Asked Questions
  Effective Boards and the Need for Emotional Intelligence
Identification Number 1447
Effective Boards and the Need for Emotional Intelligence
Publication Date: October 31, 2017

In this Q&A, Nasdaq talks to Caren Merrick, veteran board member, angel investor and entrepreneur, about the importance of emotional intelligence or "EQ" on boardroom dynamics.

Q: Based on your experiences as a board member and a former CEO, how would you complete this sentence: "For a board to be effective . . ."

A: For a board to be effective, its members must demonstrate emotional intelligence. I don't see much written about the impact of emotional intelligence or EQ on board dynamics, yet it's an issue that someone raises almost every time I speak about boards. A general lack of EQ seriously handicaps a board's ability to problem-solve and make informed decisions.

When a board is recruiting a new member, emotional intelligence and relationship building skills are as important to vet as subject matter expertise and experience. Some of the biggest board blowups I've observed had to do with a board member who was more ego-driven to be a star contributor, or didn't know or respect the difference between their role and the CEO's role, or dug in and refused to budge on a particular issue.

A measured approach to navigating highly-charged situations is another often overlooked and undervalued ingredient of an effective board. When disagreements are handled poorly, boards can build factions and become very political.

Q: How has EQ impacted the boards you are sitting on now?

A: I am fortunate at this point in my career to be sitting on some of the most effective boards I've ever been associated with. The boards I'm serving on now have excellent EQ: We don't always agree on everything, but when we do disagree we are mindfully very constructive in our approach to resolving issues.

One board I sit on in particular, the Metropolitan Washington Airports Authority (MWAA), which oversees the $800m business operations of Washington Dulles International Airport and Washington Reagan National Airport in addition to the $6b Dulles Corridor Metrorail and other entities.

This board presents a unique challenge to the CEO Jack Potter, because his board members are all appointees. I've learned a great deal watching Jack cultivate a productive boardroom dynamic between a group of individuals he had no say in appointing, who were each put in place to represent distinct constituencies.

When there are disagreements—and there often are—Jack's approach is deliberative, measured, and involves all of the stakeholders. He's patient, asks a lot of questions and implements a rigorous process to analyze the pros and cons in order to uncover what's really at stake. He's also encouraged board members to think more regionally in their approach to governing the Authority. Since Jack became CEO and began implementing this approach, the MWAA board is functioning at a higher level than before and, I believe not coincidentally, our bond ratings have gone up.

Q: A board can be comprised of successful executives who represent a perfect balance of the right professional skillsets, yet still be dysfunctional. True?

A: Absolutely true. As an angel investor, I'm hyper aware of the high number of startups that ultimately fail, and one of the biggest reasons for that failure rate is investors having a different agenda for a company than its founders.

As an entrepreneur, I'm somewhat biased. In an ideal world, founders could build their public company boards from scratch with people who are wise, aligned, generous and completely independent. In reality, it's difficult to launch a company without using outside capital, so newly-public boards are often faced with the possibility of competing stakeholder agendas. It's very important to get transparency and clarity around those agendas right at the beginning, so the board can build consensus. Otherwise, there is a high risk of factions developing among board members aligned with existing investors versus those aligned with the CEO.

Alignment doesn't mean the board won't disagree—there should always be healthy debate in the boardroom—but alignment does significantly increase the odds of reaching constructive solutions and sustainable growth. This is important, because CEOs find it challenging to rotate investors off a board when major disagreements become a stumbling block.

Entrepreneurs are becoming increasingly savvy to the investor/founder alignment issue, and mindful of it when shopping for capital. I recently met a woman who walked away from venture funding because her investor changed the terms at the last minute. She decided, rather than bring on an investor board member who had their own agenda, she would patiently pursue other sources of funding.

Q: Are there any other factors, in addition to stakeholder alignment and EQ, which contributed to your own company's successful transition from a basement startup to a publicly-traded enterprise?

A: I learned from my own experience that the personal networks of board members are an indispensable resource in scaling a new company, particularly when it reaches an accelerated growth phase. A company requires different skillsets from the board at different stages of its lifecycle: During the early phase, a company is consumed with early wins and surviving; once it gains momentum, it needs board members with experience in scaling an enterprise from $20 million to $200 million, for example. Seasoned executives know the patterns involved in rapid growth, can spot challenges ahead, and help a company block and tackle.

When we took webMethods public, our entire board—angel investors, venture capitalists, founders, and management—were all focused on growth. We deliberately composed a board that was skewed toward functional expertise in growth, and had extensive personal networks we could leverage to make introductions to potential customers, influencers, partners, and key critical employees.

There are a lot of technology startups here in the D.C. region, because so many people here work for government agencies on various projects requiring a high level of technical expertise: DOE, Homeland Security, and EPA, just to name a few. When local tech innovators leverage their technical expertise and experience to start companies, one of the smartest things I consistently see them do is tap former agency heads to join their boards. Not only does the company get that person's technical and government expertise, but it gains access to their network and benefits by association from their professional credibility.

Q: If you knew then what you know now, is there anything you would have done differently when launching your own company?

A: Now that I'm a sitting board member, I realize in my past leadership roles, I should have taken much better advantage of my board members' expertise and the wisdom of their experiences. CEOs—myself included—move so fast defending so many fronts that they don't give themselves the time to check in with directors to discuss challenges or opportunities. Sadly, they leave a lot of valuable insight on the table.

Q: What is the greatest challenge boards face right now?

A: I think the greatest challenge most boards face is trying to stay ahead of what is going on in their markets and industries, and trying to imagine what the future looks like in light of major shifts in local and global economies. Obviously cybersecurity is a huge concern. My boards are requiring more and more of my time to stay current on market and industry dynamics to identify opportunities for the company to create value and avoid crippling risks.

Diversity in the boardroom is crucial for companies to successfully navigate the rapid pace of change happening now: not just gender and ethnicity, which are important, but also diversity of perspective, skillsets, age, and professional disciplines. Boards can no longer afford to be composed solely of former CEOs and CFOs, because they need functional expertise in customer relationship management, digital marketing, cybersecurity, ERP systems, and social media marketing (which is a huge new frontier for boards to understand and tackle).

I learn something new every time I meet with my boards: we have people who have led private equity ventures, enterprise resource planning, supply chain ventures, enterprise marketing, and technology. The questions and insights that come from the diverse perspectives seated around the table at these meetings are impressive and very educational.


Caren Merrick is the CEO of Caren Merrick & Co. Previously, she was founder and CEO of Pocket Mentor, a mobile application and digital publishing company that provides leadership development and career advancement. Caren currently serves on the boards of the Metropolitan Washington Airports Authority, WashingtonFirst Bankshares, Inc. (Nasdaq: WFBI), and The Gladstone Companies (Nasdaq: GAIN, GLAD, GOOD, LAND). She is also a co-founder and former Executive Vice President of webMethods, Inc., a business-to-business enterprise software solution, which went public on Nasdaq before being acquired.
Publication Date*: 10/31/2017 Identification Number: 1447 Mailto Link
Frequently Asked Questions
  Seven Tactics to Engineer Better Boardroom Dynamics
Identification Number 1442
Seven Tactics to Engineer Better Boardroom Dynamics
Publication Date: October 24, 2017 

Boardroom dynamics can make or break the effectiveness of a board. In this post, Joan Conley, Senior Vice President and Corporate Secretary at Nasdaq, shares seven tried and true tactics for engineering better boardroom dynamics.

Proxy season has come and gone, new board members have completed their orientations, and many corporate boards are wrapping up summer strategy sessions. New board members bring new boardroom dynamics—and shifting dynamics may for a period of time impact the effectiveness of a board. On the other hand, excellent group dynamics can optimize board productivity for shareholders. Nasdaq's playbook for creating a healthy team dynamic in the boardroom includes the following tactics for facilitating director engagement, innovation, and candor in the boardroom.

1. Acclimate new directors to board culture.

Even public company directors need a safe place to ask "dumb" questions. At Nasdaq, we share an overview of board culture during orientation of new directors. Between the board chair, the CEO, and myself, our new directors have the resources to confidentially ask off-line questions related to the board culture, operations, and meeting protocol.

Be prepared to answer questions that delve into the granularity of board culture, including the cadence of the board meeting, how to refer to the board chair, when to ask the CEO direct confidential questions, when to inject comments during the board meeting, and how offline conversations should be handled. Knowing these details in advance can alleviate concerns of new board members, allowing them to focus on building important working relationships and tackling board agenda items.

2. Review boardroom etiquette with new directors.

Generally, the boardroom etiquette list of "dos" and "don'ts" closely mirrors the rules we learned early in life: listen, contribute, take turns, ask questions, treat everyone with respect. However, boardroom culture and rules of order may vary widely from company to company. Providing an overview of the general protocols followed during a company's board meetings can encourage participation in a meaningful way.

3. Avoid over-processing new board members.

There is a clarity of vision that comes with a fresh perspective. The observations made by new board members during their onboarding phase and early meetings are insightful and valuable. It's therefore important to educate a board member about the company's business and culture enough to hit the ground running at their first meeting, but without interfering with the insights and candor a fresh set of eyes brings to the table.

4. Facilitate communication between corporate management and board members.

Energized and enthusiastic directors are keys to positive boardroom dynamics. At Nasdaq, the onboarding program is individualized. We strive to satiate board members' appetites for knowledge related to the areas of our business they are passionate about, whether it's technology, fintech, M&A, market trading, or regulation.

For example, if a board member comes to us with expertise in technology, we have them spend time with Nasdaq's CIO, Brad Peterson, and his team. We also expand their horizons by having them meet with all of the other Nasdaq business unit leaders to cross-pollinate the board member's technology expertise with education and experiences in other areas of Nasdaq's business.

Board members who make tangible contributions stay focused and engaged. In my experience, the more often we bring board members together with executives and business unit teams to share knowledge, the more energized Nasdaq's boardroom dynamics become.

5. Engage all directors.

A board member sitting on the sidelines at any meeting represents a lost opportunity for the group to benefit from hearing and debating potentially important questions, concerns or insights. Listen to who speaks and who doesn't speak during board meetings and employ a strategy to engage all board members. Such a strategy might include:

  • Drafting call-out questions to be used by the board chair to elicit input from all directors.
  • Reserving efforts to elicit engaging discussions from all directors during executive sessions of the board.
  • Allowing directors to process and develop their input ahead of time by alerting them of, and educating them about, key agenda issues in advance.
  • Having the board chair or CEO reach out to board members offline, to solicit their ideas and concerns and find out what may be holding them back.
Typically, once a director has successfully been encouraged to speak in a board meeting, they will continue to do so.

6. Rotate committee memberships.

Rotating committee memberships keeps viewpoints fresh, exposes board members to new aspects of the company's business and governance, and creates new working relationships among board members—all of which contribute to effective boardroom dynamics and the optimization of board productivity for shareholders.

7. Leverage seating arrangements.

There's an art to managing seating arrangements to maximize positive group dynamics, and I recommend every Corporate Secretary pay close attention to it. It's important to plan who sits next to whom during meetings and dinners, based on a number of variables:

  • Which members don't know each other well yet?
  • Which members need to engage based on the meeting agenda?
  • Whose turn is it to sit next to the Chair?
  • How can unproductive side-bar conversations be prevented?
Reviewing seating arrangements for meetings and dinners ahead of time with the CEO and chairman of the board is an extremely productive use of time and contributes to a more successful board meeting.

For more insights from Joan Conley, read Onboarding New Directors: Beyond the Board Manual >>


Joan Conley is Senior Vice President and Corporate Secretary of Nasdaq and its global subsidiary organizations and, in that role, is responsible for the Nasdaq Corporate Governance Program and Nasdaq Ethics Program. She also serves as Managing Director of the Nasdaq Educational Foundation and is a Director of the Nasdaq Entrepreneurial Center Board.

Publication Date*: 10/24/2017 Identification Number: 1442 Mailto Link
Frequently Asked Questions
  The Rise of the Investor-Centric Activism Defense Strategy by Peter Michelsen and Derek Zaba of CamberView Partners
Identification Number 1439
The Rise of the Investor-Centric Activism Defense Strategy by Peter Michelsen and Derek Zaba of CamberView Partners
Publication Date: October 17, 2017

CamberView Partners provides advice to public companies on engagement and shareholder relations, activism and contested situations, sustainability and complex corporate governance matters.

Shareholder activism is often thought of in binary terms: activist v. company, dissident nominees v. company directors. Media coverage dramatically frames the "showdown" of prominent and press-savvy activists taking on companies as both sides seek the upper hand on the way to the ballot box. While an "us vs. them" mentality makes for a compelling narrative, this framework has a major flaw: it doesn't include shareholders, who are the most important constituency in driving the outcome of proxy contests.

Gaining the support of shareholders, in particular large institutional shareholders, through a well-crafted "investor-centric" activism defense strategy is increasingly the key to success in activism situations. Below we outline how activism defense and the investor landscape have evolved and why the "investor-centric" strategy has become the optimal path to victory for most proxy contests, regardless of whether they culminate in the withdrawal of the activist, a shareholder vote or a mutually agreed settlement.

Where it Began – Tactics, Tactics, Tactics

Five years ago, it would not have been uncommon to find a whiteboard on the wall of a company boardroom in a contested situation filled with a list of tactical measures to thwart the activist's campaign: poison pills, changing bylaws, moving meetings to remote locations, lawsuits, and shifting record dates. The primary focus of a tactical strategy was to outmaneuver the hostile acquirer or activist, the latter of which was more often than not pursuing a straightforward "sell the company" or "lever up and distribute" thesis and had limited ability to sustain a multi-year campaign.

Today, investors and proxy advisory firms are more skeptical of actions taken by the Board that appear purely tactical or are otherwise perceived as impinging upon shareholder rights. Often, these actions carry the risk of souring investors who might otherwise be willing to support the company but feel disenfranchised from decisions that materially impact the value of their portfolio company. While such tactics may still be part of the activism defense toolbox, they should be considered with great care and in the context of their impact on maintaining support from companies' increasingly diverse and sophisticated shareholder base.

The Activist-Centric Defense Strategy

As tactical considerations became less effective as an activism defense strategy, boards turned their focus directly to the activists and their agendas. Specifically, some companies took actions with the goal of either preempting the activist or appeasing them, aiming to implement enough of the activist's thesis to make the remainder of their demands not worth fighting for. The resonant concept was that boards should "think like an activist." In some cases, these actions resulted in a settlement with the activist or the activist withdrawing after achieving a partial, but "sufficient," victory.

However, in present times the major problem with a defense strategy focused primarily on addressing the concerns of an activist is that while the activist may have been satisfied by the outcome, some or many of the activist viewpoints may not have been shared by the broader base of long-term investors. In fact, in recent years, there has been significant pushback from large institutional investors, whose risk profiles and investment time horizons often differ from those of a vocal activist fund, about the practice of companies reaching settlements without receiving input from other shareholders. An unsettled shareholder base can leave companies vulnerable to a follow-on campaign either by the initial activist or another activist with a different agenda.

Evolution of the Investor Landscape

The evolution of defense strategies has occurred against a backdrop of recent tectonic shifts in the investor landscape that have reinforced the centrality of the broader, long-term shareholder base in activism situations. The oversight failures of the early 2000s and 2008 financial crisis spurred many investors to become more active owners and voters. Over time, governance-focused institutional investors have built out their proxy voting teams, which has allowed them to engage with a broader range of companies and other market players. Activism itself has undergone a transformation, with activists seeking to shed their "corporate raider" label while building relationships with investors. Additionally, active managers under pressure to generate alpha are more receptive than ever to activist theses.

Underlying all of this is the increasing concentration and acceleration of fund flows into passively managed index funds and ETFs over the past several years. Today, the top five institutional shareholders hold more than 20%, on average, of S&P 500 companies and one of the three biggest index funds (BlackRock, Vanguard and State Street) is the largest single shareholder in 88% of companies in that same index. These passive investors are increasingly important as they tend to have a longer-term perspective which results in them being more willing to support a company if they believe in its long-term strategy regardless of potential short-term negative impacts to the business or stock price.

The growth of assets held by passive investors has also heightened the focus on corporate governance and board-related matters across the market. These topics are now a critical focal point in activism campaigns. As a result, success in an activist situation now increasingly requires companies to persuade and win the support of a range of constituencies much broader than the traditional portfolio manager and buy-side analyst community, including governance teams, proxy advisory firms and key asset owners such as public pension funds.

The Investor-Centric Defense

The evolution of the investor landscape, in addition to the aforementioned problems that have arisen with prior defense strategies, has elevated the concept of an "investor-centric" defense strategy. Unlike previous strategies, this approach begins well before an activist arrives with their demands and is built on companies understanding their investors' concerns through years of engagement and relationship building. As the Chairman and CEO of Vanguard recently wrote, quoting a corporate CEO during one of their engagements, "You can't wait to build a relationship until you need it."

Rather than "think like an activist," the right approach for companies is to "think like a shareholder representative": engage with investors, understand and incorporate their perspectives, and educate them on why the company is pursuing a particular strategy, particularly before an activist appears. Ongoing dialogue enables companies to build credibility with key decision-makers within both the investment and governance teams at institutions, even if there are topics where these disparate teams are not in complete agreement. Even in situations where there is a large and supportive base of retail investors, it is these key decision-makers who will make the ultimate difference between winning and losing.

While companies typically have very active investor relations efforts focused on portfolio managers and research analysts, they must also understand how to engage with all investor constituencies that will drive outcomes in a potential activist situation.

For actively-managed funds, where communication during an activism situation is frequent, feedback will generally be more direct and the decision-making process will be primarily focused on core economic issues. Companies that have built buy-in for their strategy in advance of a fight by being responsive to feedback from these funds will benefit from a higher probability that these investors will vote with management.

On the other hand, governance-focused investors often enter a fight with a limited understanding of the company and are concerned about a range of strategic, financial and governance elements. Building trust with this constituency often means demonstrating that the company has the right board in place to evaluate and oversee long-term strategy, and that the board is operating with a focus on the best interests of shareholders. While this trust can be established in the fast-paced environment of a proxy fight, companies that have proactively built relationships with governance teams and proxy advisors will generally fare better than those that are scrambling to do so under a stormy sky.

With all of this in mind, it is clear that companies in an active defense situation must evaluate every decision through the lens of how investor constituencies will view the action and how it will affect the potential vote. Even if a threatened proxy contest ends in settlement, the leverage that companies have in negotiation derives primarily from the support of these key investors.

Takeaways for Issuers

The delicate balance among boards, management teams, investors and activists is a constantly-changing equation. Over the past several years, a small number of asset managers have amassed trillions of dollars of assets and significant power. These investors represent the ultimate "swing vote" that can effectively determine the outcome of an activist situation and are more willing than ever to exercise their vote. Activists have adapted their approaches to appeal to this increasingly powerful bloc of voters, while public companies have been somewhat slower to proactively build relationships beyond traditional investor relations efforts.

Given these new dynamics, it is critical that companies view their potential actions through an investor lens, whether three weeks before a meeting or during the off-season. A key step is engagement and relationship-building with all key investor constituencies before being confronted by an activist. If an activism situation occurs, company management and board will be able to draw on the trust generated with key decision-makers, will have had the opportunity to tell their story on critical strategic and governance issues, and will have heard and addressed the feedback and concerns of their investors.


Peter Michelsen is President and Co-Head of the Contested Situations Practice of CamberView Partners.

Derek Zaba is a Partner and Co-Head of the Contested Situations Practice of CamberView Partners.

CamberView Partners provides advice to public companies on engagement and shareholder relations, activism and contested situations, sustainability and complex corporate governance matters. CamberView helps its clients succeed by providing unique insight into investors' perspectives on long-term value creation, interpreting the evolving governance landscape and creating proactive strategies to stay ahead of investor challenges.

CamberView's services include: Shareholder Engagement, Governance Advisory, Sustainability, Complex IR Strategy, Say on Pay, "Vote No", Environmental, Social and Governance Shareholder Proposals, Activism Defense, Hostile M&A, Complex "Friendly" M&A, and Defense Preparedness.


The views and opinions expressed herein are the views and opinions of the author at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular company, industry or security mentioned herein and nothing contained herein should be construed as legal or investment advice.

Publication Date*: 10/16/2017 Identification Number: 1439 Mailto Link
Frequently Asked Questions
  Tone from the Top: Influence Boards Don't Know They Have by Dr. Phillip Shero
Identification Number 1435
Tone from the Top: Influence Boards Don't Know They Have by Dr. Phillip Shero
Publication Date: October 3, 2017 

Dr. Phillip Shero is the President of MasterMinds Leadership and works with CEOs and Board Chairs to build bridges of trust and accountability.

In a recent conversation, the Corporate Secretary of a Fortune 500 company proudly explained to me their culture of accountability and intentional investment in leadership at all levels.

"That sounds amazing," I said. "Tell me, what is the board's role in creating and sustaining that culture?"

He said, "There's not much the board can do about that. Culture is the CEO's job."

Therein lies the problem.

We have done such a good job emphasizing management's responsibility to drive culture that directors don't see the levers of culture available to them. If we want to succeed at creating the right "tone at the top," boards must recognize and embrace their levers of influence.

No Accidental Success

Consistent success over time is not an accident. It is purposeful. If the culture was truly exceptional at his company, I could not believe that the board was not involved.

I asked further questions and pointed to examples the Corporate Secretary had already given me to help him see the board's role in their success. His eyes went wide and he said, "Yes! I guess we did play a part." He was then able to cite several practical situations where the board set a tone for accountability and leadership development. Even in situations where the board was not directly involved, he was able to see how the members knew of and supported management's efforts to develop leadership and accountability.

One of his examples was an annual board meeting where the achievements of two dozen high potential employees were celebrated. He affirmed that the directors knew who these up-and-coming leaders were and were proud of their development.

His story is a clear case of unconscious competence: until that conversation, he did not realize what his board was doing right or how powerfully it supported their company's culture and tradition of leadership development.

Where are the Levers of Culture for Directors?

The Corporate Secretary was right in this: the two functions of management and governance have different arenas of responsibility. Directors do not have the same proximity to employees or opportunity to influence culture daily that the CEO and executive team have.

However, directors do have three levers to intentionally influence the culture of their organizations. These are the levers of Leadership, Alignment, and Perspective.

1) The Leadership Lever: Hiring the right CEO and building a relationship of genuine trust.

Boards select a CEO for many reasons—not least of which is his/her ability to drive profit. However, we know that not all profit is equally good. An executive can slash jobs and create profit instantly, but the effects on morale and culture will diminish those returns over time.

David Katz writes in Harvard Law School's Forum on Corporate Governance that cultural fit is one of two key elements in the CEO selection process. I believe his criterion can be strengthened further—a CEO candidate must have demonstrated ability to create and sustain healthy cultures, not just fit the culture that already exists.

Selecting the right CEO is a massive culture lever for directors, but it can only be moved about every 5 years. Therefore, directors must give attention to relationship quality.

The CEO selection lever has a dial to the side, which measures the trust, transparency, and relationship quality between the Board and CEO. Directors can influence organizational culture by turning up that dial to increase trust and transparency in the boardroom. One of the best ways I know to begin creating more trust between directors and the CEO is by getting to know each other outside of board meetings. Any process that creates the ability to share and recognize each other's strengths and weaknesses will strengthen the foundations for trust.

2) The Alignment Lever: Modeling the culture and rewarding a single standard.

It may come as a surprise to think of the culture of the boardroom as a reflection and lever of influence on the culture of the organization. Edgar Schein described culture as a combination of shared beliefs, values, and actions (or artifacts). All three are present in a board meeting: shared beliefs (what is true and/or real), shared values (what is important), and shared actions (what we do).

The cultural artifacts of the boardroom include how people are greeted, what makes it onto the agenda, how much time is given to different topics, what relationships are cultivated, whether interrupting speech is tolerated, and whether healthy conflict is possible or encouraged.

Along with modeling the desired culture in the boardroom, directors can leverage their interactions with the CEO to influence culture through relentless pursuit of alignment.

One way to pursue alignment is by rewarding a single standard. Note this example of a double standard: the board desires a culture where Millennial workers are developed and retained, but the CEO is rewarded for cutting lower-level jobs to achieve projections.

Directors can measure their current alignment through use of strategy-focused board surveys, facilitated by a third party. Many board surveys are heavily weighted toward compliance with standards and regulations, which tell little about internal alignment. However, a survey weighted toward strategic issues can reveal misalignment between governance and management early enough to make corrections.

3) The Perspective Lever: Asking the right questions and cultivating multiple perspectives.

As humans, directors and chairs must overcome the built-in social pressures that suppress hard questions. I continue to read about and hear from directors who do not ask questions out of concern that they would look uninformed or out of step.

In recent years, directors have been encouraged to ask more questions about more types of risk, including cybersecurity. Boards know they are responsible for risk. Yet, there is a disconnect when it comes to asking relevant and probing questions about culture, often until it blows up on the news. When bad news breaks, defective cultures are usually blamed on CEOs, with boards taking little responsibility. Consider recent news related to companies with broken cultures that resulted in a variety of toxic practices, including customer abuse, sexism, gender bias, and massive sales fraud. In each case, the assumption is that the CEO is at fault for bad culture. The board bears little or no responsibility.

A report issued by one company cited management's failure to correct an oppressive sales culture. The board did acknowledge some responsibility, but the report couched it as a structural issue—i.e. the board failed to fix a flawed, decentralized structure. Even with that admission, board members complained that they were not made aware of complaints and cultural problems. Perhaps so, but did they ask the right questions?

In addition to asking deeper questions about culture, directors can move the lever of culture by cultivating multiple perspectives. The board should ensure that it hears from various sources. If an internal study is commissioned, let the person who led the study present the report to the board personally. If an external consultant assesses the culture, the board should hear their findings in person. When it comes time to conduct evaluations, invite a third party to facilitate the survey and interpret the results.

The need to cultivate multiple perspectives is not an indictment of the CEO's or chair's lack of objectivity. Nor does it indicate lack of trust. Instead, hearing from multiple voices allows the directors and CEO to listen together, reflect together, ask questions together, and eliminate bias together. Important cultural indicators emerge from this shared listening, which can be easily overlooked when the same few sources always provide and interpret information.

Directors need to ask themselves the hard, honest questions about their attention to cultural health, and they need to brace themselves for the answers. What voices have been invited to speak in the boardroom outside of the top management team, audit firm, and legal advisors? What insights and new perspectives did they gain from hearing them? How deeply did they dig to understand the information that was shared?

Shifting "Tone at the Top" by Moving the Levers

Boards that want to shift the "tone at the top" must first recognize that they, as directors, have real influence on the culture of the organization. Directors can work together and individually to move the levers of Leadership, Alignment, and Perspective to actively extend their influence and shape the culture of the organization.


Dr. Phillip Shero is the President of MasterMinds Leadership and an executive coach to CEOs, senior management teams, and boards. He lived in Uganda for 15 years, where he became the co-founder and first president of LivingStone International University, an accredited liberal arts institution dedicated to producing ethical and empowered leaders in Africa. His firm specializes in executive leadership development, coaching high performing senior teams, and strategic planning. Dr. Shero writes weekly on leadership and publishes on LinkedIn.

The views and opinions expressed herein are the views and opinions of the author at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular company, industry or security mentioned herein and nothing contained herein should be construed as legal or investment advice.

Publication Date*: 10/4/2017 Identification Number: 1435 Mailto Link
Frequently Asked Questions
  Ransomware Defense for Boards by Betsy Atkins with input from Bill Lenehan
Identification Number 1427
Ransomware Defense for Boards by Betsy Atkins with input from Bill Lenehan
Publication Date: September 20, 2017

For all the clever coding involved, most ransomware delivers a very crude but deadly message when it strikes your company. Important company files are locked, and may be destroyed, unless you pay a specific ransom amount, anonymously, with a short deadline. At that point, panic sets in. But if your top management, IT team and board of directors have devoted some time, thought and resources in advance, you'll know how to respond (and might dodge the bullet altogether).

In my own recent boardroom experience, how boards should deal with cybersecurity is one of the hottest topics. I've been an evangelist for getting boards active in setting and assuring effective corporate digital policies. Much of this should be basic good governance for the twenty first century. Realize that a cyber-attack is now a matter of when not if. Make your board digitally savvy so it can ask smart questions on technology, threats, and liabilities. Assure things like up-to-date platforms, software, and third-party testing.

I should note that the majority of company hacking attacks still involve these conventional threats -- the cyber equivalent of smash-and-grab theft. However, the special dangers posed by digital hostage taking demands a unique corporate governance role. If regular hackers penetrate your systems to steal money or data, there are few shades of grey. There may be debates between IT and the rest of management on budgeting for safeguards (the board should be IT's advocate and "nudger" on this, by the way). However, the priorities after a conventional breach are never in doubt -- assess and limit the damages and learn from the attack.

Ransomware is existentially different and goes to the heart of a board's governance and fiduciary role. Do we as a company pay a ransom demand or do we take the moral high ground and say no? Your board needs to tackle this question, with its uncomfortable blend of technology and ethics, now, before an attack. The major ransomware strains, such as Petya and WannaCry, offer a short time frame (sometimes as little as 24 hours) to pay up or face the consequences. Convening a board meeting that quickly to deal with a flash crisis would be both impractical and unwise. Further, the actual ransom itself can be oddly small. Would you really convene an emergency board session to discuss expending $1,000?

Real-world board experiences with ransomware suggests there is a better way. I've seen ransom demands first-hand at one of my boards, and spoke with Bill Lenehan, CEO at Four Corners Property Trust, who's also faced these traumas. We have observed a number of effective strategies specifically targeted at dealing with the unique threat of a ransomware attack:

Have the ethical discussion before a ransomware attack occurs. Your top executives and IT staff need guidance from the boardroom on the big question of whether or not the company should submit to a demand for ransom. The decision is not an easy one; losing business (and perhaps the business itself) by taking the moral high ground is not your call as a shareholder fiduciary. Your number one mission is to protect the business for investors. That may involve the tough decision to pay up if it will save data or needed access.

"Boards need to provide guidance and support on how this is handled," recalls Bill Lenehan. He finds laying out the issues directly to the board helps clarify their thinking. "I was talking with a 70-year old board chair, and said 'Let me throw you a curve. You're trying to close a $200 million acquisition, when suddenly, your employees get a ransomware demand for a total of $3000. If you don't pay, you jeopardize the deal, your relationship with numerous counterparties, and maybe the company itself.' The response, 'My God, I never thought of this!??'"

Hold this debate now at the board level, because when a hacker's WARNING screen pops up, it's too late for philosophy.

Shape a corporate ransomware response policy based on the ethics discussion. Take the strategic principles the board has developed for responding to ransomware attacks and turn them into a working tactical policy. Include functional steps, like who is to be notified, who makes the final payment decision, damage/cost tradeoffs to weigh, etc. Also, will you even be able to pay the crooks? It sounds distasteful, but assure that you have the mechanisms in place to quickly meet the ransom demands if you choose to.

"You don't want to be scrambling to pay, figuring out how to practically make this work," Bill Lenehan recalls from his own experience as CEO of Four Corners Property Trust. At 5:30 one morning, he received a text message from the company controller telling him there was a problem -- a short-term ransomware attack was spreading globally. "Our board chairman was out of the country, hours behind us, so what do I do as CEO? Would I pay, or not pay, do I need to inform my board, or just hurry to set up a Bitcoin account?"

The CEO and other staff should not have to make these decisions on the fly -- and if they do, it's the fault of the board, which didn't prepare in time. "Ransomware is not the fault of the CEO," notes Lenehan. "It's like a school snow day -- you have to set your decision policies in advance." (Lenehan also notes that his small company has a staff of 12, and is as far off the business news radar as can be -- yet hackers still found them).

No policy can mean inability to respond at all. At a major company whose board I had served on, we faced a short-term ransomware demand, and decided we had to pay. But the hackers demanded payment in Bitcoin, and the company didn't have a Bitcoin account. This took two days to set up -- by which time the deadline had passed. In the missed deadline experience I referred to, we were able to negotiate a compromise. We were ultimately able to decrypt our files.

Also, ask what you'll do if other problems crop up. In Europe, a recent Petya attack demanded payment to the bit-napper's Posteo email account. But before victims could comply, Posteo had blocked the mailbox.

Beware risks related to ransomware attacks on third-party affiliates. Ransomware is not just an internal danger. Even after you shape a sound emergency policy for your corporate response, what about the suppliers, customers and advisors you depend on? Lenehan tells of a ransomware strike, not at his company, but at a major law firm they were depending on to close a $20 million acquisition. "The lawyers got an email from IT early in the morning telling everyone not to turn on their laptops and check them in immediately." A pending deal was suddenly frozen solid.

What would happen at this very moment if one of your top vendor's or client's IT system instantly went dark for an uncertain period of time? Are they able to back up their information with systems completely walled off from the afflicted ones?

Fight hackers with unconventional warfare. Above, I noted the generic things a board can do to improve the technical odds of avoiding and fighting cyber mischief. Push IT to innovate outside its normal comfort zone. Third-party vendors like Optiv, SecureWorks, and Stroz specialize in penetration testing, 24/7 threat monitoring and ethical hacking. Your IT staff says they have the latest software updates and threat assessments? Good -- let's contract with outside experts who can make sure. The expenses involved should be modest and today are a basic cost of doing business. Want to drive a car? You need to buy insurance. Want to operate in today's digital world? Invest in outside cyber-expertise.

Check that cyber insurance coverage is adequate. Speaking of insurance, check your liability and other business policies when it comes to hacking damages and, specifically, ransomware costs. What sort of losses are covered, which aren't, how much could ransomware losses total, what compliance measures must you have in place, and what are disqualifiers? Also, how should your company decide on making a claim? (If you file a claim for a ransomware payment of $5,000, will your premiums shoot up by ten times that amount?) "If someone demands $350 in Bitcoin, it may be like when someone keys your car in a parking lot," notes Lenehan. "Rather than making a claim, you just get it detailed out on your own dime."

Ultimately, boards and management need to respond to a ransomware crisis the same way they respond to any company crisis. They must assure good response tools and plans are in place and functioning, that tough questions are asked, and that everyone knows their role. But for the board, ransomware prep demands an added step -- asking if they're ready to make a deal with the devil.


Betsy Atkins serves as President and Chief Executive Officer at Baja Corp, a venture capital firm, and is currently the Lead Director and Governance Chair at HD Supply. She is also on the board of directors of Schneider Electric, Cognizant, and a private company, Volvo Car Corporation, and served on the board of directors at Nasdaq LLC and as CEO and Board Chairman at Clear Standards.

Bill Lenehan is the Chief Executive Officer of Four Corners Property Trust, a real estate investment trust that owns over 500 restaurant properties. He is also on the board of directors of Macy's, the department store company. Prior experience includes board service at Darden Restaurants and Gramercy Property Trust, among others. He spent ten years as an investor at Farallon Capital Management.


The views and opinions expressed herein are the views and opinions of the author at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular company, industry or security mentioned herein and nothing contained herein should be construed as legal or investment advice.

Publication Date*: 9/20/2017 Identification Number: 1427 Mailto Link
Frequently Asked Questions
  Ransomware Payment: Legality, Logistics, and Proof of Life
Identification Number 1424
Ransomware Payment: Legality, Logistics, and Proof of Life
Part One: Background and Reality
Publication Date: September 12, 2017 

Cybersecurity expert John Reed Stark has authored a three-part series of white papers offering guidance for boards of directors on the legal issues, logistical considerations and financial implications of responding to ransomware threats.

In the 2000 American thriller film Proof of Life, the title refers to a phrase commonly used to indicate proof that a kidnap victim is still alive. As an expert negotiator in kidnapping cases, Terry Thorne, played by Russell Crowe, is engaged to bargain for a corporate kidnap victim's safe return. Proof of Life's screenplay was partly inspired by Thomas Hargrove's book The Long March to Freedom, which recounts how the release of the once-kidnapped Hargrove was negotiated by Thomas Clayton, the founder of kidnap-for-ransom consultancy Clayton Consultants, Inc.

The film Proof of Life is not just a compelling narrative – its premise and main character also provide some useful insights into managing the emerging threat of ransomware. Ransomware, a special and more nascent type of malware, prevents or limits users from accessing their data by locking system screens or user files unless and until a ransom is paid.

Just like Clayton Consultants, the team advising a ransomware victim company (whether the victim is a hospital or global corporate conglomerate) must employ a thoughtful, careful and methodical protocol to survive the ransomware crisis. Like any hostage situation, when a cyber-attacker locks up critical data files the logistics and legalities of ransomware refusal, acquiescence or capitulation can be both elaborate and complicated.

To make matters worse, seeking law enforcement help for a ransomware attack unfortunately remains a very limited option. First, law enforcement has become inundated with ransomware reports and lacks the resources and wherewithal to assist victims. Second, most of the ransomware attackers are overseas, where merely obtaining an electronic evidence or interviewing a witness—let alone successful extradition and prosecution—are rarely possible. Finally, ransomware demands are often at monetary levels in the hundreds or thousands of dollars – too small to warrant federal law enforcement consideration and clearly outside of the jurisdiction of local law enforcement.

Thus, it should come as no surprise that a significant number of ransomware victims opt to pay the ransom. When padlocked files are business-critical (e.g., an important intellectual property formula); when encryption cannot be defeated (no matter how good the code-breaker) or when time is of the essence (e.g., when patient data is needed for life-saving surgery), paying the ransom can become the proverbial best worst option. Moreover, the typically de minimus ransomware payment demands (on average, about $679) are more akin to a financial nuisance than a material fiscal line-item, so from a cost-benefit perspective, payment can make the most sense.

This three-part series of articles provides guidance on the legal issues, logistical considerations and financial implications when managing ransomware threats, including an exposition of the unique issues which can arise when seeking proof of life and opting to meet the monetary demands of ransomware attackers.

Part One provides the keys to understanding the impact of recent ransomware strains, including a discussion of the nature and growth of ransomware; the dangerous aspects of some recent ransomware attacks; and the role (or lack thereof) of law enforcement when managing a ransomware attack.

Part Two will examine the intricacies involved in ransomware response including ransomware investigative tactics, ransomware payment logistics, and the legalities of ransomware response.

Part Three will cover the remaining range of key ransomware essentials including: notification requirements, ransomware remediation, and ransomware cyber insurance.

Read Part One of Ransomware Payment: Legality, Logistics, and Proof of Life >>


John Reed Stark is President of John Reed Stark Consulting LLC, a data breach response and digital compliance firm. Formerly, Mr. Stark served for almost 20 years in the Enforcement Division of the U.S. Securities and Exchange Commission, the last 11 of which as Chief of its Office of Internet Enforcement. He also worked for 15 years as an Adjunct Professor of Law at the Georgetown University Law Center, where he taught several courses on the juxtaposition of law, technology and crime, and for five years as managing director of a global data breach response firm, including three years heading its Washington, D.C. office. Mr. Stark is the author of, "The Cybersecurity Due Diligence Handbook," available as an eBook on Amazon, iBooks and other booksellers.

Publication Date*: 9/12/2017 Identification Number: 1424 Mailto Link
Frequently Asked Questions
  What's New in Shareholder Engagement: Telling Your Own Story
Identification Number 1392
What's New in Shareholder Engagement: Telling Your Own Story
Publication Date: June 22, 2017 

Tactical communication with shareholders is critical, as shareholder activism increases and institutions begin to rely more on their own independent research and less on the opinions of proxy advisory firms. By aligning corporate messaging with investor interests and concerns, companies build better relationships with their investment communities—and in the process, eliminate information vacuums that can be exploited by activists.

Proxy statements are an often-overlooked opportunity for companies to share compelling corporate governance stories and improve stockholder engagement. Investors are keenly interested in succinct and articulate explanations of the following:

  • the company's strategic and risk management plans;
  • the company's corporate governance values;
  • why executive officers are compensated appropriately; and
  • why the company believes it has the right people sitting on the board.

By transforming proxy statements from compliance tools into highly effective communication tools, companies can improve shareholder engagement and nurture investor support for annual meeting ballots. Following are best practices we have observed (and also applied here at Nasdaq) for utilizing proxies to tell a compelling corporate story.

Engage with shareholders proactively.
In addition to building relationships and ensuring shareholders support the company's strategy, a key goal of engagement is discovering investor perspectives on their areas of focus (such as board composition, pay-for-performance metrics, and engagement). Effective shareholder engagement is a two-way dialogue, some of which ought to take place with the company's largest investors outside of proxy season. If institutional investors aren't available to meet during the off-season, take advantage of quarterly earnings calls, industry conferences, and investor presentations to engage.

Bring the proxy process in-house.
Once the company has identified investor concerns and refined its corporate story, it should consider bringing the process for writing and editing the proxy in-house. An outside consultant or vendor cannot do a better job aligning corporate messaging with investor concerns than the company itself. Complex topics such as board composition, executive compensation policies, corporate strategies, and enterprise risk management should be explained succinctly and clearly, a task best left to corporate insiders.

When bringing the proxy development process in-house, it is helpful to create a benchmark of best-in-class proxies that stand out in terms of innovation and formatting. At Nasdaq, we spent months researching and creating a "look book" of noteworthy proxies that our development team used as a reference tool to guide improvements in the messaging, readability, disclosure, and formatting of the proxy.

Enhance disclosure and transparency.
When developing the elements of the company's story that address investor hot buttons, don't settle for the bare minimum in disclosure. Transparency around board composition, executive compensation, and corporate governance builds trust and assists investors in evaluating the board's effectiveness and independence. For example, shareholders like to map the skill sets on the board to the company's corporate strategies and enterprise risks. A holistic overview of board composition—including committee assignments, tenure, experience, and diversity—can be helpful for this, as is a board skills matrix. The structure and philosophy of executive compensation should also be outlined in a thorough and very readable analysis.

Enhanced disclosure is especially important when a company has a great governance story it hasn't been sharing effectively. Through our own research at Nasdaq, we have unearthed many Nasdaq-listed companies that have quietly achieved exemplary track records with regards to board composition and diversity. However, these efforts often go unnoticed because only a handful of companies highlight board composition metrics in their proxies using charts and graphs.

Transform the proxy into a communication tool.
Different types of investors read and use proxies differently: for retail investors, it's a reading document; for institutional investors, it's a reference document. To motivate institutional investors to support the company's annual meeting ballot, proxy messaging needs to be clear and compelling (and navigation intuitive) so investors can locate topics of interest quickly and understand them easily.

Readability is key—writing content in plain English, eliminating redundancies to condense the document, and hyperlinking a detailed table of contents are all ways to enhance the readability of a proxy. Key messages should be highlighted in such a way that shareholders can't miss them: In addition to enhancing the summary to include critical information, companies can draw attention to (and summarize) main ideas by incorporating charts, matrices, graphics, and bulleted lists.

Launch an interactive digital proxy.
A growing number of investors prefer to access proxies and vote online, and interactive proxies are transforming online stockholder engagement. The intuitive framework and visually appealing layouts of interactive proxy documents make it easy for shareholders to navigate and digest proxy content on their own terms, and on any device. These interactive versions include multiple features allowing for easy search and maneuverability, such as section and sub-section headers, expanded table of contents, and linked page references throughout the document.

Interactive proxy platforms also provide companies with useful analytics regarding which sections of proxy statements, and which search terms, are most popular with shareholders. User analytic data will be valuable to companies seeking to identify proxy content elements that most resonate with investors, as well as fine-tuning digital layouts and navigation.

During the past few weeks, a number of Nasdaq-listed companies published their 2017 proxy statements using an interactive format including eBay, Inc., Intel Corporation, Nasdaq, Inc., Northern Trust Corporation, and Otter Tail Corporation.

Perhaps the most compelling piece of PR advice dispensed by Don Draper, ad man extraordinaire of the series Mad Men, was this: "If you don't like what they are saying about you, change the conversation." By taking control of their own story, corporations can do just that.

Read More about Interactive Proxy Statements Here >>

Read More about Reasons to Bring the Proxy Process In-House Here >>

Publication Date*: 6/22/2017 Identification Number: 1392 Mailto Link
Frequently Asked Questions
  Top Cybersecurity Concerns for Every Board of Directors: Data Mapping and Encryption
Identification Number 1375
Top Cybersecurity Concerns for Every Board of Directors: Data Mapping and Encryption
Publication Date: May 17, 2017

This is the fourth of a four-part series of white papers authored by Cybersecurity expert John Reed Stark. This series -- published for the first time on Nasdaq's Governance Clearinghouse --outlines a strategic framework for boards of directors to effectively analyze and supervise corporate cybersecurity risks.

This final part of the series Top Cybersecurity Concerns for Every Board of Directors discusses the board's oversight responsibilities with respect to two of the largest enterprise undertakings in the field of cybersecurity: data mapping and encryption.

  • Data Mapping: Every cyber-attack response begins with the forensic process of preserving any electronically stored information (ESI) that may be relevant to the cyber-attack. The most well-run companies establish sophisticated and intelligent data classification schemes to mitigate the costs and challenges of preserving ESI after an attack. Creating an accurate data map for a company is imperative: before a company can figure out how to protect its data, the company needs to know where that data is.

  • Encryption: While encryption systems require constant maintenance, and may complicate communications lines, encryption is typically a company's last line of defense from cyber-attacks. Target's hackers had access to everything, from the deli meat scales to the cash registers, because there were no controls such as encryption limiting access. Merely encrypting sensitive data is not enough—the type of encryption is of equal importance.
This four-part series of white papers covers the following cybersecurity topics:

Part 1, Cybersecurity Governance: critical components related to the governance practices, policies and procedures of a strong cybersecurity program.

Part II, People: cybersecurity recruitment, training and retention as well as hiring outside firms for digital forensics and data breach response.

Part III, Technology: the technical systems that provide the foundation for cybersecurity infrastructure. 

Part IV, Data Mapping and Encryption: an overview of the board's oversight responsibilities with respect to encryption and data mapping.

By using these white papers as a guide, boards of directors can become not only more preemptive in evaluating cybersecurity risk exposure but they can also successfully elevate cybersecurity from an ancillary IT concern to a core enterprise-wide risk management item. 

Read John Reed Stark's Latest White Paper on Data Mapping and Encryption >>

John Reed Stark is President of John Reed Stark Consulting LLC, a data breach response and digital compliance firm. Formerly, Mr. Stark served for almost 20 years in the Enforcement Division of the U.S. Securities and Exchange Commission, the last 11 of which as Chief of its Office of Internet Enforcement. He also worked for 15 years as an Adjunct Professor of Law at the Georgetown University Law Center, where he taught several courses on the juxtaposition of law, technology and crime, and for five years as managing director of a global data breach response firm, including three years heading its Washington, D.C. office. Mr. Stark is the author of, "The Cybersecurity Due Diligence Handbook," available as an eBook on Amazon, iBooks and other booksellers.
Publication Date*: 5/17/2017 Identification Number: 1375 Mailto Link
Frequently Asked Questions
  Learn More About the Shareholder Services Association
Identification Number 1376
Learn More About the Shareholder Services Association
Publication Date: May 16, 2017

Nasdaq recently talked to the SSA to learn more about its mission, the benefits of membership, and its advocacy efforts on behalf of the shareholder services industry. They also shared the agenda for their 2017 Annual Conference that will take place in Florida on July 18-20.

Read our interview with the SSA >>
Publication Date*: 5/16/2017 Identification Number: 1376 Mailto Link
Frequently Asked Questions
  WEBINAR RE-PLAY: A Conversation with PCAOB, BDO and Grant Thornton
Identification Number 1374
WEBINAR RE-PLAY: A Conversation with PCAOB, BDO and Grant Thornton
Publication Date: June 8, 2017

Nasdaq hosted a web seminar with representatives from the PCAOB, BDO USA and Grant Thornton to discuss the PCAOB resources available for public companies on June 7.

Listen to the Re-Play Here >>
Publication Date*: 5/16/2017 Identification Number: 1374 Mailto Link
Frequently Asked Questions
  Nasdaq Talks to . . . PCAOB's Office of Outreach and Small Business Liaison about Its Mission and How It Can Help Public Companies
Identification Number 1371
Nasdaq Talks to . . . PCAOB's Office of Outreach and Small Business Liaison about Its Mission and How It Can Help Public Companies
Publication Date: May 9, 2017

Nasdaq often hears questions from listed companies about their annual financial statement audit or a specific accounting directive. To help answer these questions, Nasdaq investigated and found that, although the Public Company Accounting Oversight Board (PCAOB or the Board) does not have an official "ombudsman," it does have an Office of Outreach and Small Business Liaison. Read our interview below to find out how this office can help answer these questions.

Want to know more?  You can listen to a re-play of a recent webinar Nasdaq hosted with PCAOB, BDO, and Grant Thornton here >>

Q: What is the Office of Outreach and Small Business Liaison?

A: The Office of Outreach and Small Business Liaison was established in 2010 after the passage of the Dodd-Frank Act. The Office plans and conducts forums for auditors of smaller public companies and for auditors of smaller broker-dealers. The Office also acts as a liaison between the Board and accounting firms and others affected by the Board's work; assists with arranging Board member and PCAOB staff speaking engagements; and serves as a contact for anyone who may have questions about the Board's regulatory activities or needs assistance in locating publicly available information issued by the Board.

Q: How can you help public companies?

A: The PCAOB website contains a number of resources which inform companies about the work of the PCAOB including inspection reports of registered accounting firms and summaries of inspection findings. More information on these pages is provided below.

In addition to our website, PCAOB Board Members and Senior Staff speak to representatives from public companies at events across the country. This includes groups of CFOs as well as Audit Committee members.

In addition to the website, public companies may contact our office if they have questions related to anything on the website.

Q: What's the best way to reach you?

A: The office can be reached by telephone at (202) 591-4135 or by email at either or

Q: What are the most common questions you get? How do you respond?

A: The Office of Outreach receives questions on many topics. The most common requests typically involve assistance with locating information on registered firms. Generally, staff from the office will respond directly to the person who contacts us. In some instances, due to the technical nature of the question(s) posed, messages are sent to the appropriate division within the PCAOB for a response. Additionally, if the question or request relates to an issue outside of the PCAOB's jurisdiction, we will direct people to the organization or agency best suited to respond.

We encourage people who contact us to provide enough detail in their message so that the request can be handled promptly.

Q: How can a company participate in PCAOB's standard-setting process? Are there ways for PCAOB to accept input from public companies? What is it?

A: The PCAOB collects comments from all interested parties, including public companies, as part of the standard-setting process. If a proposal is open for comment, it will be listed on the PCAOB home page. The PCAOB has also made available a rulemaking docket which lists the status of all rulemaking projects, including standards. More information on the comment process is available here. All comment letters that are received are posted on the PCAOB website.

Additionally, all PCAOB standards are subject to SEC approval. Once a proposed standard is submitted to the SEC, there is an additional period in which comments are accepted.

The PCAOB also has a Standing Advisory Group which advises on the development of auditing and related professional practice standards. Public company executives and audit committee representatives are among the members of the group.

Broad-based organizations whose members are public companies such as Financial Executives International, the Society for Corporate Governance, the American Bankers Association, and others may seek to meet with Board members and senior staff to discuss issues of mutual interest. Public companies could also reach out to the Board through Nasdaq.

Q: What other resources are available at PCAOB for public companies with auditor-related questions or concerns?

A: As noted above, the PCAOB website has a number of documents and pages that may be of interest to public companies. The Board frequently issues general reports along with staff inspection briefs. In addition, the Board has created a page with information specifically for audit committee members. Information on firms registered with the PCAOB is available through the registration and reporting system. Users of the system can search for any firm and see inspection reports and enforcement actions for each firm as well as view filings required by the PCAOB. Questions not specifically answered on our web site should be directed to the email address and phone numbers listed above.

We encourage anyone interested in the work of the PCAOB to sign up for email updates or to follow us on Facebook, Twitter and LinkedIn.
Publication Date*: 5/9/2017 Identification Number: 1371 Mailto Link
Frequently Asked Questions
  Fredrik Voss, Nasdaq Vice President, Talks About What Blockchain Could Mean to Your Company, Part 2
Identification Number 1360
Fredrik Voss, Nasdaq Vice President, Talks About What Blockchain Could Mean to Your Company, Part 2
Publication Date: April 28, 2017

Following up on our interview last year, we had the chance to speak again with Fredrik Voss, who is spearheading Nasdaq's blockchain innovation initiative. Fredrik described the advances and accomplishments over past year, and gave us some idea of what to expect in the future. Excerpts from our conversation follow.

Q: Last year, Nasdaq announced a blockchain-based solution for voting in Annual General Meetings in Estonia, an application of the technology that went beyond settlement and clearing, an area that seems to be garnering a lot of attention. What made you choose this project?

A: We chose that project for a couple of reasons. One, we deliberately wanted a project that wasn't related to the issuance and settlement of assets on blockchain. We wanted to do something else. We also wanted a project where we really had to explore issues around identity on the blockchain: the identity of a person, identity of a person representing a firm and then firms and people representing other firms in a proxy arrangement.

So those were two things we wanted to explore and then we wanted to find a space where we could do that with internal knowledge and by leveraging the blockchain technology and know-how from our partner Chain. It so happens that in Estonia, we actually do run annual general meetings for a number of companies, as a service. So we had a good understanding of the current business process, so to speak. Also, we would have to rely on a central security depository (CSD) for a share ownership data and we actually own and operate the CSD in Estonia.

As we explored leveraging that environment, we also identified that the Estonian government has put in place a system called e-Residency, which is an advanced way of handling digitized identity for Estonian citizens, but anyone can become an electronic resident of Estonia through that mechanism. So a lot of planets aligned while we picked that particular use case and that particular market as the pilot.

Q: With respect to annual meetings, what are the advantages of a blockchain-based system versus the traditional model?

A: You can obviously do electronic remote voting using traditional technology but the blockchain (or distributed ledgers) has some inherent capabilities that make them quite attractive for a use case like annual meetings, in that it's very easy to track the provenance of a digitized asset. A digitized asset can be anything, but in this case, it's a vote, and it is easy to track its whereabouts in a blockchain user base.

One of the problems with the proxy process today is actually demonstrating to the shareholder that their vote was cast in accordance with the instructions of the shareholder. It is actually difficult to do that. But with blockchain technology, you can easily track the whereabouts of that vote. Also, with this system, the ledger is immutable; you cannot change the records, you can undisputedly prove that votes were cast in accordance with the instructions.

Basically, the way it works is that when a vote is coming up, you poll the CSD, and you issue the right number of voting tokens to the shareholders. An individual shareholder can then transfer that voting token to a delegate, or of course they can vote on their own as well. Then you can actually track the whereabouts of that voting token in the network. You can also see in which ballot – if it was in the yes one or the no one –it was cast. There are some inherent functions in blockchain that make it an easy technology to use for that particular use case.

Q: So a company is no longer just sitting back and waiting for the votes to come in? They actually have total visibility into the whole process from beginning to end?

A: Exactly. They have total visibility from the issuance of those voting tokens. You can allow various parties to see where the votes are in the network, and if you are the shareholder, for example, and if you delegated your vote to someone, you can actually see where it is, you can see when it's cast, you can see in what ballot it was cast, depending upon the rules of the voting process. You can allow the issuing company to see the complete picture of where the votes are for everyone in the network.

The technology provides transparency and certainty to these processes. You cannot quite emulate that using the existing technology of trusted third parties and traditional databases. That would be a more complex and cumbersome solution to build than versus leveraging the inherent capabilities of blockchain ledgers.

Q: In a report issued in January 2017, the Estonia AGM project was described as "successful" and well received by the user community. What were the highlights from this effort?

A: As highlighted in the report, we tested our solution in cooperation with a recently listed Nasdaq Tallinn company, LHV Group, an Estonian financial group. Some reactions from LVH's management team were:
  • Mr. Erki Kilu, CEO of LHV Pank: Testing the prototype was simple and user friendly. The options were intuitive and required minimal amount of clicks. It is a joy to use a blockchain-based system that actually works and which is awaited by the market and can be used by thousands of people at the same time.
  • Mr. Madis Toomsalu, CEO of LHV Group: It is a good initiative (i.e. start-up) and has a lot of potential. Testing of the prototype was convenient and simple. If the future solution enables mobile ID authentication as well and the security is granted, then we would definitely consider using the product in the future.
Some feedback we received from various investors included:
  • "The GUI was very clean and intuitive, design is nice."
  • "Everything was logical, simple and understandable. The only disappointment is that I did not find any bugs to report."
  • "Quick and simple way to vote. The future seems bright!"
They appreciated the transparency in the process. We had proxy companies and custodians involved in the process, and for them, the fact that they now could validate and have evidence that they have fulfilled their obligations was helpful for them. We also learned a couple of things on what is needed to do to make it a complete product, so that was helpful as well.

Q: Looking back on the Estonia project, in what areas do we still need to make improvements?

A: I think the core piece of the solution is very solid. To make this a complete and attractive solution for the users there are some areas we can improve upon. Currently, for example, you have to use a laptop to participate remotely. Obviously you want to be able to provide handheld capabilities. What we delivered was sort of a first minimum viable product or a pilot, and there are some analytics and additional features we'd like to add to it when we turn it into a full blown product.

Q: Do you think that blockchain technology will facilitate shareholder engagement?

A: Totally. That's one of the key promises of the technology. We explore, broadly speaking, three uses of the technology. The first would be post-trade issuance and settlement, as you mentioned earlier. We're also looking to regulatory transparency. But we also are looking at whether this technology can be used to bring issuers and investors closer to each other. And I think this project proves that is the case.

We think that a solution like this could promote a more active investor base. It will be a cheaper, more intuitive, more effective way of participating. For example, in a shareholder meeting, it doesn't mean that everyone wants to participate on their own, but the delegation methodology is a more attractive solution for the issuer, the investor and the proxy custodian. So this project is actually evidence that the technology potentially has that capability.

Of course, to continue on that theme, that voting token we talked about earlier could basically be any digitized asset. If you're a coffee company, the token could be a beverage coupon that you can easily send to your shareholders using the electronic ledger network, as an example of something you could do in the future. So we definitely think the technology will facilitate shareholder engagement.

Q: Nasdaq is utilizing blockchain technology with private companies through the Nasdaq Private Market. How are private companies utilizing the blockchain technology?

A: That is the first project we embarked upon, what we call the Linq project, which combines Nasdaq solutions with technology developed by our partners at Chain. That falls into the first bucket of the areas we've explored: the issuance, settlement and transfer (in the case of secondary market transactions) of ownership of securities. So that is mainly how we've used the technology in the private company space.

So basically, a private company using this solution issues shares, and it can transfer those shares to its investors. When investors trade in the secondary market, they can transfer ownership of those shares using this technology. This is all electronic, secure, and done in real time. But there is no trusted third party in the middle. There is no central depository involved so this is a true peer-to-peer network that's leveraging the technology. It is actually the technology that keeps track of who owns what, instead of a trusted third party in the middle, like a depository.

Q: With private companies, what advantages does the distributed ledger provide over traditional systems?

A: In the U.S. for example, you've traditionally had paper certificates. You've had capitalization tables being managed in Excel spreadsheets. You have had these certificates being shipped by common carrier, and stored in vaults. You're talking about a labor intensive, error prone infrastructure…but the key feature has been a peer-to-peer network between these parties. Now you can actually keep this peer-to-peer network if this industry does not want to have a depository function in the middle. This technology secures the processes, provides capitalization information in real time, and is cheaper than the way it happens right now.

Q: How do you see the landscape changing in 2017? What roadblocks are limiting the mass adoption of the blockchain technology?

A: In terms of blockchain in capital markets, we are sort of moving out of the proof of concept (POC) era. Not only at Nasdaq, but among the blockchain industry as a collective, there are fewer POCs, and we are seeing more and more solutions, products being deployed for real assets with real customers. So we are leaving the POC era and entering into more of a pilot era with real products. It's going to be interesting to follow how those products perform over the next, let's say, two years. We are seeing increased certainty in the technology. That said, blockchain is not yet, of course, a mature technology.

We will see a lot of evolution in blockchain protocols over the coming years and there are still certain issues around functionality that need to be developed. But we and others increasingly believe that actually these types of enhancements they will be achievable and where companies like our partners Chain are in the forefront. So the technology seems to be increasingly validated as a good candidate for use in capital markets. Now the focus is on the obstacles or challenges limiting wide-scale adoption, and they are mainly non-technology related and non-technical in nature.

One challenge is actually going from vision to concrete designs of how these solutions, these networks, are going to work. The blockchain has wonderful potential as an enabler of faster transaction processing, lower need for capital, better operations, lower cost for IT, among other things. That is the vision – but actually bringing that down into a concrete design that a community of users can agree upon? That's not a show stopper but it takes a bit of time to achieve. So that's one area.

A second area is legislation and regulation. Some of these new business models and market structures that are being thought about are so innovative that they are simply not contemplated by existing laws and regulations. The issue is not that they are prohibited, the issue is that there's a legal uncertainty around them in the current regulatory context. You cannot expect capital market participants to allocate billions worth of assets into solutions where there is legal uncertainty. So there needs to be some legal and regulatory innovation in parallel with the technical innovation. Again, that is not a show stopper – we change laws and regulations all the time, but it takes a bit of time and effort to do it.

Third is something Nasdaq has been thinking about from the beginning: the integration and transition processes. Whatever you want, the fact of the matter is that this technology is being implemented in a pre-existing context – a rather complex technology infrastructure. It needs to be integrated in an efficient way. And then, of course, if your business idea or your business model relies upon replacing a pre-existing piece of infrastructure, you also need to have a credible transition plan to put in the new and get rid of the old technology. You don't want to be stuck halfway through a transition process because then you end up having to support both the old infrastructure and the new infrastructure. We don't want that to happen.

So while technology evolution is still very important, that is less of a concern. Now, more and more focus in terms of challenges is being directed to these three things I just spoke about.

Q: What effect do you think the proposed changes to Delaware General Corporate Law (DGCL) will have on the adoption of blockchain technology for corporate purposes?

A: That is an example of an initiative that addresses the challenge of legislative and regulatory uncertainty. If you can create legal certainty that, for example, shares issued in the blockchain format actually represent ownership in the company that would be tremendously helpful. So I think these proposed changes are a sign that these challenges are starting to be addressed, and that is positive for the landscape.

Q: Besides annual meetings and settlement and clearing, what other uses of blockchain do you foresee for publicly-held and private companies?

A: In terms of the corporate nature of things, those are definitely the key areas. Particularly, issuance, settlement, and transfer of ownership combined with services like voting. That is core. There are a lot of use cases that could be relevant for companies in certain industries.

We know, although we are not active in some of those industries ourselves, that there are a lot of use cases being explored in the insurance industry, in supply chain management, and a number of initiatives in the healthcare industry. So there could be broad implications – some in specific industries, but also general features that address needs for all companies, regardless if they are private or public.

Q: Basically new infrastructure for them to utilize at that point?

A: New and better infrastructure. Of course, if the technology delivers on its promises in terms of creating better transparency into who owns a company's shares, you can think of all kinds of interesting things that a company can do with that information to become a more valuable company to its shareholders.

Q: Last question: do you have any other projects planned for 2017?

A: Yes, there are a number of exciting projects going on. Some are public; some are yet to be publicized. One that has been publicized is that we are working together with a company called The New York Interactive Advertising Exchange (NYIAX) to create a blockchain-based marketplace for advertising instruments.

We are continuing to work on the Linq concept with our partners at Chain and expanding the feature sets. We're expanding the markets for which it is used. We already use it for company shares and we've announced that we're going to use it for alternative investments as well. And as I said, we are working on the features included in the Linq solution as well.

We have also added blockchain capabilities to the Nasdaq financial framework, which is basically a platform for capital market applications, where a user of that platform can use any data store they want. You can use the blockchain or you can use a traditional data base or you can use them in combination.

And then we have a couple of other projects that we actually cannot talk about publicly yet, but when we can, we can add them to the list.

Q: Sounds good. Let's catch up again next year and you can tell us more about this.

A: Yes, we should.

Frederik Voss is a Vice President at Nasdaq responsible for Nasdaq's blockchain innovation initiative.
Publication Date*: 4/28/2017 Identification Number: 1360 Mailto Link
Frequently Asked Questions
  Equilar Study Finds Over-Boarding Directors More Common, Better Paid
Identification Number 1357
Equilar Study Finds Over-Boarding Directors More Common, Better Paid
Publication Date: April 21, 2017

The idea of multi-boarding, also known as “overboarding”, has become a topic of debate for investors, board members, and advisors. Although some argue public directorships on multiple boards can positively promote shareholder engagement and corporate governance experience, others question if directors with multiple board commitments are putting sufficient time and energy into their other commitments. A recent Equilar study found that multi-boarding is more present in larger companies, has increased 48.6% to 53.6% in the past five years, and has led to greater director pay-outs. The study also revealed that the increase of women on boards, and a desire for directors familiar with issues scrutinized by shareholders and stricter regulatory requirements, may lead to candidates who are well-versed with these issues serving on more boards.

Read more from Equilar >>
Publication Date*: 4/21/2017 Identification Number: 1357 Mailto Link
Frequently Asked Questions
  Five Key Components for Building and Maintaining an Ethical Workplace Culture
Identification Number 1349
Five Key Components for Building and Maintaining an Ethical Workplace Culture
Publication Date: April 11, 2017

A strong ethical culture is essential to effective compliance risk management. There is no shortage of compliance failures to illustrate how a weak ethical culture can sabotage even the best corporate compliance programs. Almost universally, misconduct took hold in these cases because employees felt pressure to prioritize performance over compliance and, in response to such pressure, figured out how to evade controls meant to ensure compliance.

Given the importance of ethical culture in producing positive outcomes and enabling business goals as well as its profound impact in preventing significant compliance failures, boards and executive management teams should make sure the company’s approach to building and maintaining an ethical culture incorporate these key best practices:

1. Establish clear accountability for ethical culture as a management function

Ethics and compliance functions rely on similar skillsets, leverage similar tools and operationally need to be well-coordinated. While program management for ethics and compliance program elements can be combined, ultimately, an ethical workplace culture is determined primarily by senior executive management, not by an Ethics and Compliance Department.

To ensure that managers understand their accountability for setting the company’s ethical culture:
  • Establish an Ethics Steering Committee comprised of senior business and operations executives along with senior representatives from compliance, Human Resources (HR) and Communications to ensure the ethics program is fully integrated in the business’ operations;

  • Appoint a senior executive as the Ethics Officer (as a part time role) for each geography or business unit to evaluate and reinforce the ethical culture; and

  • Connect ethical conduct to compensation and make it part of each executive’s performance objectives.
2. Evaluate your employee-facing compliance policies so they enable rather than inhibit ethical culture

Overly detailed and technical policies can undercut an ethical culture. This is especially true when responsibility for compliance falls on individual “line” employees and managers. Think of the core messages that are commonly associated with ethical business – “we are a values-based organization” or “we trust our employees to exercise good judgment.” – Now consider a lengthy compliance policy that reads like an excerpt from a federal regulation. The implied message this type of policy can convey may inhibit an ethical culture, and instead, imply counterproductive messages such as – “we are only concerned with bare legal or technical compliance” or “you could try your best but still get something wrong.”

To demonstrate that compliance policies are ethical culture enablers:
  • Create a policy committee comprised of average level employees and managers to review new company policies to make sure they address employee needs with appropriate but not hyper-technical detail;

  • Post employee compliance policies on their own intranet site supported by strong search functions; and

  • Use reading level software on all policies – targeting readability at below the average education level of your employees as many are likely not familiar with the topic.
3. Include ethical behaviors in promotion criteria

When employees perceive that ethical behavior helps them climb the corporate ladder, it reinforces the emphasis that the organization places on building and maintaining an ethical culture. Many companies require some form of risk screening for employees under consideration for promotion to senior level positions. In some instances, this involves reviewing HR files to make sure there have not been any disciplinary actions or significant policy violations; in others, it can involve credit, litigation or public records review to make sure that the individual does not pose risks to the organization before ascending into a position of greater trust and influence. Keep in mind, however, that a lack of unethical conduct is not the same as affirmatively demonstrating ethical behavior.

To help ensure that your promotion process reinforces the importance of an ethical workplace culture:
  • Incorporate specific ethical behaviors into performance and promotion expectations, such as keeping promises and commitments, upholding values while under pressure and demonstrating honesty and transparency;

  • Require a manager to document instances of employee integrity before a promotion to a senior level position; and

  • Conduct 360 degree reviews of high potential staff prior to promotion.
4. Ensure executives and managers have the skills to build and maintain an ethical culture

It can be tempting to confuse personal ethics with ethical leadership – to believe that because someone is an ethical individual with personal integrity that he/she will naturally become an ethical leader. To be sure, ethical leadership starts with personal integrity. But it also means understanding team dynamics, motivations and pressures and how those may influence employee perceptions and behaviors. Lastly, and perhaps the most intimidating to many managers, ethical leadership involves speaking confidently and effectively about the company’s values and “ethical narrative.”

To help ensure that your managers are ready to be ethical leaders:
  • Explicitly incorporate ethical leadership into general leadership development courses, helping new managers understand that ethical leadership is just a key dimension of good leadership;

  • Require managers to share a personal message about their values or a story about an ethical dilemma they have faced; and

  • Provide managers with prepared discussion frameworks to help with discussions about ethical issues with their staff.
5. Prepare managers to identify and respond to employee ethics and compliance concerns

As with most workplace concerns, employees are most likely to raise ethics and compliance concerns with their managers – in most studies, reporting to management is favored by large margins over going to HR, the law department or the hotline. It is therefore all the more important to train managers to recognize signals from their employees. An employee’s offhand “comments” at the end of a meeting might be viewed by an untrained manager as just office banter, but for the employee, who was likely mulling over this issue for days and the potential risks and rewards of coming forward, he or she just raised the issue to management and expects some sort of response. In addition to missing the opportunity to address an issue early-on, if the manager misses these signals repeatedly over time, the team’s ethical climate can begin to erode as issues are not addressed and bad behavior becomes enculturated.

To help ensure that your managers can identify and respond to issues effectively:
  • Make identification and responding to employee ethics and compliance reports part of your annual training program for managers;

  • Provide managers toolkits on how to respond to employee concerns, including what to say and who to contact based on the issue involved; and

  • Reinforce the importance of engaging company resources quickly rather than trying to solve the problem themselves.
The author, Michael Kallens, is an Associate General Counsel in Nasdaq’s Office of General Counsel and is a senior member of Nasdaq’s Global Ethics and Compliance Team. Michael has led industry working groups on developing best practices for corporate ethics programs and is a frequent speaker on ethics and compliance topics. In 2014, he received the Outstanding In-House Counsel Award from the Association of Corporate Counsel-National Capital Region for his work in the area of corporate ethics and compliance.
Publication Date*: 4/11/2017 Identification Number: 1349 Mailto Link
Frequently Asked Questions
  Seven Critical Elements of a Board Refreshment Plan
Identification Number 1347
Seven Critical Elements of a Board Refreshment Plan
Publication Date: April 3, 2017

We asked Betsy Atkins, veteran of 23 boards and 13 IPOs, to share her perspective on the art and science of board refreshment. In addition to her board service, Ms. Atkins is also well known for making very early stage investments in Yahoo and eBay through her venture capital firm Baja Corp. Following is her sage advice on structuring an effective board refreshment cycle.

1) View the corporate board as a strategic asset, not just a fiduciary.

The first step to an effective board refreshment plan is understanding why refreshment is so important. Historically, the function of boards was to act as a financial fiduciary and steward for shareholders. However, for the past decade or so, the role of boards has been evolving as boards are being held for “futureproofing” against threats, and ensuring the competitive relevance of the company.

Just as a company’s leadership team is forward-hired based on long-term strategy, the board is now equivalently an asset to be reviewed for critical expertise and experience, and refreshed as needed. Unfortunately, it’s still not common for a board to have a holistic view of board composition as a strategic asset, and many corporate boards still view themselves as fiduciaries.

2) Take a proactive versus reactive approach.

It’s never been more important to address the topic of refreshment internally- if the board doesn’t proactively think about it, somebody outside the organization is going to raise it. Index funds that were traditionally passive are now beginning to push for diversity, governance refreshment and renewal, and are raising questions on term limits and age limits.

A board should have an annual governance committee calendar with explicit agenda items, just as it does for compensation committees and audit committees. A typical governance committee refreshment calendar might run as follows:
  • Q1: Review board composition, long-term succession planning and rotation schedules.

  • Q2: Map board skill sets to the corporation’s long-term strategic plan.

  • Q3: Review the board skills matrix to identify gaps.

  • Q4: Outline a plan for executing graceful rotations and engaging search firms to assist in filling gaps.
A standardized annual process for board refreshment establishes expectations on term limits from the beginning, ensures recruitment of new members is not a shotgun affair, and takes the personal element out of rotating members off the board. Board refreshment becomes a pure, professional process for identifying and filling needed skill sets.

3) Annually map board skill sets against the company’s long-term strategic plan.

In the absence of a detailed vision of board composition, it’s human nature to place a premium on good working relationships. Therefore, it’s very important when taking a strategic approach to board refreshment to identify whether the board’s skill sets align with the company’s long-term strategic needs.

A board needs to look closely at its company’s long-term strategy, map that against the skills around the table, identify potential gaps, and create a matrix. The skills matrix is not a one-and-done task-it’s a living document, updated every year against the company’s strategy. For example, the board of a bricks-and-mortar retailer planning to establish an ecommerce channel might determine it needs a board member with ecommerce, web advertising and data analytics expertise.

4) Do not let search firms drive the recruitment process.

Too often a board’s decision to replace a member is triggered by a retirement, an activist, or an institutional shareholder. The result of a passive refreshment process is that search firms wind up driving recruitment by default. A far better practice is for the governance committee to lead the board through it as part of the natural refreshment cycle. That way, the board gets the critical skills it needs and new members understand from the beginning that it’s not a lifetime appointment.

When refreshment is driven by a standardized process based on maintaining competitive skill sets, the board isn’t caught back on its heels if a board member is suddenly incapacitated or an activist rattles the doors. It’s also easier to tell a colleague that it’s time to surrender their board seat to somebody who has more critically relevant experience.

5) Set guidelines for retirement or term limits.

Retirement ages are extending, because people are staying active longer and working longer. Age limit guidelines are an effective way to trigger graceful rotations and maintain director independence. The term is guideline—not mandate—because it’s important to retain the ability to waive the age limit as part of governance. For example, at Berkshire Hathaway they’ll likely waive any age limit as long as Warren Buffet is sharp.

Europe is leading the way in board term limits; some European countries have already mandated 10-year terms. Institutional shareholders in the U.S. are taking note and beginning to discuss term limits as a method to maintaining director independence. Term limits also keep a board’s skill set fresh—but again, the governance committee has to retain the ability, by exception, to waive it. Microsoft isn’t going to ask Bill Gates to step down anytime soon.

6) Don’t get too comfortable with board colleagues.

It’s only human that people who serve together on a board will over time become friends, just as coworkers often do. So it becomes awkward to tell a long-time board colleague that they aren’t the right person going forward. To make it more difficult, boards lack the hierarchy of a private corporation. Instead they are led by a group of peers, with a lead director or a chairman who should together with the governance/nominating chair own the board makeup and refreshment topic.

Executing a proactive approach to refreshment eliminates the awkwardness of asking long-time colleagues to leave a board, because transitioning board members off becomes part of a natural, smooth cycle. The expectation is set from the beginning that board appointments are not for life.

7) Measure boardroom diversity using a holistic set of benchmarks.

Diversity shouldn’t be measured strictly by gender. What boardrooms need is diversity of perspective: gender diversity, ethnic diversity, international diversity, entrepreneurial diversity, and don’t forget technical diversity as technology is the biggest disrupter of virtually every business.

Betsy Atkins serves as President and Chief Executive Officer at Baja Corp, a venture capital firm. She is currently Lead Director and Governance Chair at HD Supply. She is also on the board of directors of Schneider Electric, Cognizant and Volvo Car Corporation. She also served on the board of directors at Nasdaq LLC and as Clear Standards CEO and Chairman. She is also on the SAP Advisory Board, among many others.

A self-proclaimed “veteran of board battle scars,” Ms. Atkins will be collaborating with Nasdaq to produce a series of corporate governance “nuts and bolts” articles. Stay tuned for an upcoming interview with her about the importance of executive sessions as a risk mitigation strategy.

Do you have a question about corporate governance for Betsy Atkins? If so, please send your question to and we may address it in a future post.
Publication Date*: 4/3/2017 Identification Number: 1347 Mailto Link
Frequently Asked Questions
  Top Cybersecurity Concerns for Every Board of Directors: Technology
Identification Number 1345
Top Cybersecurity Concerns for Every Board of Directors: Technology
Publication Date: March 29, 2017

This is the third of a four-part series of white papers authored by Cybersecurity expert John Reed Stark. This series -- published for the first time on Nasdaq's Governance Clearinghouse --outlines a strategic framework for boards of directors to effectively analyze and supervise corporate cybersecurity risks.

The technical systems in place at any company provide the foundation for cybersecurity infrastructure and should be one of the primary focuses of any board of directors. Top Cybersecurity Concerns for Every Board of Directors: Technology outlines the various technological system classifications involved in an effective cybersecurity program.

The data points covered in the attached white paper are organized into broad categories helpful for shaping analysis and scrutiny and include:
  • Evaluating logging capabilities
  • Vetting penetration tests and testing consultants
  • Adopting data loss protection (DLP) systems
  • Patching and updating software
  • Installing endpoint detection and response (EDL) tools
  • Assessing physical security of facilities
This four-part series of white papers covers the following cybersecurity topics:

Part 1, Cybersecurity Governance: critical components related to the governance practices, policies and procedures of a strong cybersecurity program.

Part II, People: cybersecurity recruitment, training and retention as well as hiring outside firms for digital forensics and data breach response.

Part III, Technology: the technical systems that provide the foundation for cybersecurity infrastructure.

Part IV, Data Mapping and Encryption (Coming in May): the board's oversight responsibilities with respect to two of the largest enterprise undertakings in the field of cybersecurity: encryption and data mapping.

By using these white papers as a guide, boards of directors can become not only more preemptive in evaluating cybersecurity risk exposure but they can also successfully elevate cybersecurity from an ancillary IT concern to a core enterprise-wide risk management item.

Read John Reed Stark's Latest White Paper on Cybersecurity Technology >>

John Reed Stark is President of John Reed Stark Consulting LLC, a data breach response and digital compliance firm. Formerly, Mr. Stark served for almost 20 years in the Enforcement Division of the U.S. Securities and Exchange Commission, the last 11 of which as Chief of its Office of Internet Enforcement. He also worked for 15 years as an Adjunct Professor of Law at the Georgetown University Law Center, where he taught several courses on the juxtaposition of law, technology and crime, and for five years as managing director of a global data breach response firm, including three years heading its Washington, D.C. office. Mr. Stark is the author of, "The Cybersecurity Due Diligence Handbook," available as an eBook on Amazon, iBooks and other booksellers.
Publication Date*: 3/29/2017 Identification Number: 1345 Mailto Link
Frequently Asked Questions
  Nasdaq Talks to . . . Martin Lipton of Wachtell, Lipton, Rosen and Katz about the New Paradigm in Corporate Governance
Identification Number 1328
Nasdaq Talks to . . . Martin Lipton of Wachtell, Lipton, Rosen and Katz about the New Paradigm in Corporate Governance
Publication Date: February 27, 2017

Martin Lipton, a founding partner of Wachtell, Lipton, Rosen & Katz, specializes in advising major corporations on mergers and acquisitions and matters affecting corporate policy and strategy. We spoke with Mr. Lipton about his most recent publication, The New Paradigm – A Roadmap for an Implicit Corporate Governance Partnership between Corporations and Investors to Achieve Sustainable Long-Term Investment and Growth,” a blueprint for eradicating the short-termism that, he believes, is crippling long-term corporate growth and investment.

Q: Do you see any parallels between the corporate takeover atmosphere of the early 1980’s and modern activism, which has been accused of shifting corporate focus to the short-term?

A: There is a strong similarity between the corporate raiding of the ‘70s and ‘80s and activism. Modern activism is a reflection of the overwhelming control of public companies by the major institutional shareholders, which own somewhere between 65-85% of the stock of most listed companies. The real pressure on companies is meeting the expectations of the institutions that have the ability to control them, versus any other kind of defense to deal with in activist attack.

I believe the best free market approach to protect shareholders from attacks by activist hedge funds is my New Paradigm for corporate governance, which places the deciding power in the hands of a majority of shareholders who are acting with knowledge of corporate strategies and in accordance with their fiduciary duties.

Q: If you had to boil down your “New Paradigm” paper to one takeaway, what would it be?

A: The New Paradigm is a corporate governance framework that derives from the recognition by corporate CEOs and boards of directors, and by leading institutional investors and asset managers, that short-termism and attacks by short-term financial activists significantly impede long-term investment by corporations. The New Paradigm recalibrates the relationship between public corporations and their investors, conceiving of corporate governance as a collaboration among corporations, shareholders and other stakeholders to achieve long-term value and resist short-termism.

In this framework, if a corporation is diligently pursuing well-conceived strategies developed with the participation of independent, competent and engaged directors, and its operations are in the hands of competent executives, investors will refuse to support activists seeking to force short-term value enhancements without regard to long-term value implications. As part of their stewardship role, investors will work to understand corporate strategies and operations. Investors also will engage with corporations to ensure they understand investors’ opinions so corporations can adjust strategies and operations in order to receive investors’ support.

Q: In practical terms, who at the company should collaborate with investors and how do you recommend they do so?

A: The key is a double use of engagement: appropriate corporate governance involves real engagement between management and the board of directors, as well as between corporate management and investors. Institutions want to know that there is an independent, competent and experienced board of directors overseeing and engaged in what management is doing. Corporations need to know what governance their institutional investors expect of them.

As a practical matter, the relationship between a corporation and its investors should be overseen and participated in by the CEO and carried out on a day-to-day basis by the investor relations and corporate governance staff. There should be periodic participation by the lead independent director, independent chair (if any) and members of the board. Director participation is a case-by-case decision depending on circumstances, including whether the investors have interest in meeting with directors.

When engaging with institutional investors, it’s important for corporations to understand what investors want, to communicate effectively what management does not think appropriate and therefore will not do, and ensure investors have confidence in that. It’s also critical to be fully transparent with investors with respect to operations, and earnings, and other material information. Corporations should ensure that investor relations are first rate and that institutional investors are satisfied with the access they have to the board of directors if they desire to communicate directly with the directors.

Q: Your paper states that engagement is a two-way street, with investors holding up their end of the bargain. Do you think the investors are ready for it?

A: Most major investors—especially BlackRock, State Street and Vanguard—have equipped themselves for engagement, and most are committed to strengthening their engagement capability. Engagement is strongly supported by FCLT Global (not-for-profit organization dedicated to developing practical tools and approaches that encourage long-term behaviors in business and investment decision-making) and all of the major investor associations.

Q: While the paper calls for changes through market forces without new regulation, do you think there is anything that exchanges can contribute through the regulation of listed companies?

A: I’m very hopeful that a large number of major institutions, investors, and corporations will endorse the New Paradigm, and that we will see a significant decrease in the pressure for short-term performance as a result. Corporations need encouragement and support from their investors to make the long-term investments that lead to sustainable growth.

The exchanges could make a major contribution to the universal adoption of, and adherence to, the New Paradigm by endorsing it and stating that they believe it is an effective means of achieving long-term investment and growth. If both corporations and investors adhere to the New Paradigm, no new regulation would be needed.

Q: Another publication attracting attention in the corporate governance community is “Principal Costs: A New Theory for Corporate Law and Governance.” Why do you think principal-cost theory has taken so long to emerge, allowing instead for the agency-cost theory to dominate?

A: From the very outset of shareholder activism—say Milton Friedman in 1970— it was recognized that the cost of shareholders forcing changes in business strategy and operations could have an adverse impact on investment in research and development, on capital expenditures, on employment, employee training and attracting top executive talent. It just didn’t have a catchy name like “shareholder democracy” or “agency cost.”

What Professor Goshen has made clear is that it’s the function of the board of directors, and of investors dealing with the corporation, to find the optimal governance structure through exercising balanced stewardship. If you pressure for short-term performance, higher dividends or share buy backs, you are causing the corporation to reduce R&D and capital expenditures and increase leverage to the point that companies run into financial difficulties. There’s no better example than what happened in the fiscal crisis in 2008.

As Jack Welch has said, “maximizing shareholder value is the dumbest idea in the world. Shareholder value is a result, not a strategy…your main constituencies are your employees, your customers and your products.”

Q: Do you think the New Paradigm will affect the balance in the capital markets between short- and long-term investors?

A: I believe the New Paradigm will have a significant impact on promoting long-term investment. CEOs, management teams and boards of director are highly responsive to the views and requirements of their investors. If a majority of shareholders are acting with knowledge and in accordance with their fiduciary duties, it will promote a reasonable balance between short-term and long-term goals.

The International Business Council sought signatures from all participants in its January 2017 meeting to The Compact for Responsive and Responsible Leadership: A Roadmap for Sustainable Long-Term Growth and Opportunity. The Compact includes key features of The New Paradigm and I recommend adherence to The Compact and The New Paradigm by all corporations, institutional investors and asset managers.

Read The New Paradigm – A Roadmap for an Implicit Corporate Governance Partnership between Corporations and Investors to Achieve Sustainable Long-Term Investment and Growth >>

Read The Compact for Responsive and Responsible Leadership: A Roadmap for Sustainable Long-Term Growth and Opportunity >>

Read Principal Costs: A New Theory for Corporate Law and Governance >>

Martin Lipton has worked as a partner of Wachtell Lipton since 1965, representing corporations involved in many of the largest mergers, change-of-control contests and boardroom crises of the past 60 years. In 1992, Lipton co-authored “A Modest Proposal for Improved Corporate Governance” which became the template for the basic corporate governance principles adopted in the 1990s.
Publication Date*: 2/27/2017 Identification Number: 1328 Mailto Link
Frequently Asked Questions
  Nasdaq Talks to…Don Kalfen of Meridian about Preparing for CEO Pay Ratio Disclosure
Identification Number 1303
Nasdaq Talks to…Don Kalfen of Meridian about Preparing for CEO Pay Ratio Disclosure
Publication Date: January 11, 2017

Should public companies still plan on implementing the CEO Pay Ratio rule given that President-elect Trump has promised to repeal or reform Dodd-Frank? Nasdaq sat down with Don Kalfen of Meridian Compensation Partners to find out. Don leads Meridian's Technical Team and has more than 20 years of consulting experience in executive and director compensation and related issues.

The Pay Ratio disclosure rules—drafted by the SEC and mandated under Dodd-Frank—become effective in 2017 and, for calendar year companies, apply to their first annual report, annual proxy or information statement filed in 2018 . Don's interview with Nasdaq resulted in a robust nuts and bolts guide to the CEO Pay Ratio rule, including an overview of the rule, who must follow it, and how to calculate the required pay ratios, as well as his views on its (lack of) merit.

During our conversation, we asked Don to share his thoughts on whether the incoming Trump administration will repeal the CEO pay ratio rule:

President-elect Trump's specific view on the CEO pay ratio are not known. However, Mr. Trump's view on Dodd-Frank are clear: The President-elect will seek the repeal or sweeping reformation of Dodd-Frank. This could result in the repeal of the CEO pay ratio along with the other Dodd-Frank disclosure mandates. Further, over the past several years, Congressional Republicans have routinely introduced bills to repeal the CEO pay ratio. Despite these hopeful signs, at this point it would be premature to write off the Pay Ratio rule. It may be well into the summer of 2017 before the fate of Dodd-Frank and its various disclosure mandates start to become clear. Until then, we are advising companies to operate under the assumption that the Pay Ratio will go into effect in 2017, with initial public disclosure in 2018.

Don also shared his advice and planning steps for companies to begin preparing for the rule in advance of the 2018 proxy season:

Until the fourth quarter of 2017, for a calendar year company it is too early to determine a CEO pay ratio that complies with the Dodd-Frank requirements and the SEC rule on the pay ratio disclosure. A calendar year company is required to determine the covered employee population from which to derive the pay ratio as of a company-selected date occurring in its fourth quarter. Only after this determination has been made may a company calculate a compliant CEO pay ratio.

However, we suggest companies undertake the following planning steps during the current calendar year, and into the start of 2017 to get ahead of the curve:

Identify covered entities (and covered jurisdictions) and means of data collection. A company should identify each covered entity (i.e., every consolidated entity for financial statement purposes), the jurisdiction(s) of the entity and the means of collecting applicable employee pay data from each entity. This, importantly, includes how the company will collect data (e.g., via the company's country specific HRIS system, by hand input on paper documents, etc.), and determine currency conversions.

Determine employee exclusions. Once covered entities are identified and how pay data will be collected, a company should determine if any employees from covered entities may be excluded from the covered employee population (e.g., 5% exclusion of non-U.S. employees, countries where data privacy laws raise issues, independent contractors, etc.). In this regard, a company should consider retention of legal counsel to determine the extent to which non-U.S. employees may be excluded by reason of data privacy laws.

Determine covered employee population. Next a company should determine whether the median employee should be identified from the entire covered employee population or a subset of the employee population based on statistical sampling techniques. A company may need to retain a statistician to determine the appropriate sampling techniques.

Agree upon pay definition for determining median employee. A company should then determine how pay will be defined for purposes of identifying the median employee and to what extent pay may be annualized for certain categories of covered employees. Note, the pay definition for this purpose could be W-2 reported pay, base salary, or other consistently applied measure.

Conduct a simplified calculation based on U.S. employees only. A company should determine sample CEO pay ratio based solely on its U.S. employee population or a subset of this population. This will help a company further refine its processes for developing its CEO pay ratio disclosure and help to surface issues for resolution. Finally, this may provide some indication as to what will be the disclosed CEO pay ratio, and create a more informed expectation on how a company may need to develop disclosures regarding the pay ratio.

To read our full interview with Don Kalfen, click here.

With over sixty associates in ten offices in the U.S. and Canada, Meridian Compensation Partners provides executive compensation consulting and corporate governance services to over 500 major publicly traded and privately held corporations. Their core services include board level advisory services, compensation program design, research and competitive market intelligence on executive pay, and corporate governance matters.
Publication Date*: 1/11/2017 Identification Number: 1303 Mailto Link
Frequently Asked Questions
  Top Cybersecurity Concerns for Every Board of Directors: People
Identification Number 1301
Top Cybersecurity Concerns for Every Board of Directors: People
Publication Date: January 4, 2017

This is the second of a four-part series of white papers authored by Cybersecurity expert John Reed Stark. This series -- published for the first time on Nasdaq's Governance Clearinghouse --outlines a strategic framework for boards of directors to effectively analyze and supervise corporate cybersecurity risks.

Companies can invest heavily in top-of-the-line security software and state-of the-art systems, but without the proper approach toward their IT employees, those efforts will be for naught. This article focuses on a board's cybersecurity oversight pertaining to a company's most important cybersecurity resource (and threat): its employees.

Given the tumultuous risk associated with cyber-attacks, boards of directors and C-suite executives must address cybersecurity not as an IT issue, but rather as an issue of governance. Boards and C-suite executives should establish a cross-organizational team that regularly convenes to discuss, coordinate and communicate cybersecurity issues and is supported by outside cybersecurity response firms and law enforcement agencies.

This paper provides an overview of cybersecurity governance areas that involve people, including:
  • Cybersecurity recruitment and retention
  • Top-down commitment to cybersecurity
  • Employee cybersecurity training programs
  • Digital forensics/data breach response firms
  • Law firms specializing in data breach response
  • Pre-breach law enforcement liaisons
The first paper in this series provided an overview of the critical components related to the governance practices, policies and procedures of a strong cybersecurity program. The remaining papers in this series will broadly cover the following topics:
  • Technology: the technical systems that provide the foundation for cybersecurity infrastructure.
  • Data Mapping and Encryption: the board's oversight responsibilities with respect to two of the largest enterprise undertakings in the field of cybersecurity: encryption and data mapping.
By using these white papers as a guide, boards of directors can become not only more preemptive in evaluating cybersecurity risk exposure but they can also successfully elevate cybersecurity from an ancillary IT concern to a core enterprise-wide risk management item. 

Read John Reed Stark's White Paper on Top Cyber Security Concerns for Every Board of Directors: People >>

Read John Reed Stark's White Paper on Cybersecurity Governance >>

John Reed Stark is President of John Reed Stark Consulting LLC, a data breach response and digital compliance firm. Formerly, Mr. Stark served for almost 20 years in the Enforcement Division of the U.S. Securities and Exchange Commission, the last 11 of which as Chief of its Office of Internet Enforcement. He also worked for 15 years as an Adjunct Professor of Law at the Georgetown University Law Center, where he taught several courses on the juxtaposition of law, technology and crime, and for five years as managing director of a global data breach response firm, including three years heading its Washington, D.C. office. Mr. Stark is the author of, "The Cybersecurity Due Diligence Handbook," available as an eBook on Amazon, iBooks and other booksellers.
Publication Date*: 1/4/2017 Identification Number: 1301 Mailto Link
Frequently Asked Questions
  Governance Clearinghouse: 2016's 10 Most Popular Articles
Identification Number 1299
Governance Clearinghouse: 2016's 10 Most Popular Articles
Publication Date: December 27, 2016

Here are 2016's most popular articles. They covered a range of topics such as board diversity, excellence in governance, cybersecurity, proxy statement innovations, and more, and remain as relevant now as when we published them.

1. Looking Beyond the Numbers: Women on Public Company Boards.  Nasdaq took a close-up look at the women who are changing both the gender parity equation and the boardroom dynamics of publicly listed companies.

2. U.S. Chamber of Commerce Releases Plan for Next Administration. Learn more about the U.S. Chamber’s recommendations to remediate regulations and market inefficiencies that it believes are stifling economic growth and job creation.

3. Nasdaq Listed Companies Recognized for Excellence in Governance.  See which Nasdaq issuers were recognized at the 2016 Corporate Secretary's Corporate Governance Awards for exhibiting best practices in governance, risk, and compliance.

4. Eliminating the Diversity See-Say Problem: Lessons from the Clinton Campaign.  Nasdaq spoke with the Clinton campaign’s Chief Diversity Officer to see what public companies could learn about advancing diversity in the workplace and the workforce.

5. Nasdaq Talks to . . . Andrea Hoffman about Competing for the Talent Companies Need to Grow and Innovate.  Nasdaq spoke with Andrea about tapping the diverse elite talent pool, truly diversifying corporate boards, and digitizing the diversity innovation business model.

6. Nasdaq Talks to . . . Eric Thornburg, CEO of Connecticut Water Service, about the Role Board Diversity Plays in Strengthening Corporate Governance and Improving Company Performance. Eric shared his thoughts on how a diverse culture contributes to the overall success of the organization and how gender parity has strengthened corporate governance and improved company performance.

7. What Makes a Great Board? Find Out from Veteran Director Betsy Atkins.  Betsy Atkins, a scholar of board behavior, veteran of 23 boards and 13 IPOs, shared her views on best practices for building an effective board.

8. Top Cybersecurity Concerns for Every Board of Directors: Cybersecurity Governance.  Cybersecurity expert John Reed Stark outlined a strategic framework for boards to effectively analyze and supervise corporate cybersecurity risks.

9. Taking Stock of Diversity.  Nasdaq EVP and General Counsel, Ed Knight, delivered this speech talking about why he believes the boards of public companies should be as diverse as their investors and customers.

10. Taking Your Proxy Statement from Good to Great.  Read this Outside Insight post to learn about all the latest trends and innovations that will inspire you as you prepare for the upcoming proxy season.

Publication Date*: 12/27/2016 Identification Number: 1299 Mailto Link
Frequently Asked Questions
  EY Center for Board Matters: Top Board Priorities for 2017
Identification Number 1298
EY Center for Board Matters: Top Board Priorities for 2017
Publication Date: December 21, 2016

The EY Center for Board Matters expects Boards to increase focus on six priorities in 2017. These priorities include, among others: overseeing competitive strategy in a world of disruption and convergence; navigating the dynamic geopolitical and regulatory environment; optimizing long-term capital allocation strategies; and strengthening board composition through strategic alignment.

Read more from EY >>
Publication Date*: 12/21/2016 Identification Number: 1298 Mailto Link
Frequently Asked Questions
  PwC Report Considers Investor and Company perspectives on ESG Disclosures
Identification Number 1293
PwC Report Considers Investor and Company perspectives on ESG Disclosures
Publication Date: December 9, 2016

A new PwC report found that investors are increasingly demanding more environmental, social, and governance (ESG) information disclosures by companies as an important factor in their decision-making processes, but companies are still divided on how and what to include. The study analyzed the relationship between investors and corporations, and found that while companies prioritize growth, investors are more focused on risk. Interestingly, while 65% of companies say that ESG considerations are very important to business strategy, only 31% of institutional investors indicated they were important to equity investment decisions. The report also noted that while over 80% of S&P 500 companies disclosed their ESG programs in 2015, investors do not believe the companies present the information in a way that allows easy comparison by investors. Most of those polled agreed that implementing a common standard for companies to use when disclosing ESG information, as well as increased dialogue and feedback, could help bridge the gap between investors and companies.

Read More from PwC >>
Publication Date*: 12/9/2016 Identification Number: 1293 Mailto Link
Frequently Asked Questions
  Non-GAAP Financial Measures: Continuing the Conversation
Identification Number 1291
Non-GAAP Financial Measures: Continuing the Conversation
Publication Date: December 6, 2016

The Center for Audit Quality released a white paper, which explores the issue of non-GAAP information, providing context on its definition and use, pertinent regulatory developments, and the current level of auditor involvement. Additionally, the paper compiles sets of suggested questions for key stakeholder groups (management, investors, investment analysts, securities counselors, audit committee members, internal auditors, independent auditors, regulators, accounting standard setters, and academics) to consider regarding their preparation or use of non-GAAP financial measures.

Read the white paper >>
Publication Date*: 12/6/2016 Identification Number: 1291 Mailto Link
Frequently Asked Questions
  EGCs Account for Majority of IPOs Since JOBS Act, EY Study Finds
Identification Number 1287
EGCs Account for Majority of IPOs Since JOBS Act, EY Study Finds
Publication Date: November 28, 2016

In its recent report “Update on Emerging Growth Companies and the Jobs Act,” EY notes that since enactment of the Jumpstart Our Business Startups (JOBS) Act in April 2012, Emerging Growth Companies (EGCs) have come to dominate the IPO market, citing its findings that 83% of all publicly-filed IPO registration statements and 87% of all IPOs that have gone effective during that time were EGCs. . The report also notes that a large majority of EGCs have relied on some of the accommodations afforded by the JOBS Act, including confidential submission of registration statements to the Securities and Exchange Commission (SEC), reduced executive compensation disclosures and including two rather than three years of audited financial statements.

Read more from EY >>
Publication Date*: 11/28/2016 Identification Number: 1287 Mailto Link
Frequently Asked Questions
  Willis Towers Watson Looks at “Say on Frequency” Votes
Identification Number 1283
Willis Towers Watson Looks at “Say on Frequency” Votes
Publication Date: November 18, 2016

In a recent report, Willis Towers Watson looks at the Dodd-Frank required shareholder vote on the frequency with which companies must seek a shareholder vote on “say on pay”, either every one, two or three years, the so-called “say on frequency” vote. The report reviewed the “say on pay” frequency at Russell 3000 companies, finding that 82% of companies opted for annual, one percent for biennial and 17% for triennial shareholder votes. The report also identifies various institutional investorswho appear to prefer biennual or triennial frequencies as opposed to an annual vote.

Read more from Willis Towers Watson>>
Publication Date*: 11/18/2016 Identification Number: 1283 Mailto Link
Frequently Asked Questions
  Top Cybersecurity Concerns for Every Board of Directors: Cybersecurity Governance
Identification Number 1284
Top Cybersecurity Concerns for Every Board of Directors: Cybersecurity Governance
Publication Date: November 18, 2016

Cybersecurity expert John Reed Stark has authored a four-part series of white papers outlining a strategic framework for boards of directors to effectively analyze and supervise corporate cybersecurity risks.

In the aftermath of a corporate cyber-attack, boards and the companies they govern are subjected to immediate public scrutiny and, in many cases, unwarranted criticism. This new cyber-reality has essentially removed the distinction between board member and IT executive, with cybersecurity emerging as a key corporate risk area.

For corporations, this is the dawning of a new era of data breach and incident response, where trying to avert a cyber-attack is like trying to prevent a kindergartener from catching a cold during the school year.

But cybersecurity engagement for members of the board of directors does not mean that members should obtain computer science degrees or personally supervise firewall implementation and intrusion detection system rollouts. Instead, a board's oversight responsibilities should focus on the critical components relating to the governance practices, policies and procedures of a strong cybersecurity program, which are detailed in the attached white paper and include:
  • Elements of a cybersecurity incident response plan
  • Evaluating the business continuity plan in the context of cyber attacks
  • IT security budgeting
  • Cybersecurity table top drills
  • Data security measures for cloud-based services.
The remaining papers in this series will broadly cover the following topics:
  • People: cybersecurity recruitment, training and retention as well as hiring outside firms for digital forensics and data breach response.
  • Technology: the technical systems that provide the foundation for cybersecurity infrastructure.
  • Data Mapping and Encryption: the board's oversight responsibilities with respect to two of the largest enterprise undertakings in the field of cybersecurity: encryption and data mapping.
By using these white papers as a guide, boards of directors can become not only more preemptive in evaluating cybersecurity risk exposure but they can also successfully elevate cybersecurity from an ancillary IT concern to a core enterprise-wide risk management item. 

Read John Reed Stark's White Paper on Cybersecurity Governance >>

John Reed Stark is President of John Reed Stark Consulting LLC, a data breach response and digital compliance firm. Formerly, Mr. Stark served for almost 20 years in the Enforcement Division of the U.S. Securities and Exchange Commission, the last 11 of which as Chief of its Office of Internet Enforcement. He also worked for 15 years as an Adjunct Professor of Law at the Georgetown University Law Center, where he taught several courses on the juxtaposition of law, technology and crime, and for five years as managing director of a global data breach response firm, including three years heading its Washington, D.C. office. Mr. Stark is the author of, "The Cybersecurity Due Diligence Handbook," available as an eBook on Amazon, iBooks and other booksellers.
Publication Date*: 11/18/2016 Identification Number: 1284 Mailto Link
Frequently Asked Questions
  Harvard Law School Professor Offers Empirical Analysis of Universal Proxies
Identification Number 1280
Harvard Law School Professor Offers Empirical Analysis of Universal Proxies
Publication Date: November 11, 2016

A recent paper by Scott Hirst, Associate Director of the Harvard Law School Program on Corporate Governance, looked at the potential impact of allowing universal proxies that list all director nominees, as recently proposed by the SEC, instead of voting based on separate proxies for management and dissident nominees, as is the case now. The study found evidence that universal proxies may eliminate “distorted” proxy contests and by doing so enfranchise shareholders. These benefits, the paper argued, would outweigh concerns that universal proxies could lead to more proxy contests and empower special interests. In support of its conclusions, the study found that 22% of proxy contests at large U.S. corporations between 2008 and 2015 may have been distorted, meaning that another candidate may have been elected if a universal proxy was used.

Learn more about Scott Hirst's paper>>
Publication Date*: 11/11/2016 Identification Number: 1280 Mailto Link
Frequently Asked Questions
  ISS Proposes Draft Policy Changes for 2017
Identification Number 1277
ISS Proposes Draft Policy Changes for 2017
Publication Date: November 2, 2016

ISS is requesting public comment from interested parties regarding proposed draft policy changes. If accepted, these policies would take effect for meetings on or before February 1, 2017. Significant proposal updates involving U.S. companies include updates to director election voting policies in the case of certain companies with multi-class class structures and companies that restrict the ability of shareholders to amend the bylaws. Comments are due by November 10th and ISS expects its final policy announcements to be released in the second half of November.

Click to see ISS’s Policy Drafts >>
Publication Date*: 11/2/2016 Identification Number: 1277 Mailto Link
Frequently Asked Questions
  Counteracting the Fraud Triangle
Identification Number 1272
Counteracting the Fraud Triangle
Publication Date: October 25, 2016

Cindy Fornelli—Executive Director at the Center for Audit Quality—shares with Nasdaq the elements of a fraud-resistant organization, tools for improving disclosure and audit reports, and recommendations for assessing the performance of outside auditors.

Q: The Center for Audit Quality (CAQ) partnered with a number of organizations to research and prepare a report on detecting and deterring financial reporting fraud. Can you summarize your findings?

A: The Anti-Fraud Collaboration’s report, The Fraud Resistant Organization, provides information about the conditions that might make an organization more susceptible to financial reporting fraud and describes how to mitigate those conditions. The report identifies three central themes that are critical to fraud deterrence and detection: (1) strong “tone at the top,” (2) skepticism, and (3) robust communications. These three elements help counteract each condition of the so-called "fraud triangle"—pressure, opportunity, and rationalization—that can lead someone to commit fraud.

A key theme of the report is that fighting fraud is truly an all-hands effort. Management, boards of directors, internal audit, and external audit all play a part in deterring and detecting fraud, and all need to have a solid understanding of their respective roles.

Additionally, these entities need to work hard to establish and maintain an environment of open and ongoing communication. Good communication enhances the knowledge of all parties and is vital for identifying any gaps in efforts to mitigate the risk of financial reporting fraud.

Q: Since the reforms of the Sarbanes-Oxley Act of 2002 were put into place, accounting restatements have decreased. Other than the change in the law, what other factors have contributed to this reduction?

A: One factor is enhanced communication and collaboration across the financial reporting supply chain. Since the passage of SOX, key stakeholders have worked together as never before to improve financial reporting. The Anti-Fraud Collaboration—formed in 2010 by the CAQ, Financial Executives InternationalThe Institute of Internal Auditors, and the National Association of Corporate Directors (NACD)—is one example of this kind of collaboration. Another example would be the robust dialogue we've seen among market participants around internal control over financial reporting.

A second factor is the ever-strengthening role of audit committees in our system of investor protection. The audit committee community is as energized and engaged as ever. Audit committees are also benefitting from new tools and resources from organizations like the NACD and the CAQ, as well as governance centers at auditing firms.

Last, but certainly not least, credit should be given to the public company profession's strong commitment to enhancing audit quality through the cycle of continuous improvement. Each year, the profession invests substantially in training and continuing education to enable its workforce to execute high quality audits in a constantly changing business and regulatory landscape.

Q: You’ve stated that more disclosure by companies is not necessarily better, but rather, we should be focusing on “effective disclosure.” How can disclosure by public companies be improved, and how can its effectiveness be measured?

A: One way to improve disclosure is to highlight best practices from leading companies. As an example, consider the Audit Committee Transparency Barometer, a joint project from Audit Analytics and the Center for Audit Quality. Each year, The Audit Committee Transparency Barometer measures the robustness of audit-related proxy disclosures among companies in the S&P Composite 1500. The publication not only provides robust data on year-over-year trends, it also features specific examples from companies that have provided meaningful information. Thus, the Barometer can serve as a resource to other companies looking to enhance their disclosure practices.

As the Barometer emphasizes, it is important for disclosure to be tailored to specific companies and industries. That way the disclosure is meaningful—not just more information or boilerplate text.

Q: In what ways can diversity – gender, viewpoint, and ethnicity – benefit public company boards of directors and audit committees?

A: There are substantial benefits to achieving diversity in the boardroom. Boards with diverse points of views—and members with different backgrounds—often make better decisions. And, in the words of Robert E. Moritz, Chairman of PricewaterhouseCoopers International, "diversity yields innovation."

The benefits of diversity are supported by empirical research. On gender diversity, for example, a 2012 study by from researchers at the University of Wisconsin-Milwaukee, Santa Clara University, and Kansas State University found that female presence on a company board reduced the chance of financial restatements by close to 40 percent.

I would also posit that diversity of all types is important to every organization and group, not just boards.

Q: There has been some criticism of the current “pass/fail” model of audit opinion. Do you think this paradigm still works? Where should the burden of disclosure fall for that which is beyond what’s included in an audit report?

A: Across the globe, investors, audit committees, and other key market participants have expressed their need and desire for more information regarding the work and views of public company auditors. This isn't surprising, given evidence of the robust confidence that investors place in independent auditors.

The auditing profession is responding actively to this need on a number of fronts, including rethinking the traditional "pass-fail" auditor's report. In the United Kingdom, audit reports now provide more information, including a discussion of the application of materiality, the scope of the audit, and an assessment of risks of material misstatement. In the United States, public company auditors have been deeply engaged on the issue of the auditor's report, providing extensive and constructive input on regulatory proposals.

A significant principle with respect to the auditor’s reporting model is that the auditor should not be the original source of information. It is the responsibility of the company’s management to consider such information for disclosure.

Q: What recommendations do you have for audit committees in assessing the performance of their auditor, and in considering whether an auditor should be replaced?

A: Audit committees can avail themselves of valuable resources that can help in the area of auditor assessment. One of those resources is the External Auditor Assessment Tool, a publication of the Audit Committee Collaboration. This tool can help inform the audit committee’s evaluation of the auditor, meaning the audit firm, as well as the lead audit partner, audit team, and engagement quality reviewer.

To that end, the External Auditor Assessment Tool contains sets of sample questions that highlight some of the more important areas for consideration in the assessment of the auditor. It also provides a sample form for obtaining input from company personnel.

Q: How should audit quality be measured?

A: The Center for Audit Quality believes that metrics regarding the audit—commonly referred to as audit quality indicators (AQIs)—could be used to better inform audit committees about key matters that may contribute to the quality of an audit.

In recent years, the public company auditing profession, audit committee members, and policymakers all have extensively explored AQIs. There has been progress on the issue, but challenges remain. One challenge is that views on audit quality vary quite widely among stakeholders. Much depends on the degree to which stakeholders have direct involvement in audits—and the lens through which they assess auditor responsibility and performance.

Another challenge revolves around striking the right balance between quantitative and qualitative information. In its engagement on AQIs, the CAQ has observed a strong desire among audit committee members for new ways to assess the more qualitative aspects of the audit, such as the engagement team having strong communications skills, as well as the right mindset to bring forth professional skepticism and auditor judgment.

To address these and other AQI challenges, further dialogue and continued collaboration among all stakeholders are needed.

Q: Let’s take the example of an audit committee that has historically only included the required elements in its audit committee reports. How could such an audit committee improve the transparency and usability of this report to keep up with the needs of investors and other proxy statement users?

A: As I’ve noted earlier, one of the things we like to suggest audit committees do, as they contemplate ways to improve the transparency and usability of their reports, is to look at some of examples from companies that are doing it well. Prudential Financial and General Electric have long been recognized for exemplary proxy statements. We’ve also seen recently notable improvements from Goldman Sachs and —and we’re not just saying this because we’re talking to you—Nasdaq.

Cindy Fornelli is Executive Director of the Center for Audit Quality (CAQ), a position she has held since the CAQ was established in 2007. In 2016, Fornelli was honored for the eighth time by Directorship magazine as one of the 100 most influential people on corporate governance and in the boardroom. Accounting Today has named her one of the 100 most influential people in accounting for 10 consecutive years.

Fornelli serves on the Advisory Board of the Ira M. Millstein Center for Global Markets and Corporate Ownership, the Securities and Exchange Commission Historical Society’s Board of Trustees, the Audit & Risk Oversight Committee Advisory Council of the National Association of Corporate Directors, and the Accounting and Auditing Committee of the International Corporate Governance Network. She previously served on the National Association of Corporate Directors’ 2010 Blue Ribbon Commission on the Audit Committee and 2009 Blue Ribbon Commission on Risk Governance. Prior to joining the CAQ, Fornelli was the Regulatory and Conflicts Management Executive at Bank of America and the Deputy Director of the U.S. Securities and Exchange Commission's Division of Investment Management. Fornelli is a graduate of Purdue University and received her JD at The George Washington University.

The views and opinions expressed herein are the views and opinions of the author at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular situation and nothing contained herein should be construed as legal advice.
Publication Date*: 10/25/2016 Identification Number: 1272 Mailto Link
Frequently Asked Questions
  Comparing Russell 2000 and S&P 500 Corporate Governance Trends
Identification Number 1271
Comparing Russell 2000 and S&P 500 Corporate Governance Trends
Publication Date: October 21, 2016 

In a study conducted by the EY Center for Board Matters, corporate governance trends between firms listed on the S&P 500 and Russell 2000 indexes were analyzed over a four year period between 2012 and 2015. The study was conducted in order to identify lesser-known governance trends occurring in Russell 2000 companies, as well as differences between those and S&P 500 firms. The study found several key findings in Russell 2000 companies, including; smaller, younger, and less diverse boards, increasingly independent board leadership structures and diminished use of presiding directors, transformative changes to director elections through annual elections and majority voting requirements for directors, increased board and executive compensation, and increased investor support.

Read more from EY >>
Publication Date*: 10/21/2016 Identification Number: 1271 Mailto Link
Frequently Asked Questions
  Six Rules for Creating Efficient Board Meetings
Identification Number 1266
Six Rules for Creating Efficient Board Meetings
Publication Date: October 14, 2016

Effective and time-efficient company board meetings are quintessential for company success. Often times, board meetings can be inefficient missed opportunities for company executives to review key issues. Boardvantage has provided a list of six simple rules to help improve the quality of board meetings through increasing communication by providing regular updates between meetings, regularly and predictably reporting on success metrics, embracing technology and losing the fear of modernization, eliminating time-consuming and outdated paper materials and implementing tools for communication inside and outside of the boardroom, and increasing corporate and technology security vigilance, in addition to properly equipping support staff to facilitate communications to the board.

Read more from Boardvantage >>
Publication Date*: 10/14/2016 Identification Number: 1266 Mailto Link
Frequently Asked Questions
  Shareholder Proposals with Social Agendas Hit Record High
Identification Number 1267
Shareholder Proposals with Social Agendas Hit Record High
Publication Date: October 14, 2016

Who are the shareholders submitting proposals? What are their motives? What impacts are they having on corporate governance? Answers to these questions can be found in the Proxy Monitor’s 2016 Annual Report on Corporate Governance and Shareholder Activism, survey of the experiences of the 250 largest publicly traded American companies. A summary of the findings follows:
  • The shareholder-proposal process continues to be dominated by a small group of shareholders. Six “corporate gadfly” investors (individuals who repeatedly file multiple common shareholder proposals at a large number of companies) sponsored 33% of all proposals, while institutional investors and labor-affiliated institutional investors (such as Teamsters’ Union and public-employee pension funds) sponsored the remaining 67%.
  • Shareholder proposals are increasingly aimed toward making social and political changes. In fact, 50% of all shareholder proposals involved social or policy concerns. Corporate governance proposals made up another 39%, and executive compensation related proposals accounted for the remaining 11%.
  • With the exception of proposals related to proxy access and shareholder majority voting rules, shareholder proposals rarely win majority support. Only 3% of shareholder proposals received majority support, while shareholders continue to reject overwhelmingly proposals relating to social or policy concerns.
The authors of the report stress that “increasing activity on the part of certain shareholders pursuing social and policy agendas should not be confused with broad shareholder support for these activists’ pet issues.” However, they go on to note that “[d]espite this broad shareholder opposition, shareholder activists with social or policy concerns have continued to introduce shareholder proposals with little to no chance of passage, year after year. The costs of such activity fall on the corporation—and hence other shareholders.”

The report also includes a number of recommendations designed to mitigate the expenses associated with processing shareholder proposals, including these:
  • The SEC should revisit its 1976 rule forcing companies to include most issues on their proxy ballots.

  • Force shareholder-proposal sponsors to reimburse the corporation at least some portion of the direct costs of assessing, printing, distributing, and tabulating their proposals, if any proposal fails to receive majority or threshold shareholder support.

  • The SEC should revise its rule permitting companies to exclude resubmitted shareholder proposals, if they fail to garner minimum threshold shareholder support within the preceding five calendar years.
Read the full report here >>

For more information on corporate gadflies, read A Gadfly’s Perspective on Harvard Law School Forum on Corporate Governance and Financial Regulation and Gadflies at the Gate: Why Do Individual Investors Sponsor Shareholder Resolutions?
Publication Date*: 10/14/2016 Identification Number: 1267 Mailto Link
Frequently Asked Questions
  SASB Requests Feedback on Provisional Standards
Identification Number 1264
SASB Requests Feedback on Provisional Standards
Publication Date: October 7, 2016

The Sustainability Accounting Standards Board (SASB) has completed provisional standards for over 70 industries and is now requesting feedback from companies before the standards are codified in the fourth quarter of 2017. In a recent letter sent to all Fortune 500 CEOs and CFOs from SASB Chair Michael Bloomberg and Vice Chair Mary Shapiro, SASB is asking companies to participate in a 90-day public comment period to gather additional input on the materiality of topics and usefulness of metrics to ensure the codified standards are cost-effective for companies and include useful information for investors.

Read more from the SASB here >>
Publication Date*: 10/7/2016 Identification Number: 1264 Mailto Link
Frequently Asked Questions
  Improving Neurodiversity in the Boardroom and Workforce
Identification Number 1265
Improving Neurodiversity in the Boardroom and Workforce
Publication Date: October 7, 2016

In today’s age, diversity in the workplace is a topic that is more discussed than ever. In his recent Ethical Boardroom feature, David Marks focuses on ways companies can improve neurodiversity in the boardroom and raise awareness for employees with Autistic Spectrum Disorder (ASD). According to Marks, a multi-award winning technology developer, individuals with this condition are often underrepresented for several reasons: the disadvantage faced by those with ASD to advance in an “extroverted world”; their straight-forward, honest, and precise communication styles; social appearance; fear of discrimination; and extreme focus on areas of interest. Marks goes on to describe the numerous positive attributes of this often overlooked pool of talent, suggest how businesses can improve the representation of people with the condition, and encourage those with ASD to step out and help break down negative stereotypes.

Read more from Ethical Boardroom >>
Publication Date*: 10/7/2016 Identification Number: 1265 Mailto Link
Frequently Asked Questions
  Long-Term Issues Arise From Short-Term Solutions for American Economy
Identification Number 1270
Long-Term Issues Arise From Short-Term Solutions for American Economy
Publication Date: September 28, 2016

Short-termism, where companies forgo long-term investments to improve stock prices in the near-term, has become one of the greatest threats to America’s economic prosperity, according to Vice President Joe Biden’s recent feature in The Wall Street Journal. Biden argues that although private investment may be the greatest driver of economic growth, company executives often choose to improve the share price of today rather than adding long-term value. He also adds that emphasizing productivity and returning profits to shareholders over future investments has led to a decline in business development and company investments, and that companies will not flourish without investing in research, development, and on-site training. 

Read more from the Wall Street Journal Here >>

Publication Date*: 9/28/2016 Identification Number: 1270 Mailto Link
Frequently Asked Questions
  Board Whisperer Webcast: Inside America’s Boardrooms
Identification Number 1260
Board Whisperer Webcast: Inside America’s Boardrooms
Publication Date: September 27, 2016

Nasdaq has teamed up with “board whisperer” and governance expert TK Kerstetter to provide innovative corporate governance solutions and resources to publicly-traded companies. Nasdaq has made its Times Square MarketSite studio available to Inside America’s Boardrooms, the premier informational web show for boards of directors of public companies. Nasdaq is also a sponsor of the show.

Kerstetter interviews seasoned executives and board members in the trenches of corporate leadership, as well as the governance professionals and scholars who advise them. Institutional investors are also frequent guests. Guests on the show share their perspectives on current issues and trends in corporate governance, including risk management, compensation, proxy access, and sustainability.

To enable viewers to watch the interviews live, Nasdaq has partnered with Inside America’s Boardrooms to live stream the show on Facebook’s new video platform, Live on Facebook. Episodes can also be viewed on the show’s website.

Inside America’s Boardroom recently filmed its 50th episode. Following are quick links to the three most viewed episodes to date:

  1. The Relationship Between the Corporate Secretary & Board of Directors: Janet McGinness, Corporate Secretary at MasterCard, shares her perspective on the value an effective corporate secretary brings to the board.
  2. Key Steps to Building an Effective Board: Richard Leblanc, Associate Professor of Governance, Law & Ethics at York University discusses board leadership, board assessments, board recruitment, and composition.
  3. The Audit Committee’s Role in Investigations: Paula Loop, leader of PwC’s Center for Board Governance & Investor Resource Institute, outlines the factors audit committees should consider when analyzing allegations of fraud, regulatory infractions and whistleblower complaints.

Kerstetter recently launched a special three-part series Investors Board Performance Review, also filmed at Nasdaq’s MarketSite in Times Square. Investors Board Performance Review showcases influential institutional investors and proxy advisors. Guest panels debate how corporate boards are performing, how they can improve, and investment trends that will impact boardrooms in the future.

In Episode 1, several of the world’s most influential institutional investors and proxy advisors share their views on how corporate boards are performing in the boardroom. TK Kerstetter interviews executives at Institutional Shareholder Services, the Council of Institutional Investors, and the New York City Pension Funds.

To subscribe to Inside America’s Boardrooms, visit

TK Kerstetter is the founder and Chief Executive Officer of Boardroom Resources, LLC. Prior to launching Boardroom Resources in 2015, Kerstetter served as Chairman of NYSE Governance Services.

Publication Date*: 9/27/2016 Identification Number: 1260 Mailto Link
Frequently Asked Questions
  SRI & ESG in the Era of Shareholder Engagement
Identification Number 1261
SRI & ESG in the Era of Shareholder Engagement
Publication Date: September 27, 2016 

Environmental, Social and Corporate Governance (ESG) investing is a priority for many shareholder groups who want their voices to be heard. Whether the issue is say-on-pay, proxy access or socially and environmentally responsible investing (SRI), shareholders expect access to the board that now goes well beyond the annual meeting. A new research paper from Nasdaq Corporate Solutions, Do Well, Do Good, Do Both: Socially Responsible Investing & Environmental, Social and Corporate Governance in the Era of Shareholder Engagement, argues that the evolution of ESG and SRI has led to a new era of shareholder activism and new practices in board engagement. This whitepaper focuses on providing a board process that can be implemented, replicated, measured and adjusted, in addition to ways for boards to demonstrate to shareholders that they understand ESG issues.

Get your free copy of the whitepaper >>
Publication Date*: 9/27/2016 Identification Number: 1261 Mailto Link
Frequently Asked Questions
  Nasdaq Submits Comment Letter on Business and Financial Disclosures
Identification Number 1259
Nasdaq Submits Comment Letter on Business and Financial Disclosures
Publication Date: September 20, 2016

In its recent response to the Securities and Exchange Commission (“SEC”) request for comments on the business and financial disclosures required in periodic and current reports, Nasdaq suggested a pilot program to potentially eliminate SEC quarterly reports (Form 10-Qs). The program would instead require companies to put out quarterly earnings releases with financial information and a description of any material changes to the business. Nasdaq also encouraged the SEC to mandate that all public companies disclose any third party payments their directors receive, similar to the rule Nasdaq recently adopted for its listed companies. Nasdaq also emphasized the importance of materiality as the guiding principle for all SEC-mandated disclosures, including sustainability disclosures, and proposed eliminating or modifying the requirement for public companies to disclose the number of shareholders of record.

Read Nasdaq’s Comment Letter >>
Publication Date*: 9/20/2016 Identification Number: 1259 Mailto Link
Frequently Asked Questions
  Nasdaq Responds to 2017 ISS Policy Survey
Identification Number 1252
Nasdaq Responds to 2017 ISS Policy Survey
Publication Date: August 30, 2016 

In its response to the 2017 Institutional Shareholder Services Inc. (ISS) Policy Survey, Nasdaq urged ISS to keep several general principles in mind, including that “one-size-fits-all” policies and bright-line standards may not be appropriate for all companies. Instead, companies should be allowed flexibility depending on their industry, size, strategy and other factors. In addition, Nasdaq discouraged ISS from applying policies that punish companies for provisions that were implemented before the company went public, understanding that investors are free to choose to invest or not to invest when a company goes public. Nasdaq also reiterated its concerns about the lack of transparency and inflexibility around ISS’ processes, suggesting that ISS give greater weight to comments from companies in policy formulation and allow companies an opportunity to respond to draft reports, among other things. 

Read Nasdaq's Response >>

Publication Date*: 8/30/2016 Identification Number: 1252 Mailto Link