Nasdaq Direct Listings Banner
Reference Library - Advanced Search


** To make multiple selections, select the first criterion and then press and hold the Ctrl Key **
1- 23 of 23 Search Results for:
Filters:   All Years; Outside Insight;
Search   Clear

Expand All
Printer Friendly View
Mailto Link 
Page: 1 of 1
Frequently Asked Questions
  California's Board Gender Diversity Mandate: Are Companies Making Tangible Progress?
Identification Number 1704
California's Board Gender Diversity Mandate: Are Companies Making Tangible Progress?
Publication Date: July 29, 2019 

Coco Brown is founder and CEO of The Athena Alliance, a non-profit organization dedicated to building the modern boardroom and advancing women in the top ranks of leadership.

It’s now been approximately 9 months since California Governor Jerry Brown signed into law SB-826, which requires public companies with headquarters in California to have at least one woman on their board of directors by the end of this year. At the time of signing, 94 of the 722 companies affected by this new law were given notice that they are immediately affected due to having zero women on their boards. 

A progress report on the original 94 companies affected by the California mandate.

Athena Alliance pulled data on the 94 original companies in an effort to gauge progress. The data shows that 9 months later, 36 percent (34 companies) still have no women on their boards.

Getting 34 companies to bring one woman onto their boards doesn’t seem like it should be too difficult. However, the timeline to date seems to indicate those companies believe it is. As an additional data point, earlier this month, the California Secretary of State released its Women on Boards report, which lists the companies that have or have not reported their compliance with the law as applied by 2021. Just 184 companies out of 722 have reported where they are with respect to their compliance (25 percent).

The bill states: “More women directors serving on boards of directors of publicly held corporations will boost the California economy, improve opportunities for women in the workplace, and protect California taxpayers, shareholders, and retirees, including retired California state employees and teachers whose pensions are managed by CalPERS and CalSTRS. Yet studies predict that it will take 40 or 50 years to achieve gender parity, if something is not done proactively.”

My hope is that companies would jump at the opportunity to modernize their boards and create a competitive advantage, especially when there are many organizations standing by to help, such as The Athena Alliance, HimforHer and Equilar’s Diversity Network, just to name a few.

Let’s remember why this bill came to be.

When this bill was on the table, I had many candid discussions with my peers, with my board, with Athena Alliance members, all incredibly experienced and insightful corporate executives, many of whom are board members. I heard the full spectrum of emotion and debate on this issue; I even felt conflicted myself. Change needs to occur, but most of the powerful female leaders I know want to achieve a board seat on their own merit. Not to check a box.

Yet, throughout the ages, change has had to be forced upon society, often successfully. From voting rights to gender inequality, it’s often been policy – not society – that has been the catalyst for transformational, profound progress. Achieving gender parity at the highest realms of leadership is no different, with other countries trailblazing efforts of their own. For example, Germany mandates that 30 percent of public company board director seats are held by women. For Norway, it’s 40 percent.

Additionally, studies have shown that mandates such as California’s aren’t just good for women, it’s good for business. A study conducted by Credit Suisse over a six-year period found that women on boards resulted in positive metrics across the business, including improved stock performance, less debt, double digit income growth, and more.

If we need even more validation, just look to Larry Fink and the asset managers who hold $40 trillion in the markets on our behalf. They are demanding that boards bring on more contemporary experience, with directors who hold a wider range of skills. This is required to steward long-term value in today’s modern, digital world, where businesses are vulnerable to new threats and Environmental, Social and Governance (ESG) matters take precedence.

Where are we today?

As the California Secretary of State’s report highlights, there are many companies that need to put in a lot of work to meet the mandate. At a glance, the numbers are cringeworthy, painful. But what I’m hearing on the ground in California, as the leader of an organization dedicated to helping companies find their perfect board candidate (and who just happens to be a woman), here’s what I know: The greatest energy for change is not coming from the public companies that are significantly behind in meeting the California mandate. It’s coming from venture-funded expansion stage, late stage private companies, and from progressive public companies outside California.

Here’s the good news: Many CEOs are beginning to embrace change and warm to the concept that they need to make some sweeping changes in their boardrooms. The most progressive of them are taking a proactive approach by having the conversation (the tough conversations) that they need to have, early on. They understand that the best business decision involves a board refresh or active expansion. For example, earlier this month, I spoke with Brian Moynihan, Chairman and CEO of Bank of America, at an intimate gathering of CEOs and board directors. We discussed the need for transitions at the highest levels of leadership. Our conversation was followed by fireside chats with the CEOs of iRobot (Nasdaq: IRBT) and Forrester (Nasdaq: FORR), two organizations that took the brave path to a board refresh.

There are several companies leading the pack in making changes to their boards to immediately meet the 2019 requirements, such as Acacia Research Corporation (Nasdaq: ACTG), DURECT Corporation (Nasdaq: DRRX), CareTrust REIT, Inc. (Nasdaq: CTRE), and many more.

And, there are many successes emerging from the changes happening in California. Take corporations like Autodesk (Nasdaq: ADSK), for example, who is partnering with Athena Alliance to send their top women through our high-touch executive development program. Autodesk is going one step further than simply meeting compliance with the California mandate; they are making the critical investment in their bench strength of leadership by connecting and nurturing the leaders of tomorrow.

Build the right board construct, and the women will come.

For so many progressive CEOs and boards I talk to, the biggest challenge is not knowing where to start. For decades, these male leaders have relied on their networks. They’ve hired who they know. They’ve gotten referrals from who they know. It’s always worked for them. Men, referring men. A strategy that has worked throughout time.

Until now.

For male CEOs in California who still need to take the next step to meet compliance for women on boards, I urge a “build it, they will come,” approach. Begin by recrafting your board construct – design the board that will propel your company to the next level – and very likely you will see that the people you currently have on your board are not the ones who can get you there.

What markets do you need to tap into? Who are the stakeholders that you need a deeper connection to? What is your brand reputation doing for you in today’s digital world? How are you driving efficiency across technology, operations, with employees?

Look to where you need to go. Then think about what perspectives and expertise is required to guide you there. There are many qualified women who are prepared and willing to serve on your board, especially if you can look past the “traditional” board director persona of a former CEO or CFO.

It’s worth the effort to get to the other side.

For the companies that can put in the effort to recruit women board directors, the payoff will be immense. They’ll see it in their revenues. They’ll have a deeper connection to their communities, to their employees, to their customers. They’ll see the payoff in positive brand reputation. They’ll steer their companies into the modern age of business with broader perspectives, fresh ideas, and innovation.

Each, a competitive advantage. Each, one more investment closer to securing the company’s relevance and place in the future. Now, that’s good business.

For more insights from Coco Brown, read It's Never Been a Better Time to Open Up the Boardroom: Here's Why>>


Coco Brown is founder and CEO of Athena Alliance, an organization dedicated to revolutionizing leadership from senior management to the boardroom. Athena Alliance enables businesses to take on today’s greatest threats and to conquer their most pressing imperatives. It empowers women to own their value and to step into their most ambitious leadership role yet: in the boardroom, in the C-suite, as a founder, or as an investor. At the heart of Athena’s mission: coaching remarkable senior women leaders to fully own their value and to step into bigger roles. Athena also guides CEOs, venture firms and corporations to evolve their approach to senior leadership development, to strengthen their boards, and to facilitate curated connections to remarkable female leaders. Learn more at

The views and opinions expressed herein are the views and opinions of the authors at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular company, industry or security mentioned herein and nothing contained herein should be construed as legal or investment advice. 
Publication Date*: 7/26/2019 Mailto Link Identification Number: 1704
Frequently Asked Questions
  Communicating Critical Audit Matter Disclosures to Investors
Identification Number 1698
Communicating Critical Audit Matter Disclosures to Investors
Publication Date: July 09, 2019 

Julie Bell Lindsay is the Executive Director of the Center for Audit Quality (CAQ).

Starting this summer, auditors of large public companies will be required to communicate critical audit matters (CAMs) in their auditor’s reports. Investors with questions about CAMs may turn to a company’s investor relations (IR) group for answers.

To help inform IR professionals as they prepare for those conversations, the CAQ has developed this list of frequently asked questions about CAMs. While this list is not intended to be exhaustive, it may be especially helpful during the initial phase of CAM reporting. 

What is a CAM?

A CAM is any matter arising from the audit of the financial statements that was communicated or required to be communicated to the audit committee. According to the applicable auditing standard, the matter must also be one that (1) relates to accounts or disclosures that are material to the financial statements, and (2) involved especially challenging, subjective, or complex auditor judgment.

Where will CAMs be communicated?

Auditors are required to communicate CAMs. Thus, CAMs will be communicated in the auditor’s report on the company’s audited financial statements. There is no prescriptive way to order the CAM communications within the CAM section of the auditor’s report; CAMs could be presented to align with the order of the financial statement presentation, the order of relative importance, or some other way.

Do CAMs reflect something positive or negative?

CAMs are additional information about the specific audit and are neither inherently positive nor negative. Investors should evaluate information communicated in CAMs in light of all information available from the company regarding the company's business and should keep in mind that CAMs are reported in the context of the auditor’s overall opinion on the current-year financial statements. The communication of CAMs does not alter in any way the auditor’s opinion on the consolidated financial statements, taken as a whole. Likewise, the auditor is not, by communicating the CAMs, providing separate opinions on the CAMs or on the accounts or disclosures to which they relate.

Will CAMs be consistent from company to company?

Not necessarily, for several reasons:

  • The requirements for determining CAMs are principles based, not prescriptive. Thus, the requirements will be applied in the context of the facts and circumstances of each specific audit.
  • The auditor’s judgment and the extent of audit procedures performed in each specific audit will influence the determination of CAMs.
  • The determination of CAMs is made each year in connection with the current-period audit. Some CAMs may occur annually, while others may appear in a single period or intermittently.

Because each audit is unique, variation may occur in the matters that are CAMs at companies within and across industries and year to year. Thus, it is inadvisable for investors or others to make assumptions as to why a company has a different number and/or type of CAM than another company.

How many matters likely will be CAMs?

The number of matters that are communicated as CAMs will depend on factors such as the complexity of the company’s financial reporting and the company’s business activities. While the standard contemplates circumstances in which the auditor may not identify any CAMs, it is expected that, in most audits, the auditor would determine at least one matter is a CAM.

Will there be a CAM for every critical accounting estimate disclosed by management?

This will depend on the facts and circumstances of each audit. Not every critical accounting estimate necessarily involves especially challenging, subjective, or complex auditor judgment. The source of CAMs is also broader than just critical accounting estimates; therefore, the auditor may identify CAMs in areas that are not disclosed by management as critical accounting estimates. For example, significant or nonrecurring transactions may often be CAMs.

What types of matters likely will be CAMs?

The more common CAMs likely will be in those areas involving high degrees of estimation uncertainty and that require significant management judgment. Such matters, in turn, usually involve especially challenging, subjective, or complex auditor judgment. Examples of the latter include auditing the following:

  • Goodwill impairment
  • Intangible asset impairment
  • Business combinations
  • Aspects of revenue recognition
  • Income taxes
  • Legal contingencies
  • Hard-to-fair-value financial instruments

How will investors use CAMs?

CAMs represent an opportunity for investors to gain insights about areas of the audit that involved especially challenging, subjective, or complex auditor judgment. As the PCAOB has stated, “In the view of some investors, CAMs will add to the total mix of information, providing insights relevant in analyzing and pricing risks in capital valuation and allocation, and contributing to their ability to make investment decisions.”

What other steps should I, as an IR professional, be taking on CAMs?

Communication is the key to preparing for the communication of CAMs in auditor’s reports. Coordinate early and often internally within your company—and externally with your auditors—to understand the matters that may be CAMs, the reason such matters may be CAMs, and how CAMs are addressed in the audit. Understanding the CAMs requirements and undertaking close coordination should help prepare you for potential questions from investors.

Where can I find more information?

Please refer to the Center for Audit Quality’s collection of resources for more information on CAMs. Additionally, see the PCAOB’s new auditor’s report implementation page for resources on CAM requirements.

The Center for Audit Quality (CAQ) is an autonomous public policy organization dedicated to enhancing investor confidence and public trust in the global capital markets. The CAQ fosters high-quality performance by public company auditors; convenes and collaborates with other stakeholders to advance the discussion of critical issues that require action and intervention; and advocates policies and standards that promote public company auditors’ objectivity, effectiveness, and responsiveness to dynamic market conditions. Based in Washington, DC, the CAQ is affiliated with the American Institute of CPAs.


The views and opinions expressed herein are the views and opinions of the authors at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular company, industry or security mentioned herein and nothing contained herein should be construed as legal or investment advice. 
Publication Date*: 7/9/2019 Mailto Link Identification Number: 1698
Frequently Asked Questions
  9 Pathways to Diversity Innovation and Better Strategic Risk Governance
Identification Number 1685
9 Pathways to Diversity Innovation and Better Strategic Risk Governance
Publication Date: March 5, 2019

In observance of Women’s History Month and International Women’s Day, Governance Clearinghouse is publishing a series of articles focused on gender balance on corporate boards.  The series will highlight several facets of this complex issue, including pathways to board diversity, best practices of companies that have achieved gender parity in the boardroom, and the steps aspiring women directors can take to become “board ready.”   

Andrea Bonime-Blanc is the founder and CEO of GEC Risk Advisory. Dante Alighieri Disparte is the founder and CEO of Risk Cooperative.

The imperative to equip the governance bodies of companies with diverse directors has never been higher – how the U.S. gets there is up for grabs. The EU has already made up its mind that this will be achieved through quotas. Other regions and countries like Canada require explanations of why diversity is low or does not exist. In the U.S., we have the first instance of a state establishing quotas – California – and where California leads other states often follow.  

Regardless of external regulatory or market pressures to move the needle on board diversity and inclusion, people see through half-hearted, check-the-box efforts.  Rather, companies and their boards, must view their closer approximation to the diversity in society as a net gain for their own resilience, decision making and competitive advantage.  More women on boards and at the head of the table or head of countries, just like more diversity of experience and backgrounds, will make for more fulsome decision making.  Diversity and inclusion should not be call-out efforts, but rather deliberate initiatives that become ingrained in the DNA of well-run companies.

Diversity improves returns – not only financial but reputational and stakeholder returns as well. Just like demographics, diversity is destiny and for boards that aim to capture this dividend, diversity and inclusion need to be incorporated into broad governance.

How do companies do this? We believe there are nine key pathways to board diversity.

1.   Establish a percentage target for diversity (gender, race, ethnicity, national origin, age) that is customized to your business needs.

Many (especially those already ensconced in board seats) abhor government regulations and mandates when it comes to board design. But when nothing changes, or change is glacial, others have come to accept that some government requirements for greater board diversity may not be so bad after all. Witness the recent California law mandating minimum gender diversity for California based companies.

What can companies do to either prevent or end new “onerous” governance laws? There is always the option to be proactive and look at your board, and look at your employee and customer base, and ask yourself the question: does our board reflect the stakeholder populations we serve? There is nothing like a voluntary corporate program to instigate positive change, reputational opportunity and value creation. Indeed, the more companies—and their boards—become a closer reflection of the diversity in society and markets, the less they will fear a reputational backlash for issues like the gender pay gap, the #MeToo movement or other “externalities”.

 2.   Broaden the talent pool with individuals skilled in the areas of risk, technology, sustainability, ethics and compliance.

Many boards do not include a broad enough pool of skillsets on the slate of possible board candidates. The vast majority of corporate board members are CEOs and CFOs, who on the one hand have clear skills in leading organizations and in financial accountability, but may lack refinement in wielding, responding to and appreciating the effects of “soft power” and intangible, unmeasurable threats – especially those that do not conform to quarterly reporting cycles. People (experienced and business-savvy of course) who hold expertise in areas other than the traditional silos of top financial and operational expertise, are seldom considered for board positions.

What about the treasure trove of highly experienced chief risk officers, chief ethics and compliance officers, heads of investor relations and corporate responsibility, audit, environmental, health and safety, chief information security or technology officers that are everywhere? Not all may be qualified to sit on a board, but undoubtedly the top 10% of these populations would make for an extraordinary addition to any board.  Broadening the diversity of skills tapped for boards is as critical as broadening the depth and breadth of diverse talent across all lines.

 3.   Reshuffle committees to represent current market realities and operating norms.

Most boards have the traditional 3-4 committees: audit, finance, nominating/governance and maybe one more; but rarely one that covers risk, sustainability, compliance and similar “intangibles” separately. Indeed, many boards’ audit committees are so oversaturated with responsibilities that anything that comes up that is seen as “extra” – whether ethics and compliance, risk, ESG, health and safety and recently cyber risk – gets thrown into the already overburdened audit committee.

We advocate that each company board look at the mission, vision and strategy of their company and decide what additional committee they might need to tackle their most important environmental, social, sustainability, ethics, technology issues, risks and opportunities. And, of course, in the process, review who on the current board is qualified and capable of being the chair or a member of such a committee. If there is no one present, maybe the time has come to search for a couple of non-traditional and diverse board members with relevant ESG and/or technology expertise?  Indeed, a novel concept to stay ahead of a growing market backlash or compliance-driven pressure to improve diversity and inclusion would be to establish a board-level committee to advance and defend these issues across the enterprise.  The UK’s laws on corporate reporting on gender pay are a good example of the growing pressure and the negative backlash faced by firms that were underperforming on the gender pay gap.  Pay parity, like diversity and inclusion, is not only the right thing to do it is a source of resilience, employee motivation and recruitment, as well as competitive advantage.

 4.   Separate risk and opportunity oversight from audit, perhaps by creating a specialized strategic risk and opportunity committee.

Very much along the lines expressed in point three above, and depending heavily on the industry, footprint and or sector involved, boards should be proactive in looking at their strategy from beyond the traditional mindset. Strategy is not just about growth, revenue and the search for profit, innovation and long term market gains. It is also about looking at strategic risk governance through the lens of the board, which includes considering risk as opportunity.

By separating strategic risk and opportunity evaluation from the audit committee, the board liberates itself from lumping risk into the audit committee’s core mission – financial auditing oversight – and allows other considerations to enter the board’s field of vision.

Strategic risk oversight is all too often a compliance-driven, check the box activity on most boards, which is why they often find themselves flat-footed and tone-deaf when “surprise” events and crises occur. By liberating important strategic issues – such as technology and digital transformation, climate change risk and opportunity, and leadership and culture as a competitive advantage – from the audit committee, companies and boards will breathe new life into their strategy formulation as they consider risk as part of opportunity creation.

 5.   Bring in third-party specialists to conduct scenario-based long-range analysis and cross-industry benchmarking.

Another step that can add to board diversity, at least to the diversity of views, is to consider introducing more innovative educational opportunities to the board.  This can be achieved through outside and inside experts that will help sensitize the board.  For example, experts can offer perspective on the potential crises that the augmented global risk landscape presents to every type of business today, such as culture shifts, cyber threats or climate change.

By dint of the kind of topic that can become a crisis, there is a diversity of experts available both inside the company and outside advisers who are not subject to “paycheck persuasion” to tell the board what they want to hear; these individuals can educate the board and perhaps become a member of the board over time.

 6.   Separate the CEO from the chair and strategic risk management oversight.

We believe this is a pro-diversity strategy by definition because many CEOs and board chairs suffer from deep diversity challenges. By having the amount of power that they do in a combined role, very little change is possible unless the person himself is in favor of improving governance diversity.  The operational benefits from this separation of powers have long been chronicled in the breakdown of decision making, risk management and the types of moral hazards that are bred when power remains unchecked.

In a recent piece we co-wrote for Risk Management Magazine, we detailed and made the case that if the boards of companies that had suffered recent serious crises and scandals had been more diverse leading up to their crisis, it would have helped prevent the crisis in the first place or enabled a more agile response and recovery. And in each of the cases mentioned, the CEO was also the Chairman of the board before and leading up to the crisis event.

 7.   Enforce term limits and cap the total number of concurrent board seats.

Again, this step is pro-diversity by definition because with more turnover and less entrenchment the opportunity for new and diverse members of a board grow substantially. 

Leading good governance advocates including some of the biggest asset managers such as Blackrock, State Street and some of the big state pension funds, have been on the record about preferring term limits for board members. Indeed, in this Harvard Law School Forum on Corporate Governance and Financial Regulation piece written by Jon Lukomnik, he reports on a study of major institutional investors responding to an ISS 2016-2017 Global Policy Survey in which:

 “Among the 120 institutional investors (one-third of whom each own or manage assets in excess of $100 billion) who responded, 68 percent pointed to a high proportion of directors with long tenure as cause for concern…Just 11 percent of the investor respondents said that tenure is not a concern.”

What this means in plain English is that boards that have tenures that are too long, or allow for repeated terms over time for the same person without limits, may not be serving the best interests of their shareholders or other key stakeholders – like customers and employees.

 8.   Create advisory committees of key outside experts to provide new perspectives.

While unusual and uncommon, such advisory committees can include less experienced but highly specialized, more diverse and helpful people who may not be ready for prime-time board seats but are promising candidates to be both listened to and mentored.

One area in which this practice can be specifically helpful is in the technology, cyber-security and digital transformation area, not to mention the clear generational shifts in populations. Most traditional board members are still current or retired CEOs and CFOs who did not grow up during the technological revolution. While it may be wise to have one or more board members with actual technology experience on your board, you might not be able to find the properly seasoned person to perform that role yet. Why not create a feeder advisory board to the corporate board that includes younger, more technologically savvy members who may one day make it to boards as well?

9.   Bring in independent, qualified directors and wean CEOs from the habit of appointing “friends and family” to the board.

The “friends and family” approach to board packing can be harmful to shareholders and other key stakeholders in the long run (and maybe even in the short run). By definition these kinds of boards are very un-diverse – mainly created by founders who are typically white men (although many can be fairly young as founders of tech start-ups).

We think that the long-term profitability and resilience of companies - and the acceptance and support of key stakeholders - is served well by the introduction of talented, meritorious board members who may not be friends and family to the founder or a powerfully entrenched CEO (who so often is also the chairman).

We also believe that the best governance solutions come from voluntary board self-evaluation with the help of the right experts to refresh your board. Boards should break out of the cycle of the self-fulfilling prophecies that most traditional board searches continue to do– with the same recycled profiles of people who are already on boards and have been vetted by the same handful of search firms. Such an approach will assure the continued un-diverse nature of many boards. Breaking that cycle will do the reverse - unearth the many non-traditional and highly qualified talents that are out there in search of board service.


Diversity is resilience, innovation and competitive advantage because diversity is destiny - both at the macrocosmic level of national demographics and at the microcosmic level of every company.

Andrea is the founder and CEO of GEC Risk Advisory providing strategic governance, risk, ethics and cyber advice to business, nonprofits and governments, and a board member, NACD Governance Leadership Fellow & Faculty Member. Her latest book – Gloom to Boom: How Leaders Transform Risk into Resilience and Value, will be published by Routledge in mid 2019.

Dante Alighieri Disparte is the founder and CEO of Risk Cooperative, a strategic advisory firm and insurance brokerage focused on risk, readiness and resilience. He is the co-author of the acclaimed book Global Risk Agility and Decision Making and the author of the forthcoming book, Supergovernance, to be published by Macmillan in mid 2019.

The views and opinions expressed herein are the views and opinions of the authors at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular company, industry or security mentioned herein and nothing contained herein should be construed as legal or investment advice.

Publication Date*: 3/5/2019 Mailto Link Identification Number: 1685
Frequently Asked Questions
  3 Ways Blockchain Will Transform Capital Markets
Identification Number 1684
3 Ways Blockchain Will Transform Capital Markets
Publication Date: February 26, 2019

Syed S. Hussain is CEO of Liquidity Digital, a fintech company that is developing an end-to-end platform to facilitate the issuance of digital securities through blockchain technology.

A number of metaphors are being thrown around regarding the innovative potential of blockchain technology, including comparisons to the printing press, steam engine, antibiotics, and the internet. But despite high level talks of societal change, there seems to be no true historical parallel to rival the growing impact and future implications of blockchain technology, especially in how transformative it could be for global capital markets.

So what makes blockchain such a game changer? When focusing on current trends in the space, even the casual observer interested in financial use cases is most often drawn toward the concept of Digital Security Offerings (DSOs).  

At its most basic level, a digital security is a digital representation of an equity or debt security that can be bought and sold online, and is recorded on a blockchain-based distributed ledger. A DSO is the offering of digital securities to usually geographically-disparate investors who then trade them on secondary market platforms, which in turn bring liquidity to their global counterparts.  DSOs will revolutionize the securities markets in a myriad of ways, but for now we’ll focus on three key impacts: accessibility, transparency, and liquidity.


One of the most interesting, impactful, and truly innovative changes that DSOs offer is encapsulated by the term accessibility, sometimes referred to as financial democratization. There are two essential components to this:  time and geography.

At present, traditional stock exchanges are closed more hours a week than open. With digital securities exchanges, this will not be the case as they will be open 24 hours a day, seven days a week, 365 days a year. In fact, securities that sit on these new generation of exchanges will have just one opening bell to signal the start of trading into perpetuity. This will greatly increase market accessibility because access to your investments will not be on a rigid schedule that limits the time and place of trading. Thus, if you thought of a great investment opportunity while watching CNBC on Saturday night, the new structure of securities trading would allow you to execute that transaction at that moment, with minimum time and energy. The rush of orders placed at the opening bell, and the high-frequency trading and high order volume that occurs around that time, will be replaced by a constant stream of 24/7 accessibility.

Second, geographic barriers to capital market access will be eliminated due to the decentralized nature of the blockchain. In a fully matured landscape for digital security offerings, investors worldwide with funds and an internet connection can participate in opportunities throughout the world (assuming they pass KYC and AML checks).  This will be the true democratization of the global financial system, as even small actors can theoretically invest or access capital at rates similar to larger institutions.  Issuers and investors alike should tread carefully, however, because regulators across the globe mandate differing levels of registration with or exemption from securities laws.  And those laws will continue to evolve for the foreseeable future. 


True transparency will fundamentally transform capital markets and provide a basis on which to grow new asset classes, as well as to clarify existing ones. 

Often used as a buzzword for blockchain, transparency is already playing a direct role in the growth of the digital securities ecosystem. In a securities transaction, who can you trust to ensure that you receive the fruits of your investment? Where does that baseline, that foundation that makes value transfer possible, come from? Right now, it’s an often highly-paid third party such as a trustee who ensures funds are distributed appropriately and consistent with contractual expectations. But with digital securities, that trust is a basic component built into the architecture of interactions: Who can you trust? The blockchain.

Within this context, transparency is trust’s essential core component. Every trading operation, issuance application, dividend payout and smart contract execution is transparently recorded on the blockchain to improve the overall securities ecosystem experience. This is an immensely powerful tool which seeks to prevent fraud and theft and will be massively important for payment companies such as PayPal as they navigate and adapt to the new blockchain-based monetary landscape.


Another fundamental impact of the DSO is liquidity.  Indeed, this is what has generated the most excitement in the securities space. The introduction of digitized securities into capital markets promises to increase dramatically the pace and quantity of capital transactions.

There are many different factors that interact in this ecosystem to produce heightened liquidity. Here I’ll highlight just two:  fractional ownership and asset fungibility.

Fractional ownership refers to the property of digital securities that allows them to be divided and sold as a part of the whole. For instance, an apartment worth $100,000 in Chicago may be tokenized and issued as 100 security tokens each representing $1,000. But what if I only have $100 to invest? Fractional ownership neutralizes that problem because I can still invest my $100 by purchasing 1/10 of a digital security that will experience the same rates of return as if I owned the whole apartment.

This drives liquidity by enabling smaller investors to participate, lowering the barriers to entry and increasing transaction turnover. Increased liquidity in capital markets also creates an associated liquidity premium, which essentially increases the asset value as a percentage of the whole.

The second major factor is the fungibility of asset classes. Simply put, if distinct asset classes when digitized and securitized are able to be traded interchangeably, the probability of liquidity events increases dramatically. Consider the example above of a digitized apartment. What’s stopping you from trading that 1/10 of a digital security for $100 worth of U.S. Treasury Bond securities? Absolutely nothing!

Many view fungibility to be the essential revolutionary element in the development of digital securities. No longer will investors need to partially divest from the stock exchange in order to diversify into other asset classes such as bonds and real estate. Access to digitized investments of all shapes and sizes, from more dependable long-term funds and bonds to quick day-trading equities, will be available to a much larger percentage of the world, thereby driving a veritable explosion of liquidity events.

The digitization and securitization of assets will in turn bring enhancements to blockchain technologies, particularly in the areas of security and compliance.

A fundamental concept underpinning the development of blockchain technology and the resultant DSO field is the security of digital assets. Similar to legacy banking, confidence in the system is based on the assumption that assets or their monetary equivalents are reasonably safe and cannot easily be stolen (and if they are, the assets are backed by insurance). Even though there are weaknesses inherent in any new technology, the current improvement rate of cryptographic security protocols is very high, and many companies are developing institutional-grade custody solutions.  When stored online with best-in-class custody providers or offline in cold storage, the risk that those funds will be stolen or lost is minimized.

Additionally, companies such as Microsoft and Amazon are highly involved in the back-end of this paradigm shift towards blockchain-based securities trading. They are eager to provide secure storage and processing solutions for as many start-up or institutional players as they possibly can.  This in turn brings much-needed stability to the arena. Therefore, especially in the nascent DSO industry where the security of digital assets is paramount, established partners and a custodial product strategy that remains far nimbler than the threats made against it are absolutely necessary, and thankfully, are becoming easier to find.

In terms of compliance, the Securities and Exchange Commission (SEC) has now made it clear that it has yet to come across an initial coin offering (ICO) that was not also an issuance of unregistered securities. At the end of 2018, SEC Chairman Jay Clayton commented: “If you finance a venture with a token offering, you should start with the assumption that it is a security.”

The prevailing wisdom has thus adapted, and come to dictate, that projects be proactive about approaching regulatory bodies with a plan to register their offering or issue it through an exemption, and that entities enabling the trading of DSOs register as a securities exchange or an alternative trading system. Some issuance platforms have developed their own compliant digital securities models, underwriters are preparing appropriate due diligence, and exchanges are suspending and banning fraudulent actors.

Here is where things get interesting for national securities exchanges and the companies listed on them:  The regulation and standardization of digital securities allows the industry to finally progress through the initial stages of trepidation and uncertainty to solidify processes like ensuring compliant tokenomics design and offering structure. Just as it did to the nascent institutions of the American West during the late 19th century, the imposition of regulatory order on the ‘wild west’ of blockchain-based currencies will enable new and exciting possibilities to take root and grow into stable, well-functioning pillars of the new digital economy.


Syed S. Hussain is CEO of Liquidity Digital, a fintech company that is developing an end-to-end platform to facilitate the issuance of digital securities through blockchain technology.  Liquidity Digital is backed by Soramitsu, a blockchain technology company which is part of the Linux consortium and developer of the Hyperledger Iroha protocol.

The views and opinions expressed herein are the views and opinions of the contributor at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content is for informational purposes only and does not attempt to examine all the facts and circumstances which may be relevant to any particular company, industry or security mentioned herein and nothing contained herein should be construed as legal, tax, investment, financial, or other advice. Nothing contained herein constitutes a solicitation, recommendation, endorsement, or offer by anyone to buy or sell any securities or other financial instruments in this or in in any other jurisdiction in which such solicitation or offer would be unlawful under the securities laws of such jurisdiction. 
Publication Date*: 2/26/2019 Mailto Link Identification Number: 1684
Frequently Asked Questions
  SOX's Financial Expert Requirement 15 Years Later
Identification Number 1633
SOX's Financial Expert Requirement 15 Years Later
Publication Date: September 4, 2018

Ann C. Mulé is the Associate Director of the John L. Weinberg Center for Corporate Governance at the University of Delaware.

This article was first published in Directors & Boards magazine. Republished with permission.

Many companies are missing an audit committee disclosure opportunity.

In the 15 years since the Sarbanes-Oxley Act of 2002 (SOX) was passed, large institutional investors have been "finding their voice" and sharing their views of board expectations with regard to composition, accountability and transparency.

One of the most important aspects of the legislation was that it added additional requirements for the audit committee — the board's financial-oversight lynchpin — in an effort to strengthen it.

SOX required an annual disclosure of whether or not the board of directors had at least one audit committee financial expert (ACFE) on its audit committee, and if so, the expert's name and whether or not they were independent of management.

Part of the reasoning underlying this new disclosure requirement was that someone who possessed the skills and experience to be qualified as an ACFE, would ask more challenging questions and, as a result, more effective financial oversight would occur.

SOX was specific as to the skill sets the designated ACFE should possess, and also how the ACFE acquired these skill sets.

While there has largely been consensus that individuals who possess deep accounting, auditing, or corporate finance expertise have the skill sets to qualify, there has been disagreement and confusion over whether or not an individual is qualified to be designated as an ACFE if she or he held a supervisory role over someone with these skill sets. Investors may differ as to which particular ACFE skill sets they want to see on the audit committee. However, are companies missing an opportunity to make the ACFE disclosure more transparent and easy to understand for investors?

Our exclusive review of the 2017 proxy statements of the Fortune 100 companies found the disclosure determining why an ACFE qualified was largely lacking.

Here is what we found:

1.    It was a difficult and time consuming task to determine the reason why an audit committee member qualified as an ACFE because very few companies have voluntarily disclosed this information within the language of the actual ACFE designation disclosure. Five companies that did disclose the ACFE qualifications within the context of the actual ACFE designation were The Travelers Companies, Inc., Johnson & Johnson, Marathon Petroleum Corporation, Best Buy and Target Corporation. Their disclosures were transparent and easy to follow because all of the information was contained in one place in the proxy statement. Such disclosures enable an investor to easily ascertain the diversity of ACFE skill sets present (or lack thereof) among the ACFEs as a whole.

As an example, Travelers designation disclosure reads as follows: "The Board also has determined that Mr. Dasburg's experience with KPMG Peat Marwick from 1973 to 1980, his service as a KPMG Tax Partner from 1978 to 1980, his experience as Chief Financial Officer of Marriott Corporation, as Chief Executive Officer of Northwest Airlines, Burger King Corporation and ASTAR and his service on the audit committees of other public companies qualify him as an audit committee financial expert, and he has been so designated. In addition, the Board designated Mr. Kane as an audit committee financial expert after considering his extensive experience as an audit partner with Ernst & Young for 25 years."

2.    Some companies clearly disclosed the specific reasons why an ACFE was designated within their director biographies in the proxy statement. Twelve companies took this approach: McKesson Corporation, United Technologies Corporation, Tyson Foods, Inc., Publix Super Markets, Inc., General Dynamics Corporation, CVS Health Corporation, Lockheed Martin, The Home Depot, Inc., Anthem, Inc., Walgreen Boots Alliance, Inc. and AmeriSourceBergen Corporation. Marathon Petroleum Corporation explicitly disclosed the reasons why each ACFE qualified both in the designation and in the director biographies.

3.    In many companies, it was not easy to determine the reason why one or more of the designated ACFE's qualified either from the actual ACFE designation disclosure or from the director biographies. In this case, one had to spend time carefully reading the director biographies to try to determine what experience or skill sets might qualify the individual as an ACFE.

4.    To complicate things further, there were two companies that had only "Supervisory CEO ACFE's" as designated ACFE's on their audit committees. In other words, neither of these companies had a designated ACFE with deep accounting, auditing and/or corporate finance expertise on their audit committees (i.e., no "Preparer ACFE" "Auditor ACFE," or "Evaluator ACFE.") However, after spending the time to do a further analysis of the background and skill sets of the audit committee members who were not designated as ACFEs, it was determined that each company had a non-designated member(s) who possessed either deep accounting or corporate finance expertise on the committee.

5.    Regardless of one's position with regard to the merit/value of the "Supervisory CEO ACFE," another relevant question that investors should be asking is whether or not some companies may be incorrectly designating a CEO as an ACFE who does not technically meet the necessary "active supervision" requirement as per the SEC's adopting release. In some cases, it was impossible to determine if this was the case through reading the proxy disclosures.

6.    Numerous organizations track the absolute number of ACFE's on audit committees and the absolute number has trended upward over time. This implies that the financial expertise of the audit committee as a whole has been increasing, which is a good trend. However, in some cases, simply tracking the numbers may lead to an incomplete picture. For example, with regard to a specific company, if the absolute number of ACFE's has increased numerically but all of them are "Supervisory CEO ACFE's" (i.e., none of whom have deep accounting, auditing and/or corporate finance expertise), shouldn't this information be readily available to investors so that they can independently decide whether or not that particular audit committee is "fit for purpose" with respect to financial oversight? (Or, at least whether or not there is a need to perform a more detailed review to see what other financial oversight skill sets may or may not be present in the non-designated members?)

Since the audit committee is charged with critical financial oversight responsibilities, investors should be able to easily understand what financial oversight skill sets are possessed by the directors on the board committee as a whole. They should also, as an important first step, understand WHY the board determined that the audit committee member qualifies as an ACFE.

It is important to note that boards and companies are already doing the due diligence work internally to make the judgment call as to whether or not an audit committee member qualifies as an ACFE, and why. Why not clearly share this important information with investors as way to assist and engage with them?


Ann C. Mulé is the Associate Director of the John L. Weinberg Center for Corporate Governance at the University of Delaware where she oversees and manages all of the professional, public service and academic outreach activities of the Center.

The views and opinions expressed herein are the views and opinions of the author at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular company, industry or security mentioned herein and nothing contained herein should be construed as legal or investment advice.

Publication Date*: 9/4/2018 Mailto Link Identification Number: 1633
Frequently Asked Questions
  Get a Handle on Critical Audit Matters
Identification Number 1627
Get a Handle on Critical Audit Matters
Publication Date: July 30, 2018

Cindy Fornelli is the Executive Director of the Center for Audit Quality.

Last year, following approval by the Securities and Exchange Commission, the Public Company Accounting Oversight Board (PCAOB) adopted a new auditing standard that significantly changes the auditor's report—with equally significant implications for investors, audit committees and others. The new standard is now moving through an implementation period.

The identification and communication of critical audit matters (CAMs) is the most significant change required by the new standard. If you feel like you don't fully have a handle on CAMs yet, you're not alone. Here are some FAQs to help.

What is a CAM?

The CAMs requirement adopted by the PCAOB is intended to make the auditor's report more informative and relevant to investors and other users of financial statements. According to the new standard, a CAM is "any matter arising from the audit of the financial statements that was communicated or required to be communicated to the audit committee" and that:

  • relates to accounts or disclosures that are material to the financial statements, and;
  • involved especially challenging, subjective, or complex auditor judgment.

How will auditors determine whether a matter is a CAM?

The determination of whether a matter is a CAM is principles based, and the new standard does not specify that any matter would always be a CAM. The new standard specifies that an auditor, in determining whether a matter involved especially challenging, subjective, or complex auditor judgment, should take into account, alone or in combination, certain nonexclusive factors (as specified in the new standard), such as the auditor's assessment of the risks of material misstatement, including significant risks.

What impact will CAMs have on the communication between the auditor and audit committee?

The source of CAMs are those matters communicated or required to be communicated to the audit committee. PCAOB auditing standards already require a wide range of topics to be discussed and communicated with the audit committee, which in most cases means most, and that it is likely that all of the matters that will be CAMs are already being discussed with the audit committee. However, not every topic that is discussed with the audit committee will rise to the level of a CAM. The PCAOB Board believes there should not be a chilling effect or reduced communications to the audit committee because the requirements for such communications are not changing.

Could a significant deficiency in internal control be a CAM?

The determination that there is a significant deficiency in internal control over financial reporting cannot be a CAM because such determination in and of itself is not related to an account or disclosure. However, a significant deficiency could be among the principal considerations that led the auditor to determine a matter is a CAM. For example, if a significant deficiency was among the principal considerations in determining that revenue recognition was a CAM, then the auditor could describe the relevant control-related issues over revenue recognition in the broader context of the CAM without using the term "significant deficiency."

Will CAMs only relate to the current audit period?

The PCAOB requires the communication of CAMs identified in the current audit period. While most companies' financial statements are presented on a comparative basis, requiring auditors to communicate CAMs for the current period, rather than for all periods presented, will provide relevant information about the most recent audit and is intended to reflect a cost-sensitive approach to auditor reporting. In addition, investors and other financial statement users will be able to look at prior years' filings to analyze CAMs over time; however, the standard permits the auditor to choose to include CAMs for prior periods.

Will the auditor be the original source of information about the company in the auditor's CAM communication?

The new standard includes a note explaining that the auditor is not expected to provide information about the company that has not been made publicly available by the company, unless such information is necessary to describe the principal considerations that led the auditor to determine that a matter is a CAM or how the matter was addressed in the audit. The SEC has stated that they believe that situations where auditors would be required to provide information about the company that management has not already made public would be exceptions, arising only in limited circumstances, and not a pervasive occurrence.

What impact are CAMs expected to have on financial reporting?

Increased attention on CAMs could result in an incremental focus on aspects of management's related disclosures. This could result in discussion between and among management, the audit committee, and the auditor on how CAMs are described, and that may have an impact on management's consideration of the information to disclose in the financial statements related to that particular matter. Early dialogue among auditors, management, and the audit committee will be important.

These questions and much more are covered in a new publication from the Center for Audit Quality (CAQ), Critical Audit Matters: Key Concepts and FAQs for Audit Committees, Investors, and Other Users of Financial Statements. I invite you to read that report and to find more resources on auditor reporting at the CAQ website.


A securities lawyer, Cindy Fornelli has served as the Executive Director of the Center for Audit Quality since its establishment in 2007.

The views and opinions expressed herein are the views and opinions of the author at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular company, industry or security mentioned herein and nothing contained herein should be construed as legal or investment advice.

Publication Date*: 7/30/2018 Mailto Link Identification Number: 1627
Frequently Asked Questions
  It's Never Been a Better Time to Open Up the Boardroom: Here's Why
Identification Number 1625
It's Never Been a Better Time to Open Up the Boardroom: Here's Why
Publication Date: July 24, 2018

Coco Brown is founder and CEO of The Athena Alliance, a non-profit organization dedicated to building the modern boardroom and advancing women in the top ranks of leadership. Alison Davis is co-founder of Fifth Era and an Investor, Board Director and Author.

Time to Open Up The Boardroom

Companies today are surrounded by an unprecedented level of transformation. They're operating in the age of disruptive innovation that we call the Fifth Era - Cloud Computing, IoT, Artificial Intelligence, Robotics, Genetic Editing, Blockchain and much more. Furthermore, they're doing it all in a connected digital global marketplace, where customers expect more, share more and talk more—where public opinion spreads like wildfire. This is the hard reality of doing business in the twenty-first century: it's fast-moving, inherently high-tech, and operates in an unforgiving, digital world.

To overcome these modern challenges, businesses must rely on their boards, the highest level of leadership within an organization, to help the CEO steward long-term competitive advantage and relevance. However, despite these technological advances and radically new ways of doing business, most boards today look like they did decades ago, mostly CEOs and CFOs near or having reached retirement.

As a result, much of the board agenda today is focused on topics that were the same focus of the last few decades - operations, compliance, and risk management as well as too often narrowly defined economic value creation goals established within the context of yesterday's products and businesses - rather than the topics that will drive tomorrow's success. Many boards spend little of their time focused on new and emerging external competitive threats, longer term strategy and building innovation capabilities to succeed in this new era. Irrespective of gender, these backgrounds and areas of focus are too narrow to address the key challenges and opportunities that can quickly undermine or boost a business, including innovation and strategy as it relates to technology, employees, customers and community.

It's time to re-think and open up the boardroom. That means widening the aperture to include career experiences beyond CEO and CFO, and widening the age range to incorporate greater exposure to modern business models and innovation. A board with diverse capabilities and more relevant committees is essential to the strategy and innovation discussions that must be had around the board table in the twenty-first century.

Diverse boards are good for business.

By now we know that diverse boards are a competitive advantage. Harnessing the capabilities, experience and perspectives from across a broad range of leaders solidifies a company's place in the world. Yet, many conversations about boardroom diversity tend to overly focus on women, fixating on a supposed pipeline challenge. The hypothesis is simple: there just aren't enough women CEOs and women financial experts out there to fill board seats.

If the board is to be focused on today's operations, financials, compliance and risks, then perhaps this narrower criteria for participation at the board level might be appropriate. Appointing people that have proven themselves is the board model of the past. But we are not just talking about making smart decisions about today's business models and products and services. Companies must also consider this rapidly changing world of new innovations and possibilities and the new and emerging needs and expectations of the customer, the community, and the environment.

Companies need to define their purpose for existing in the first place, and how they offer meaning to human lives—beyond making a profit. They need a diverse board to achieve this broader view.

In his annual letter to CEOs, Larry Fink, chairman and CEO of BlackRock, called on leaders to define their purpose, and to engage their boards in doing so. He stated: "We also will continue to emphasize the importance of a diverse board. Boards with a diverse mix of genders, ethnicities, career experiences, and ways of thinking have, as a result, a more diverse and aware mindset. They are less likely to succumb to groupthink or miss new threats to a company's business model. And they are better able to identify opportunities that promote long-term growth."

CEOs don't last. Boards do.

While the median tenure for a CEO is just five years, board tenures can far exceed that. Board directors may serve for five years, or as long as 10 or 20 years. Indeed, a company's board leadership is more likely to withstand the highs and lows of a company's trajectory, while CEOs will come and go at a much more rapid pace.

At the same time, boards often state that their "responsibility is to the shareholder," yet boards often support CEOs focused on driving or maximizing short term returns, often to a degree that is unsustainable and can hurt the business longer term. Because many shareholders come and go at a rapid pace (a shareholder holds a stock for an average of just four months in the U.S.), the conversation with the long-term shareholder becomes lost. These shareholders, for example pension funds investing for their ultimate clients' retirement accounts, or parents investing for children's college education, are seeking solid long-term returns. They don't want returns that come with a heavy social and societal cost that will hurt them and future generations. Such shareholders are relying on the board of directors, even more than the CEO, to oversee the long term success and sustainability of the returns.

And so, boards, not just CEOs, must be thinking about a company's future and purpose and meaning for the community.

It's time to widen the aperture.

What if companies today approached board diversity with the aim of crafting a board that is capable of confronting complex threats and embracing (and creating) new and innovative opportunities? Getting more women into board seats is a start. But boards should also evaluate younger board candidates. By looking to roles beyond the CEO and CFO, boards will ensure they are thinking about capabilities and skill sets, not just titles. This may include adding board directors with experience in such areas as talent management, culture transformation, customer experience, digital marketing and more.

When one does open the aperture to these other roles, the gender diversity issue we are trying so hard to address becomes less challenging: women hold 55% of chief human resource officer roles, 35% of chief customer officer roles, and 32% of chief marketing officer roles. Even in the technology realm, women are better represented than they are in CEO or CFO roles (19% of CIOs are women, versus 6% of CEOs and 11% of CFOs).

Finally, consider this: many of the most valuable companies in the world didn't exist 20 years ago. And some businesses that have managed to survive are under scrutiny for reasons one would not have expected ten or 20 years ago. They struggle with issues related to employees, customers, culture, and ethics -- issues not focused on nearly enough in today's boardrooms. If these companies want to be around in another 20 years, they must re-evaluate their board competencies and committees.

It's never been a better time to open up the boardroom.


Coco Brown is the founder and CEO of The Athena Alliance. She leads a network of more than 1500 C-Level women, VCs, and CEOs from over 200 companies including Microsoft, Autodesk, Intuit, OpenView Venture Partners, Accenture, Deloitte, and PwC. In just two years, Athena has secured almost 200 board interviews for women, with over fifty boards working with Athena today. Coco has extensive experience in serving as an advisor to c-suite executives and their teams, guiding strategy and execution. Prior to The Athena Alliance, Coco served as President, COO and Board Director of Taos, a prominent in IT Services business serving hundreds of F1000 companies such as Apple, Cisco, eBay, Facebook, and Silicon Valley Bank.

Alison Davis is co-founder of Fifth Era. She is an experienced corporate executive, public company board director, an active investor in growth companies and a best-selling author (Her most recent book "Corporate Innovation in the Fifth Era" profiles the innovation approaches of, Alphabet/Google, Apple, Facebook and Microsoft). She was CFO and Head of Strategy at BGI (Blackrock), Managing Partner at Belvedere Capital, and a strategy consultant at McKinsey and A.T. Kearney. Alison has degrees from Cambridge (MA/BA) and Stanford (MBA). She was born in Sheffield, UK and now lives in the San Francisco Bay Area with her husband, Matthew C. Le Merle, and their five children.

The views and opinions expressed herein are the views and opinions of the author at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular company, industry or security mentioned herein and nothing contained herein should be construed as legal or investment advice.

Publication Date*: 7/24/2018 Mailto Link Identification Number: 1625
Frequently Asked Questions
  10 Ways to Secure the Forgotten Endpoints—Mobile Devices
Identification Number 1620
10 Ways to Secure the Forgotten Endpoints—Mobile Devices
Publication Date: July 10, 2018

Vijaya Kaza is Chief Development Officer at Lookout, Inc., a mobile security company included in the 2017 Forbes Cloud 100, which recognizes the best private companies in cloud computing.

Did you remember to include mobile device security in your budget? If your company is like the majority of organizations in the world, the priority of your security budget is securing your company's network, data centers, email and endpoint devices such as laptops and desktops. Too often, cyber security plans overlook a significant risk that arises from the organization's new cyber-attack surfaces: mobile devices and tablets.

Mobile devices are rapidly becoming primary enterprise computing devices for employees. In fact, more than half of internet traffic originates on mobile devices. Users likely have access to important corporate data and other cyber crown jewels through their mobile devices. On top of that, by putting the user's two-factor authentication token on these devices, they may become the key to unlocking access to corporate and other critical data including bank accounts, credit cards and medical records as well.

It would be unfathomable to leave corporate laptops and desktops without antivirus software and other endpoint protection mechanisms, yet, that is exactly what the majority of organizations are doing with mobile devices. By largely ignoring the risks they pose, companies are leaving themselves (and in turn, often their customers) unprotected. According to a survey conducted by Gartner, only 3% of enterprises have anti-malware protection on mobile Android devices and only 1% on iOS devices.

When developing a cyber security strategy that includes smart phones and tablets, keep in mind that mobile devices are configured and used differently from other traditional endpoints, and therefore should be secured differently. For example:

  • Mobile devices are widely used by employees outside of the corporate perimeter. This makes traditional perimeter security mechanisms like IPS, firewalls and email security solutions irrelevant in protecting these devices.
  • Mobile devices are often owned by the users. They are unmanaged in most cases, with users choosing which applications to run on these devices. This is in contrast to the corporate issued and controlled laptops, which are often managed tightly.
  • Mobile devices are always connected and on. This makes them more available and susceptible to attacks.
  • Mobile devices have limited battery and CPU. The security solutions that an organization uses to protect laptops and other traditional endpoints are not applicable for these devices.
Mobile devices can be targeted from many different angles:
  • Mobile devices can be jailbroken or rooted into. Bad actors can take control of unprotected mobile devices and circumvent any security measures put in place by the OS vendors.
  • Vulnerabilities in the OS can be exploited. Discovering and patching such vulnerabilities is just as important—if not more important—on mobile devices as compared to other traditional endpoints.
  • Many different types of malware specifically target mobile devices. Malware is downloaded to these devices through seemingly innocuous and legitimate apps that the users willingly download for various purposes. Mobile malware is expected to comprise one-third of total malware by 2019.
  • Even legitimate, non-malicious apps may be collecting too much personal information. Music streaming apps, games, work organizers and social media platforms often access sensitive resources on a user's phone that they are not meant to, including the device's camera, calendar and contacts.
  • Mobile devices connect to multiple public networks. As employees leave the corporate network and connect to various public Wi-Fi networks, their mobile devices are susceptible to man-in-the-middle attacks from rogue Wi-Fi access points.
  • Phishing is rapidly becoming a prevalent problem for mobile devices. Sophisticated and intelligently-crafted phishing messages come through various mobile apps like SMS and social messaging, fooling and enticing the users to click on malicious links embedded in them. Users cannot always hover on the links or check the validity of the certificates on mobile devices, making it almost impossible to determine if the links are malicious. This makes phishing a bigger challenge for mobile devices than other traditional endpoints.
These security risks have made mobile devices a prime attack surface for hackers seeking to target the data and networks of enterprise systems. Many enterprises may not be well prepared to deal with these challenges, because most do not invest in adequate measures to protect their systems on the mobile front. If your organization allows access to important corporate data from mobile devices, then these endpoints cannot be ignored in your cyber security plan.

10 Ways to Secure Mobile Endpoints
Once your organization determines the extent of its vulnerability to the security risks discussed above, the following measures can be taken to mitigate mobile threats and secure mobile endpoints:

  1. Define the mobile deployment model of your organization. Do you issue corporate owned devices to employees or do you allow employees to bring their own devices (BYOD model)?
  2. Assess the threat profile and posture of your mobile fleet. How many Android/iOS devices are in your fleet? What OS versions are running on the devices and what vulnerabilities are present in them?
  3. Develop a security strategy for mobile endpoints. Base the strategy on the deployment model, the threat profile and the risk assessment.
  4. Make mobile endpoint security a priority in the cyber security budget. Many cyber security officers feel their budgets aren't adequate. In EY's 2017-2018 Global Information Security Survey of enterprise CIOs and CISOs, 87% reported that they need up to a 50% increase in their budgets, but only 12% expected to receive more than a 25% increase.
  5. Invest in mobile threat defense solutions. The feature capabilities and maturity of these products vary between different vendors in the market. Look for products that offer holistic solutions to each of the potential security attack vectors discussed above, including device, OS, network, application and phishing protection.
  6. Look beyond solutions that offer phishing protection just for corporate email. The email security solutions only filter out potential phishing emails and malicious URLs before they hit the corporate email server, but do not protect against malicious links that may come in through various mobile apps like SMS and social messaging.
  7. Put a strong security and compliance policy in place. A good mobile threat defense solution will identify vulnerabilities that are present in the current OS and send an alert if the OS is out of date or if the mobile device is out of compliance. Incentivize users to upgrade their OS to the latest version and address any compliance violations quickly. For example, block access to corporate data from any mobile device that hasn't been updated to the most recent OS versions or isn't compliant.
  8. Stay current on mobile cyber security risks and solutions. CISOs and Security Steering Committees should review the policies and compliance stance on a regular basis to ensure the organization stays ahead of mobile security threats.
  9. Train employees to defend their mobile devices from bad actors. Conduct mock phishing campaigns and training programs for employees to educate them on phishing on mobile devices.
  10. Partner with a mobile cyber security expert. Chose a vendor to help your organization stay on top of emerging trends and new security threat discoveries and continue to evolve your security strategy.


Vijaya Kaza is the Chief Development Officer at Lookout, Inc. Ms. Kaza previously served as Senior Vice President of Cloud Engineering at FireEye, Inc. (Nasdaq: FEYE), and prior to that worked for 17 years in multiple executive and leadership roles at Cisco (Nasdaq: CSCO).

The views and opinions expressed herein are the views and opinions of the contributor at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular company, industry or security mentioned herein and nothing contained herein should be construed as legal or investment advice.

Publication Date*: 7/10/2018 Mailto Link Identification Number: 1620
Frequently Asked Questions
  Bringing Lessons From #MeToo to the Boardroom: 7 Questions Boards Should Ask
Identification Number 1576
Bringing Lessons From #MeToo to the Boardroom: 7 Questions Boards Should Ask
Publication Date: June 18, 2018

This article was originally published by MITSloan Management Review on June 7, 2018. With permission, minor changes to the text of this article have been incorporated in this version.

Boards need to be proactive in shaping a corporate culture that does not tolerate sexual harassment.

Has your board reflected upon the #MeToo and #TimesUp social movements, and about the continuing wave of CEO resignations amid misconduct allegations? Whether you are a member of the board of a public, private, or nonprofit company, procedures for addressing and preventing sexual harassment must be on your board's agenda. Directors need to do the right thing for employees, for customers, and for all stakeholders. The time for boards to act is now. Here are seven questions boards should ask.

As advisers to boards for a combined 40 years, we have had many discussions about the challenges facing companies. Understanding risk appetite and ensuring the company has a process in place for managing its risks is usually at the top of the list.

When we delve deeper into how boards manage risk, we often hear that different risks are monitored by different committees. For example, accounting risks come under the purview of the audit committee, and risks related to cash and stock incentive programs are monitored by the compensation committee.

But what about sexual harassment? Companies generally agree that while sexual harassment in the workplace is unacceptable behavior on the part of an individual, the ensuing silence or lack of consequences for the behavior reflects a problem with corporate culture — and, ultimately, culture is the responsibility of the entire board.

This begs the question: How do we monitor culture and focus board attention on preventing sexual harassment and misconduct at their organizations? Our answer, based on experience helping boards increase effectiveness, is that directors must first implore their board chair to put this topic on the board agenda. Even though it may be an uncomfortable issue, boards must start the dialogue about this "new" risk. To begin, we suggest directors ask the following seven questions:

How do our current policies measure up to best practices?

Too often, the board does not read company policies or require human resources leadership to review policies and procedures annually to gauge the effectiveness of the reporting process. Directors may think this level of review is "stepping on management's toes." However, the board must determine whether the company's current policies and procedures related to preventing workplace sexual harassment and discrimination are adequate. Asking HR how these policies are communicated and to define "best practices" is not crossing the management/board line. Directors should weigh in on whether the CEO and the management team are communicating the right message.

Do employees trust and use our procedures for reporting harassment?

While there are many methods and procedures organizations use for employees to report harassment or complaints, hotline calls to a company's dedicated ethics line are a good example. Board directors sometimes utter a sigh of relief when they hear there have not been any hotline calls at their organization, but it's a common misconception that few calls to the ethics line equates to a "good" company culture. In an open and trusting culture there are many calls — calls for how to handle a matter, calls for clarification, and, yes, some calls that report a potential problem. Informed directors ask how many calls are received in a given time period and require that calls be categorized.

The hotline is an early-warning system, and directors are looking for trends, not individual case details. Not only does this offer a chance for early intervention, it is also an indicator that employees trust the company will do the right thing. The more comfortable employees are raising issues, the lower the potential risk of the company mishandling a case of harassment. If an abuse or infraction of a policy happens, ensure it is treated fairly and consistently and that real penalties, rather than a slap on the wrist, are imposed.

When does the board get notified?

Keeping with our example of hotline reports, let's now think about how and when the board should be notified. We've found that real-time sharing of reports varies in organizations, but regardless of reporting structure, it's crucial that the full board be notified at least semiannually (though preferably more frequently) about trends and statistics of employee reports.

Directors should also understand the escalation protocols. For example, is there a mechanism to ensure that if a question is raised about the CEO's behavior, it gets immediately reported to the board chair? Ask if the right manager oversees incoming hotline calls and talk through the reporting procedures.

What is company culture like at the mid-employee level?

Boards have regular interaction with the CEO and senior executives. They convene at board meetings, strategize at retreats, and enjoy dinner together. Most often, camaraderie is genuine, and it may lead directors to believe that company culture is similarly positive.

But what about the next level down, with managers who directors see once a year, if that often? And what is the culture like among employees these managers supervise, and with whom the board never engages — how do these employees view the company?

To better understand a company's culture, directors might consider unstructured office tours. One director told us he learned more about company culture while walking around the operations floor than he did in the boardroom. Additionally, directors should ask to see the annual employee satisfaction survey results — and not just the cover page. Initiate a discussion with management about how a potential claim of sexual harassment might be handled in-house and how the board could better monitor culture.

Does the board composition need a refresh?

Companies are not static, and boards must evolve accordingly. A regular injection of new talent around the boardroom table will promote fresh ideas and a disciplined challenge to the status quo. Problems can fester when thinking becomes too insular and when no one takes a step back to deliberate on the culture of the business. One board director told us that the mere presence of a new director in the boardroom causes the conversation to change, but when the new director is a woman, this change is magnified.

Gender diversity on boards is a high priority among institutional investors. Additionally, female board members we spoke with reflecting on the #TimesUp campaign felt that if there had been support at the top of the company and better gender diversity on boards, then they might have felt comfortable speaking up earlier.

What's our crisis response plan?

Boards must be proactive in their thinking and planning around the issue of sexual harassment. Even when following best practices and promoting healthy corporate cultures, bad behavior can (and will) still occur. California provides a good example: Since 2005, employers in the state with more than 50 employees have been required to conduct two hours of sexual harassment awareness training for supervisors and executives every other year. However, what about the boards of directors for these companies? They need to be included in at least some part of this training as well.

Part of any crisis response plan requires getting ahead of a potential crisis, discussing these issues and establishing a culture of zero tolerance starting at the board level and then messaged throughout the organization.

How do we vet our board members and CEO candidates?

Sexual misconduct can be prevented, and prevention must be promoted at the top of the organization. While this is often articulated to be the case, the truth is usually more nuanced. Clearly, recent revelations highlight that we have lived in a culture where sexual misbehavior has been ignored, tolerated, and overlooked. Diversity in the boardroom can provide some mitigation in that it tends to curtail groupthink and group complacency. We need strong directors who will not be afraid to speak up or question unacceptable behavior within the organization they serve. It is easy to assume that directors, by virtue of their title, have the fortitude and wherewithal to do the right thing in all situations. But this is not always the case, and boards have a responsibility to interview and reference for these characteristics.

Instances of sexual harassment and other forms of sexual misconduct boil down to bad behavior, power abuse, and poor judgment within the organization. Failing to implement proper protocols around sexual harassment in the organization can lead to many problems including decreased brand reputation, litigation, and a variety of other risks, as well as the associated decrease in shareholder value. Boards must take the lead in fostering a respectful work culture.


Patricia Lenkov is founder and president of Agility Executive Search LLC. Known for her work on board diversity and a member of the Women & Leadership Advisory Council at Concordia University in Montreal, Canada, Lenkov holds a BA (with distinction) in psychology from McGill University in Montreal, and an MBA from Concordia University. She tweets @Patricia_Lenkov. Denise Kuprionis is founder and president of The Governance Solutions Group (GSG), a board advisory practice. Kuprionis is a senior fellow at the Conference Board's Governance Center, is a National Association of Corporate Directors Board Governance Fellow, and a visiting professor at Xavier University, Cincinnati, Ohio. She tweets @mdkup.

The views and opinions expressed herein are the views and opinions of the author at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular company, industry or security mentioned herein and nothing contained herein should be construed as legal or investment advice.

Publication Date*: 6/18/2018 Mailto Link Identification Number: 1576
Frequently Asked Questions
  5 Keys to Understanding and Addressing Workplace Retaliation
Identification Number 1536
5 Keys to Understanding and Addressing Workplace Retaliation
Publication Date: May 29, 2018

The Ethics & Compliance Initiative (ECI) empowers organizations to build and sustain high quality ethics and compliance programs.

An alarming trend is occurring in our workplaces; retaliatory behaviors are on the rise. According to the Global Business Ethics Survey (GBES), a longitudinal study of employees in for-profit organizations, rates of retaliation for reporting suspected wrongdoing have doubled over the past 3 years. Forty-four percent of employees who alerted management to a potential violation said that they experienced some form of retribution for having stepped forward.

Retaliation is very difficult for leaders to address; not for lack of desire or recognition of its importance. It is often not reported and therefore it quietly perpetuates, with victims sometimes experiencing ongoing punishment from management and peers. It can also be difficult to prove, with only circumstantial evidence to rely on, addressing the problem becomes even harder.

Despite the challenge, it is vital for an organization's long-term success that boards and senior leaders acknowledge and prioritize retaliation as a credible business risk.

There are 5 key insights that can help directors and executives better understand and address retaliation:

1.   Reporting and retaliation rise and fall together.

In part, the retaliation trend is the result of corporate investment in ethics and compliance (E&C) programs that encourage employees to recognize and report suspected wrongdoing. When an organization successfully implements an E&C program to encourage employees to report misconduct, they are often successful in creating "speak up cultures" with increases in reports by as much as 33%. However, along with that, they often see the employees who report being punished by their colleagues for coming forward. It is the difficult reality of E&C programs; the more employees attempt to report wrongdoing, the more likely it is that they will experience repercussions for having done so.

Twelve percent of employees who report wrongdoing only once say they experienced retribution. That number increases to almost 40% of employees who attempt to report three times. The likelihood that that those individuals will be retaliated against increases by another 50% if they try to come forward two times thereafter. Eighty percent of employees who try to report wrongdoing five or more times say they experience retaliation. This pattern is true globally. In working to mitigate retaliation in an organization, employees should feel assured in being able to report wrongdoing confidentially.

Another worrisome trend is that, in the past, reporting and retaliation have tended to rise and fall in similar amounts. However, over the past three years, reporting rose by 7% while retaliation rates increased 50%. It is difficult to say why this is the case. However, one possibility is that the majority of misconduct that was observed involved senior leaders. Generally speaking, wrongdoing that occurs at higher levels of an organization tends to be more serious in nature. The more power a violator has, and the more serious the alleged misconduct, the more likely it is that employees who report will experience reprisal.

2.   Most retaliation is social in nature.

Nearly 60% of employees who say that they have experienced retribution for reporting indicate that they were snubbed or shunned in subtle gestures, excluded from social situations, or overlooked in teaming environments. Nevertheless, half of employees say that they experienced verbal abuse by their supervisor or someone else in management, and almost 40% said that they almost lost their job.

3.   It doesn't matter whether the retribution really happened.

So long as an employee perceives that he/she has experienced retribution, the damage is done. Not only will that individual be unlikely to report the retaliation, the likelihood of their going outside the organization to report to a third party (such as an enforcement agency) is greatly increased. Furthermore, that individual is 65% less likely to come forward to report any other act of misconduct, should that take place. Therefore, it is important that management actively seeks out and manages perceptions of the reporting process.

4.   Acts of retaliation have a long-lasting and wide-reaching effect.

When retribution occurs, three new problems surface. A new form of misconduct has taken place (the retaliatory act); a new victim (the reporter) has been created; and the retaliatory act seeds an environment that is cancerous to the overall culture of the organization. Once it becomes known among other employees that retaliation occurs, there is a widespread silencing effect. Fifty-three percent of employees with first-hand knowledge of misconduct do not come forward out of fear that they will experience retribution for doing so. This fear of retribution then enables misconduct to become engrained in the culture of the organization. Therefore, tolerance of retaliation can be a leading indicator of future misconduct.

5.   Retaliation can be reduced and even eliminated.

The more an organization does to implement a high-quality ethics and compliance (E&C) program, the less retaliation occurs. While it may sound contradictory to the first insight in our list, the quality of the program makes a difference. While more than half of those who report misconduct say they experienced retaliation in companies without high quality E&C programs, only four percent say they have suffered from retaliation in companies with high quality programs. The same pattern is true for the extent to which misconduct occurs in the first place. That is because the higher the quality of the program, the stronger the culture in the organization. The stronger the culture, the less retaliation occurs.

To improve the quality of E&C efforts, boards and executives should shift from a narrow view of risk and compliance to a broader focus on culture and accountability. Message matters. Individuals are more likely to come forward to report wrongdoing if they believe that their report will make a difference; and they trust that they will be protected by management if they come forward. That is not a message of compliance. Boards should insist that management establish safe "speak up cultures" that emphasize a set of core values as the highest priority and the standard for all conduct. Management should also promote the availability of resources for those who observe wrongdoing; empower individuals to come forward; and clearly communicate that all individuals who engage in retaliation will be disciplined.

When it can be identified, retaliation is very difficult to prove in such a way that management can formally respond with legal or disciplinary action. Yet it is essential for leaders to find a way to address retaliation, for the sake of individual employees and the ongoing vitality of the organization.


The Ethics & Compliance Initiative (ECI) is a best practice community of organizations that are committed to creating and sustaining high quality ethics & compliance programs. ECI provides independent research about workplace integrity, ethical standards, and compliance processes and practices in public and private institutions.

The views and opinions expressed herein are the views and opinions of the author at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular company, industry or security mentioned herein and nothing contained herein should be construed as legal or investment advice.

Publication Date*: 5/29/2018 Mailto Link Identification Number: 1536
Frequently Asked Questions
  Non-GAAP Measures: Questions and Insights
Identification Number 1511
Non-GAAP Measures: Questions and Insights
Publication Date: April 9, 2018

Cindy Fornelli is the Executive Director of the Center for Audit Quality (CAQ).

The use of financial measures that do not conform to US Generally Accepted Accounting Principles (GAAP) has long been the subject of debate—even controversy. While it has ebbed and flowed over the years, this discussion is unlikely to disappear.

Consistent with its mission to convene and collaborate with stakeholders to advance the discussion of critical issues, the CAQ held a series of 2017 roundtable discussions regarding the presentation and use of non-GAAP measures—and the opportunities to enhance trust and confidence in this information. Each roundtable was attended by approximately 20 to 25 individuals including audit committee members, management, investors, securities lawyers, and public company auditors. Because the presentation and use of non-GAAP measures can vary from industry to industry, each roundtable focused on a specific industry: pharmaceutical, real estate, and technology.

These events each began with a set of key questions, on which participants provided no shortage of insights. We have published a full report, Non-GAAP Measures: A Roadmap for Audit Committees, on the roundtables' findings, as well as a companion video that provides additional context and real-life examples of how audit committees are thinking about non-GAAP measures.

Here, we provide some high-level key themes.

Why is GAAP so important?

No discussion of non-GAAP measures can take place without a discussion of GAAP itself. At the roundtables, participants made clear that they view the GAAP information as the "bedrock" or "starting point" for the financial information that companies present. GAAP, they said, provides a useful baseline that offers comparability from one company to the next.

If GAAP is the bedrock, why do companies present non-GAAP measures?

Participants were asked to share their views on what drives the presentation and use of non-GAAP measures. Several common themes emerged from the discussion.

  • Demand from investment analysts: Participants shared that requests from investment analysts are often a primary reason company management chooses to present a non-GAAP measure. Investment analysts find that non-GAAP measures help them better understand the company's underlying business performance or forecast the company's long-term value in their proprietary models.
  • Desire to tell the company's story: Participants also acknowledged, however, that company management does not present non-GAAP measures solely for investment analysts. Rather, non-GAAP measures can be a tool to help tell a company's story and provide users of the information with insight into how management evaluates company performance internally. In some cases, non-GAAP measures are also an input into how the company compensates employees for company performance.

What are top challenges related to non-GAAP measures?

Participants acknowledged that non-GAAP measures present challenges to certain stakeholders in the financial reporting supply chain.

  • Investors are challenged by the lack of consistency in the calculation of non-GAAP measures from one company to the next. Such irregularity makes it difficult for non-GAAP measures to be compared across companies—even within the same industry. It also can be a challenge for end-users to know whether the performance reported by the press is a GAAP measure or a non-GAAP measure.
  • Management representatives indicated that they spend a significant amount of time (1) discussing what information to include in or exclude from non-GAAP measures they present, and (2) making sure the information is presented fairly and disclosed transparently.
    Audit committees noted that their challenges related to non-GAAP measures tend to be an extension of management's challenges. Audit committees want to understand the reason the company is presenting the measure, and the roles and responsibilities of those involved with the information, including company personnel (e.g., finance and internal audit) and the external auditor. Further, they want to know how the company's non-GAAP measures compare with the information presented by peer companies.

To address challenges, should non-GAAP measures be standardized?

Not necessarily. Representatives from management at all of the roundtables indicated that standardization may limit their ability to tell their companies' story.

The real estate industry makes use of a supplemental standardized non-GAAP measure: funds from operations (FFO). The FFO measure, which was defined by Nareit, is in widespread use and is recognized by the Securities and Exchange Commission. That said, in addition to reporting Nareit defined FFO, companies report various forms of FFO (e.g., adjusted FFO, normalized FFO, company FFO). So even within one industry that has agreed on a standardized non-GAAP measure, there are still variations on how it is reported.

Why is dialogue so important around non-GAAP measures?

Participants emphasized the significant judgment involved in determining how to treat a one-time transaction or event in non-GAAP measures, and they agreed that company management and audit committees strive to execute good judgment when making these decisions. To that end, many companies have enhanced the rigor of their presentation and disclosure of these metrics.

There was consensus among participants that audit committees can promote rigor related to non-GAAP measures by having a dialogue with company management as well as internal and external auditors. Among other things, this dialogue can help the audit committee to set clear expectations regarding the roles and responsibilities—relative to non-GAAP measures—of each member of the financial reporting supply chain.

What is the external auditor's non-GAAP role?

In a nutshell, the external auditor's opinions on the company's financial statements and, when required, the effectiveness of the company's internal control over financial reporting (ICFR) do not cover non-GAAP measures. Professional auditing standards indicate that the auditor should read non-GAAP measures presented in documents containing the financial statements (such as annual and quarterly reports) and consider whether non-GAAP measures or the manner of their presentation is materially inconsistent with information appearing in the financial statements or a material misstatement of fact.

Though external auditors do not audit non-GAAP measures as part of the financial statement or ICFR audits, audit committees and management may consider leveraging the external auditors as a resource when evaluating non-GAAP measures.

How can the audit committee enhance its non-GAAP role?

At the roundtables, there was wide recognition of the benefits of increased audit committee oversight and involvement with non-GAAP measures. The CAQ's full roundtable report offers audit committees insights on the way forward. It is available free of charge at the CAQ website.


Also from the CAQ see Preparing for the Leases Accounting Standard: A Tool for Audit Committees. This tool is designed to help audit committees exercise their oversight responsibilities as companies implement the new lease accounting standard, which will begin to take effect in January 2019.


A securities lawyer, Cindy Fornelli has served as the Executive Director of the Center for Audit Quality since its establishment in 2007.

The views and opinions expressed herein are the views and opinions of the author at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular company, industry or security mentioned herein and nothing contained herein should be construed as legal or investment advice.

Publication Date*: 4/9/2018 Mailto Link Identification Number: 1511
Frequently Asked Questions
  Five Steps to Upgrade Your Board Evaluation By Beverly Behan, Author, "Great Companies Deserve Great Boards"
Identification Number 1471
Five Steps to Upgrade Your Board Evaluation by Beverly Behan, Author, "Great Companies Deserve Great Boards"
Publication Date: December 6, 2017

Beverly Behan has worked with more than 100 Boards of Directors on board and director evaluations over the past 20 years.

While board evaluations have been adopted by nearly every Nasdaq-listed company, the standard process has often outlived its usefulness and become a rote routine. The better the board, the more sophisticated the board evaluation should be, as it offers a unique opportunity to engage directors in a vibrant conversation about the board's strengths and elicit good ideas that might make the board even more effective going forward. However, the traditional survey format wastes that opportunity by turning the board evaluation into a perfunctory compliance exercise.

What kind of results are boards achieving when they change things up in their board evaluation? Here are some examples:
  • Three years ago, the board of a midcap REIT conducted a comprehensive board evaluation using all five steps outlined herein. They entered the process with no plans to recruit any new directors, but came away in complete agreement of the need to find three new board members to address gaps identified in the board's composition. Not only did they find them, over the next 18 months, these new directors made a tremendous and positive difference in the board's operation – and gave the board, as a whole, the confidence to make some significant changes in corporate leadership that were previously considered "off the table".
  • The board of an aerospace company had a practice of diving directly into questions the moment any management presentation began. While this was considered far preferable to "death by powerpoint", management described the practice as creating a "paintball dynamic" where questions were firing before they had even given an overview on the topic at hand. It was resulting in redundancies and inefficiencies; presenters were backtracking and dialogue was unfocused. Many board members also expressed frustration. Some wondered if the most important points had even surfaced when the dialogue had finished, as many questions went to "secondary issues". When these concerns surfaced during the board evaluation, changes were immediately agreed upon that led to a far more efficient process.

  • The board of a financial services company had been including their top management in the board evaluation for some time. When they repeated this process two years ago, the board was starting work on CEO succession planning in earnest with a two-year time horizon. In-depth questions on this topic were included in the board evaluation, which yielded extremely helpful insights for the Succession Committee. As a result, the board incorporated steps into the CEO succession process that they had not previously considered and even changed the timeline. Moreover, board members felt that this exercise provided them a far richer understanding of corporate culture issues (including cultural issues around a recent merger integration setback) that became invaluable in assessing potential CEO candidates.

What, then, are the five steps many boards have been adopting to revitalize their board evaluation and achieve the types of useful outcomes described in these examples?

Switch to a Three-Year Cycle
Companies listed on the NYSE are required to conduct an annual board evaluation. However, no such requirement applies to the boards of Nasdaq-listed companies. As such, Nasdaq boards have the freedom to adopt a three-year cycle, which is the current "best practice" in Britain. British boards typically use a more comprehensive board evaluation process than most of their American cousins and conduct their evaluations every three years rather than annually. After all, a well-executed board evaluation should yield an Action Plan that may require 18 to 24 months to implement; repeating the process a year later typically delivers only marginal returns.

Interestingly, some NYSE-listed boards have adopted the three-year cycle as well – using an interim evaluation process for the two interceding years between board evaluations to satisfy the NYSE's requirements. Interim years often involve a short survey or phone calls from the Chair of the Governance Committee to talk about progress on the Action Plan from the prior year's evaluation.

Replace Surveys with Interviews
The traditional approach to a board evaluation involves a survey form where directors are asked to enter a score from 1 to 5 on a series of questions relating to the board's operations, typically with some space for write-in comments. The design nearly always consists of closed-ended questions such as "The pre-reading materials are adequate" – a format that readily lends itself to numeric scoring but rarely yields insightful or truly actionable feedback. The result is a numeric report that lacks the richness of interview commentary.

To use the example noted earlier about the board that explored CEO succession issues in its board evaluation: Asking some closed ended questions about CEO succession might yield a score with a few write-in's like "Culture is a key concern". By contrast, the interview format they did use produced insightful comments, such as: "We have a bifurcated corporate culture at the moment; our traditional, highly conservative culture is sharply at odds with the entrepreneurial somewhat "cowboy" culture of [newly acquired company]. Our next leader needs to understand and bridge these."; "Since the merger, it's as if no one has been making any decisions. I don't know if that's the board's fault or who is responsible, but what we have right now, I would call a stymied culture and people are frustrated by it."

Interviews are also more engaging for participants. Most directors appreciate the opportunity to share their views and offer constructive suggestions to make a great board even better. They are anxious to see what others have said and whether their views are unique or widely shared. And therein lies one of the reasons greater impact is typically achieved: When relative alignment surfaces through a highly engaged process, the board typically moves swiftly forward to incorporate these good ideas.

Include Senior Management Feedback
As most Nasdaq-listed company CEOs serve as members of their governing boards and routinely participate in the board evaluation. Over the past decade, however, it has become increasingly popular to gather feedback from 3-5 top company executives who are not board members, but regularly attend board and committee meetings. While some directors bristle at the thought of management "evaluating" the board, most find it illuminating to include management feedback in the evaluation. Senior executives nearly always provide worthwhile perspectives. Moreover, including management in the evaluation demonstrates the board's openness to feedback, which nearly always earns kudos and respect from the executive team. It sets the right "tone at the top" in terms of accountability.

If management is included in the evaluation, a decision will need to be made as to whether and how the results of the board evaluation will be shared with those executives who participated. Some topics are probably best limited to discussions among the board itself, such as CEO succession. Others, however, such as enhancements to board pre-reading packages and presentations, lend themselves particularly well to joint board/management discussions.

Using a Third Party
The provisions of the 2016 UK Corporate Governance Code require that board evaluations of FTSE 350 companies be externally facilitated every three years. Even UK companies not in the FTSE 350 must indicate if an independent third party was used to facilitate their board evaluation.

This is clearly the direction board evaluations are heading. In a 2015 Wall Street Journal article on the growth of this trend, Joann Lublin quotes a Spencer Stuart partner who predicts that 35% of American boards will have adopted this practice by 2020. The article suggests that this trend may be driven, in part, "as investors ratchet up their expectations for board performance". Notably, the Chairman of Vanguard, in an open letter to public company directors dated August 2017 specifically includes "effective ongoing board evaluation practices" as one of the firm's expectations for investee boards.

Strive for an Action Plan of 3-5 Constructive Suggestions for Board Enhancement
Achieving a high score on a board evaluation is not the hallmark of an effective board but rather a board evaluation process designed to suppress rather than elicit good ideas from experienced and highly capable board members. Interview-based board evaluations typically yield 3-5 worthwhile suggestions for potential board enhancement; boards with highly engaged and thoughtful directors often surface 8-10. Shifting the desired outcome can make all the difference in how the process is designed and used: From a "tick the box" compliance exercise to an ongoing continuous improvement process aimed at making a good board great and keeping a great board vibrant.


Since 1996, Beverly Behan has been conducting board and director evaluations for the Boards of Directors of public companies, having working with more than 100 boards on this issue over the past two decades: She recently authored "Board and Director Evaluations in the 21st Century: A Practical Guide for Governance Committees" which is available to Nasdaq Clearing House readers at no charge by emailing the author:


The views and opinions expressed herein are the views and opinions of the author at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular company, industry or security mentioned herein and nothing contained herein should be construed as legal or investment advice.

Publication Date*: 12/6/2017 Mailto Link Identification Number: 1471
Frequently Asked Questions
  The Rise of the Investor-Centric Activism Defense Strategy by Peter Michelsen and Derek Zaba of CamberView Partners
Identification Number 1439
The Rise of the Investor-Centric Activism Defense Strategy by Peter Michelsen and Derek Zaba of CamberView Partners
Publication Date: October 17, 2017

CamberView Partners provides advice to public companies on engagement and shareholder relations, activism and contested situations, sustainability and complex corporate governance matters.

Shareholder activism is often thought of in binary terms: activist v. company, dissident nominees v. company directors. Media coverage dramatically frames the "showdown" of prominent and press-savvy activists taking on companies as both sides seek the upper hand on the way to the ballot box. While an "us vs. them" mentality makes for a compelling narrative, this framework has a major flaw: it doesn't include shareholders, who are the most important constituency in driving the outcome of proxy contests.

Gaining the support of shareholders, in particular large institutional shareholders, through a well-crafted "investor-centric" activism defense strategy is increasingly the key to success in activism situations. Below we outline how activism defense and the investor landscape have evolved and why the "investor-centric" strategy has become the optimal path to victory for most proxy contests, regardless of whether they culminate in the withdrawal of the activist, a shareholder vote or a mutually agreed settlement.

Where it Began – Tactics, Tactics, Tactics

Five years ago, it would not have been uncommon to find a whiteboard on the wall of a company boardroom in a contested situation filled with a list of tactical measures to thwart the activist's campaign: poison pills, changing bylaws, moving meetings to remote locations, lawsuits, and shifting record dates. The primary focus of a tactical strategy was to outmaneuver the hostile acquirer or activist, the latter of which was more often than not pursuing a straightforward "sell the company" or "lever up and distribute" thesis and had limited ability to sustain a multi-year campaign.

Today, investors and proxy advisory firms are more skeptical of actions taken by the Board that appear purely tactical or are otherwise perceived as impinging upon shareholder rights. Often, these actions carry the risk of souring investors who might otherwise be willing to support the company but feel disenfranchised from decisions that materially impact the value of their portfolio company. While such tactics may still be part of the activism defense toolbox, they should be considered with great care and in the context of their impact on maintaining support from companies' increasingly diverse and sophisticated shareholder base.

The Activist-Centric Defense Strategy

As tactical considerations became less effective as an activism defense strategy, boards turned their focus directly to the activists and their agendas. Specifically, some companies took actions with the goal of either preempting the activist or appeasing them, aiming to implement enough of the activist's thesis to make the remainder of their demands not worth fighting for. The resonant concept was that boards should "think like an activist." In some cases, these actions resulted in a settlement with the activist or the activist withdrawing after achieving a partial, but "sufficient," victory.

However, in present times the major problem with a defense strategy focused primarily on addressing the concerns of an activist is that while the activist may have been satisfied by the outcome, some or many of the activist viewpoints may not have been shared by the broader base of long-term investors. In fact, in recent years, there has been significant pushback from large institutional investors, whose risk profiles and investment time horizons often differ from those of a vocal activist fund, about the practice of companies reaching settlements without receiving input from other shareholders. An unsettled shareholder base can leave companies vulnerable to a follow-on campaign either by the initial activist or another activist with a different agenda.

Evolution of the Investor Landscape

The evolution of defense strategies has occurred against a backdrop of recent tectonic shifts in the investor landscape that have reinforced the centrality of the broader, long-term shareholder base in activism situations. The oversight failures of the early 2000s and 2008 financial crisis spurred many investors to become more active owners and voters. Over time, governance-focused institutional investors have built out their proxy voting teams, which has allowed them to engage with a broader range of companies and other market players. Activism itself has undergone a transformation, with activists seeking to shed their "corporate raider" label while building relationships with investors. Additionally, active managers under pressure to generate alpha are more receptive than ever to activist theses.

Underlying all of this is the increasing concentration and acceleration of fund flows into passively managed index funds and ETFs over the past several years. Today, the top five institutional shareholders hold more than 20%, on average, of S&P 500 companies and one of the three biggest index funds (BlackRock, Vanguard and State Street) is the largest single shareholder in 88% of companies in that same index. These passive investors are increasingly important as they tend to have a longer-term perspective which results in them being more willing to support a company if they believe in its long-term strategy regardless of potential short-term negative impacts to the business or stock price.

The growth of assets held by passive investors has also heightened the focus on corporate governance and board-related matters across the market. These topics are now a critical focal point in activism campaigns. As a result, success in an activist situation now increasingly requires companies to persuade and win the support of a range of constituencies much broader than the traditional portfolio manager and buy-side analyst community, including governance teams, proxy advisory firms and key asset owners such as public pension funds.

The Investor-Centric Defense

The evolution of the investor landscape, in addition to the aforementioned problems that have arisen with prior defense strategies, has elevated the concept of an "investor-centric" defense strategy. Unlike previous strategies, this approach begins well before an activist arrives with their demands and is built on companies understanding their investors' concerns through years of engagement and relationship building. As the Chairman and CEO of Vanguard recently wrote, quoting a corporate CEO during one of their engagements, "You can't wait to build a relationship until you need it."

Rather than "think like an activist," the right approach for companies is to "think like a shareholder representative": engage with investors, understand and incorporate their perspectives, and educate them on why the company is pursuing a particular strategy, particularly before an activist appears. Ongoing dialogue enables companies to build credibility with key decision-makers within both the investment and governance teams at institutions, even if there are topics where these disparate teams are not in complete agreement. Even in situations where there is a large and supportive base of retail investors, it is these key decision-makers who will make the ultimate difference between winning and losing.

While companies typically have very active investor relations efforts focused on portfolio managers and research analysts, they must also understand how to engage with all investor constituencies that will drive outcomes in a potential activist situation.

For actively-managed funds, where communication during an activism situation is frequent, feedback will generally be more direct and the decision-making process will be primarily focused on core economic issues. Companies that have built buy-in for their strategy in advance of a fight by being responsive to feedback from these funds will benefit from a higher probability that these investors will vote with management.

On the other hand, governance-focused investors often enter a fight with a limited understanding of the company and are concerned about a range of strategic, financial and governance elements. Building trust with this constituency often means demonstrating that the company has the right board in place to evaluate and oversee long-term strategy, and that the board is operating with a focus on the best interests of shareholders. While this trust can be established in the fast-paced environment of a proxy fight, companies that have proactively built relationships with governance teams and proxy advisors will generally fare better than those that are scrambling to do so under a stormy sky.

With all of this in mind, it is clear that companies in an active defense situation must evaluate every decision through the lens of how investor constituencies will view the action and how it will affect the potential vote. Even if a threatened proxy contest ends in settlement, the leverage that companies have in negotiation derives primarily from the support of these key investors.

Takeaways for Issuers

The delicate balance among boards, management teams, investors and activists is a constantly-changing equation. Over the past several years, a small number of asset managers have amassed trillions of dollars of assets and significant power. These investors represent the ultimate "swing vote" that can effectively determine the outcome of an activist situation and are more willing than ever to exercise their vote. Activists have adapted their approaches to appeal to this increasingly powerful bloc of voters, while public companies have been somewhat slower to proactively build relationships beyond traditional investor relations efforts.

Given these new dynamics, it is critical that companies view their potential actions through an investor lens, whether three weeks before a meeting or during the off-season. A key step is engagement and relationship-building with all key investor constituencies before being confronted by an activist. If an activism situation occurs, company management and board will be able to draw on the trust generated with key decision-makers, will have had the opportunity to tell their story on critical strategic and governance issues, and will have heard and addressed the feedback and concerns of their investors.


Peter Michelsen is President and Co-Head of the Contested Situations Practice of CamberView Partners.

Derek Zaba is a Partner and Co-Head of the Contested Situations Practice of CamberView Partners.

CamberView Partners provides advice to public companies on engagement and shareholder relations, activism and contested situations, sustainability and complex corporate governance matters. CamberView helps its clients succeed by providing unique insight into investors' perspectives on long-term value creation, interpreting the evolving governance landscape and creating proactive strategies to stay ahead of investor challenges.

CamberView's services include: Shareholder Engagement, Governance Advisory, Sustainability, Complex IR Strategy, Say on Pay, "Vote No", Environmental, Social and Governance Shareholder Proposals, Activism Defense, Hostile M&A, Complex "Friendly" M&A, and Defense Preparedness.


The views and opinions expressed herein are the views and opinions of the author at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular company, industry or security mentioned herein and nothing contained herein should be construed as legal or investment advice.

Publication Date*: 10/16/2017 Mailto Link Identification Number: 1439
Frequently Asked Questions
  Tone from the Top: Influence Boards Don't Know They Have by Dr. Phillip Shero
Identification Number 1435
Tone from the Top: Influence Boards Don't Know They Have by Dr. Phillip Shero
Publication Date: October 3, 2017 

Dr. Phillip Shero is the President of MasterMinds Leadership and works with CEOs and Board Chairs to build bridges of trust and accountability.

In a recent conversation, the Corporate Secretary of a Fortune 500 company proudly explained to me their culture of accountability and intentional investment in leadership at all levels.

"That sounds amazing," I said. "Tell me, what is the board's role in creating and sustaining that culture?"

He said, "There's not much the board can do about that. Culture is the CEO's job."

Therein lies the problem.

We have done such a good job emphasizing management's responsibility to drive culture that directors don't see the levers of culture available to them. If we want to succeed at creating the right "tone at the top," boards must recognize and embrace their levers of influence.

No Accidental Success

Consistent success over time is not an accident. It is purposeful. If the culture was truly exceptional at his company, I could not believe that the board was not involved.

I asked further questions and pointed to examples the Corporate Secretary had already given me to help him see the board's role in their success. His eyes went wide and he said, "Yes! I guess we did play a part." He was then able to cite several practical situations where the board set a tone for accountability and leadership development. Even in situations where the board was not directly involved, he was able to see how the members knew of and supported management's efforts to develop leadership and accountability.

One of his examples was an annual board meeting where the achievements of two dozen high potential employees were celebrated. He affirmed that the directors knew who these up-and-coming leaders were and were proud of their development.

His story is a clear case of unconscious competence: until that conversation, he did not realize what his board was doing right or how powerfully it supported their company's culture and tradition of leadership development.

Where are the Levers of Culture for Directors?

The Corporate Secretary was right in this: the two functions of management and governance have different arenas of responsibility. Directors do not have the same proximity to employees or opportunity to influence culture daily that the CEO and executive team have.

However, directors do have three levers to intentionally influence the culture of their organizations. These are the levers of Leadership, Alignment, and Perspective.

1) The Leadership Lever: Hiring the right CEO and building a relationship of genuine trust.

Boards select a CEO for many reasons—not least of which is his/her ability to drive profit. However, we know that not all profit is equally good. An executive can slash jobs and create profit instantly, but the effects on morale and culture will diminish those returns over time.

David Katz writes in Harvard Law School's Forum on Corporate Governance that cultural fit is one of two key elements in the CEO selection process. I believe his criterion can be strengthened further—a CEO candidate must have demonstrated ability to create and sustain healthy cultures, not just fit the culture that already exists.

Selecting the right CEO is a massive culture lever for directors, but it can only be moved about every 5 years. Therefore, directors must give attention to relationship quality.

The CEO selection lever has a dial to the side, which measures the trust, transparency, and relationship quality between the Board and CEO. Directors can influence organizational culture by turning up that dial to increase trust and transparency in the boardroom. One of the best ways I know to begin creating more trust between directors and the CEO is by getting to know each other outside of board meetings. Any process that creates the ability to share and recognize each other's strengths and weaknesses will strengthen the foundations for trust.

2) The Alignment Lever: Modeling the culture and rewarding a single standard.

It may come as a surprise to think of the culture of the boardroom as a reflection and lever of influence on the culture of the organization. Edgar Schein described culture as a combination of shared beliefs, values, and actions (or artifacts). All three are present in a board meeting: shared beliefs (what is true and/or real), shared values (what is important), and shared actions (what we do).

The cultural artifacts of the boardroom include how people are greeted, what makes it onto the agenda, how much time is given to different topics, what relationships are cultivated, whether interrupting speech is tolerated, and whether healthy conflict is possible or encouraged.

Along with modeling the desired culture in the boardroom, directors can leverage their interactions with the CEO to influence culture through relentless pursuit of alignment.

One way to pursue alignment is by rewarding a single standard. Note this example of a double standard: the board desires a culture where Millennial workers are developed and retained, but the CEO is rewarded for cutting lower-level jobs to achieve projections.

Directors can measure their current alignment through use of strategy-focused board surveys, facilitated by a third party. Many board surveys are heavily weighted toward compliance with standards and regulations, which tell little about internal alignment. However, a survey weighted toward strategic issues can reveal misalignment between governance and management early enough to make corrections.

3) The Perspective Lever: Asking the right questions and cultivating multiple perspectives.

As humans, directors and chairs must overcome the built-in social pressures that suppress hard questions. I continue to read about and hear from directors who do not ask questions out of concern that they would look uninformed or out of step.

In recent years, directors have been encouraged to ask more questions about more types of risk, including cybersecurity. Boards know they are responsible for risk. Yet, there is a disconnect when it comes to asking relevant and probing questions about culture, often until it blows up on the news. When bad news breaks, defective cultures are usually blamed on CEOs, with boards taking little responsibility. Consider recent news related to companies with broken cultures that resulted in a variety of toxic practices, including customer abuse, sexism, gender bias, and massive sales fraud. In each case, the assumption is that the CEO is at fault for bad culture. The board bears little or no responsibility.

A report issued by one company cited management's failure to correct an oppressive sales culture. The board did acknowledge some responsibility, but the report couched it as a structural issue—i.e. the board failed to fix a flawed, decentralized structure. Even with that admission, board members complained that they were not made aware of complaints and cultural problems. Perhaps so, but did they ask the right questions?

In addition to asking deeper questions about culture, directors can move the lever of culture by cultivating multiple perspectives. The board should ensure that it hears from various sources. If an internal study is commissioned, let the person who led the study present the report to the board personally. If an external consultant assesses the culture, the board should hear their findings in person. When it comes time to conduct evaluations, invite a third party to facilitate the survey and interpret the results.

The need to cultivate multiple perspectives is not an indictment of the CEO's or chair's lack of objectivity. Nor does it indicate lack of trust. Instead, hearing from multiple voices allows the directors and CEO to listen together, reflect together, ask questions together, and eliminate bias together. Important cultural indicators emerge from this shared listening, which can be easily overlooked when the same few sources always provide and interpret information.

Directors need to ask themselves the hard, honest questions about their attention to cultural health, and they need to brace themselves for the answers. What voices have been invited to speak in the boardroom outside of the top management team, audit firm, and legal advisors? What insights and new perspectives did they gain from hearing them? How deeply did they dig to understand the information that was shared?

Shifting "Tone at the Top" by Moving the Levers

Boards that want to shift the "tone at the top" must first recognize that they, as directors, have real influence on the culture of the organization. Directors can work together and individually to move the levers of Leadership, Alignment, and Perspective to actively extend their influence and shape the culture of the organization.


Dr. Phillip Shero is the President of MasterMinds Leadership and an executive coach to CEOs, senior management teams, and boards. He lived in Uganda for 15 years, where he became the co-founder and first president of LivingStone International University, an accredited liberal arts institution dedicated to producing ethical and empowered leaders in Africa. His firm specializes in executive leadership development, coaching high performing senior teams, and strategic planning. Dr. Shero writes weekly on leadership and publishes on LinkedIn.

The views and opinions expressed herein are the views and opinions of the author at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular company, industry or security mentioned herein and nothing contained herein should be construed as legal or investment advice.

Publication Date*: 10/4/2017 Mailto Link Identification Number: 1435
Frequently Asked Questions
  Ransomware Defense for Boards by Betsy Atkins with input from Bill Lenehan
Identification Number 1427
Ransomware Defense for Boards by Betsy Atkins with input from Bill Lenehan
Publication Date: September 20, 2017

For all the clever coding involved, most ransomware delivers a very crude but deadly message when it strikes your company. Important company files are locked, and may be destroyed, unless you pay a specific ransom amount, anonymously, with a short deadline. At that point, panic sets in. But if your top management, IT team and board of directors have devoted some time, thought and resources in advance, you'll know how to respond (and might dodge the bullet altogether).

In my own recent boardroom experience, how boards should deal with cybersecurity is one of the hottest topics. I've been an evangelist for getting boards active in setting and assuring effective corporate digital policies. Much of this should be basic good governance for the twenty first century. Realize that a cyber-attack is now a matter of when not if. Make your board digitally savvy so it can ask smart questions on technology, threats, and liabilities. Assure things like up-to-date platforms, software, and third-party testing.

I should note that the majority of company hacking attacks still involve these conventional threats -- the cyber equivalent of smash-and-grab theft. However, the special dangers posed by digital hostage taking demands a unique corporate governance role. If regular hackers penetrate your systems to steal money or data, there are few shades of grey. There may be debates between IT and the rest of management on budgeting for safeguards (the board should be IT's advocate and "nudger" on this, by the way). However, the priorities after a conventional breach are never in doubt -- assess and limit the damages and learn from the attack.

Ransomware is existentially different and goes to the heart of a board's governance and fiduciary role. Do we as a company pay a ransom demand or do we take the moral high ground and say no? Your board needs to tackle this question, with its uncomfortable blend of technology and ethics, now, before an attack. The major ransomware strains, such as Petya and WannaCry, offer a short time frame (sometimes as little as 24 hours) to pay up or face the consequences. Convening a board meeting that quickly to deal with a flash crisis would be both impractical and unwise. Further, the actual ransom itself can be oddly small. Would you really convene an emergency board session to discuss expending $1,000?

Real-world board experiences with ransomware suggests there is a better way. I've seen ransom demands first-hand at one of my boards, and spoke with Bill Lenehan, CEO at Four Corners Property Trust, who's also faced these traumas. We have observed a number of effective strategies specifically targeted at dealing with the unique threat of a ransomware attack:

Have the ethical discussion before a ransomware attack occurs. Your top executives and IT staff need guidance from the boardroom on the big question of whether or not the company should submit to a demand for ransom. The decision is not an easy one; losing business (and perhaps the business itself) by taking the moral high ground is not your call as a shareholder fiduciary. Your number one mission is to protect the business for investors. That may involve the tough decision to pay up if it will save data or needed access.

"Boards need to provide guidance and support on how this is handled," recalls Bill Lenehan. He finds laying out the issues directly to the board helps clarify their thinking. "I was talking with a 70-year old board chair, and said 'Let me throw you a curve. You're trying to close a $200 million acquisition, when suddenly, your employees get a ransomware demand for a total of $3000. If you don't pay, you jeopardize the deal, your relationship with numerous counterparties, and maybe the company itself.' The response, 'My God, I never thought of this!??'"

Hold this debate now at the board level, because when a hacker's WARNING screen pops up, it's too late for philosophy.

Shape a corporate ransomware response policy based on the ethics discussion. Take the strategic principles the board has developed for responding to ransomware attacks and turn them into a working tactical policy. Include functional steps, like who is to be notified, who makes the final payment decision, damage/cost tradeoffs to weigh, etc. Also, will you even be able to pay the crooks? It sounds distasteful, but assure that you have the mechanisms in place to quickly meet the ransom demands if you choose to.

"You don't want to be scrambling to pay, figuring out how to practically make this work," Bill Lenehan recalls from his own experience as CEO of Four Corners Property Trust. At 5:30 one morning, he received a text message from the company controller telling him there was a problem -- a short-term ransomware attack was spreading globally. "Our board chairman was out of the country, hours behind us, so what do I do as CEO? Would I pay, or not pay, do I need to inform my board, or just hurry to set up a Bitcoin account?"

The CEO and other staff should not have to make these decisions on the fly -- and if they do, it's the fault of the board, which didn't prepare in time. "Ransomware is not the fault of the CEO," notes Lenehan. "It's like a school snow day -- you have to set your decision policies in advance." (Lenehan also notes that his small company has a staff of 12, and is as far off the business news radar as can be -- yet hackers still found them).

No policy can mean inability to respond at all. At a major company whose board I had served on, we faced a short-term ransomware demand, and decided we had to pay. But the hackers demanded payment in Bitcoin, and the company didn't have a Bitcoin account. This took two days to set up -- by which time the deadline had passed. In the missed deadline experience I referred to, we were able to negotiate a compromise. We were ultimately able to decrypt our files.

Also, ask what you'll do if other problems crop up. In Europe, a recent Petya attack demanded payment to the bit-napper's Posteo email account. But before victims could comply, Posteo had blocked the mailbox.

Beware risks related to ransomware attacks on third-party affiliates. Ransomware is not just an internal danger. Even after you shape a sound emergency policy for your corporate response, what about the suppliers, customers and advisors you depend on? Lenehan tells of a ransomware strike, not at his company, but at a major law firm they were depending on to close a $20 million acquisition. "The lawyers got an email from IT early in the morning telling everyone not to turn on their laptops and check them in immediately." A pending deal was suddenly frozen solid.

What would happen at this very moment if one of your top vendor's or client's IT system instantly went dark for an uncertain period of time? Are they able to back up their information with systems completely walled off from the afflicted ones?

Fight hackers with unconventional warfare. Above, I noted the generic things a board can do to improve the technical odds of avoiding and fighting cyber mischief. Push IT to innovate outside its normal comfort zone. Third-party vendors like Optiv, SecureWorks, and Stroz specialize in penetration testing, 24/7 threat monitoring and ethical hacking. Your IT staff says they have the latest software updates and threat assessments? Good -- let's contract with outside experts who can make sure. The expenses involved should be modest and today are a basic cost of doing business. Want to drive a car? You need to buy insurance. Want to operate in today's digital world? Invest in outside cyber-expertise.

Check that cyber insurance coverage is adequate. Speaking of insurance, check your liability and other business policies when it comes to hacking damages and, specifically, ransomware costs. What sort of losses are covered, which aren't, how much could ransomware losses total, what compliance measures must you have in place, and what are disqualifiers? Also, how should your company decide on making a claim? (If you file a claim for a ransomware payment of $5,000, will your premiums shoot up by ten times that amount?) "If someone demands $350 in Bitcoin, it may be like when someone keys your car in a parking lot," notes Lenehan. "Rather than making a claim, you just get it detailed out on your own dime."

Ultimately, boards and management need to respond to a ransomware crisis the same way they respond to any company crisis. They must assure good response tools and plans are in place and functioning, that tough questions are asked, and that everyone knows their role. But for the board, ransomware prep demands an added step -- asking if they're ready to make a deal with the devil.


Betsy Atkins serves as President and Chief Executive Officer at Baja Corp, a venture capital firm, and is currently the Lead Director and Governance Chair at HD Supply. She is also on the board of directors of Schneider Electric, Cognizant, and a private company, Volvo Car Corporation, and served on the board of directors at Nasdaq LLC and as CEO and Board Chairman at Clear Standards.

Bill Lenehan is the Chief Executive Officer of Four Corners Property Trust, a real estate investment trust that owns over 500 restaurant properties. He is also on the board of directors of Macy's, the department store company. Prior experience includes board service at Darden Restaurants and Gramercy Property Trust, among others. He spent ten years as an investor at Farallon Capital Management.


The views and opinions expressed herein are the views and opinions of the author at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular company, industry or security mentioned herein and nothing contained herein should be construed as legal or investment advice.

Publication Date*: 9/20/2017 Mailto Link Identification Number: 1427
Frequently Asked Questions
  Board Members Must Open the Aperture Wider to Break the Silicon Ceiling by Betsy Atkins
Identification Number 1403
Board Members Must Open the Aperture Wider to Break the Silicon Ceiling by Betsy Atkins
Publication Date: July 20, 2017

Betsy Atkins, President and Chief Executive Officer at venture capital firm Baja Corp, is a veteran of 23 boards and 13 IPOs.

Changing any corporate culture is a challenge, but I've found bringing diversity to the tech industry is even trickier. Fast-growth "unicorn" companies can quickly outgrow their founding venture-based startup corporate governance and find themselves facing crises with too few adults in the boardroom.

Many reports assert women in technology industries still push against a silicon ceiling when it comes to career advancement and cultural issues. Research from the Society of Women Engineers found that 20% of today's engineering school graduates are women, yet just 11% continue working in the field. Women in IT leadership roles (such as chief information officers or technology vice presidents) are just 9% of the total, according to a recent survey from Harvey Nash and KPMG.

Today's board members should open the aperture wider in terms of their role. The days of a board's role being pure financial oversight was last millennium. This millennium, board members are expected to be an asset as well as an accelerant for the business. In my own experience, I've seen technology companies nurture diverse, inclusive cultures starting with a few one-on-one approaches from the boardroom.

Build internal career networks

At Volvo Car AB, where I serve on the board, we've launched a program where I regularly meet with senior and mid-level women executives on personal career development. We work with these women execs to build on their strengths, clarify their career aspirations, and offer advice on advancement. This is a new program, but it is already proving a success in energizing and motivating the paths of these current and future female leaders.

Group mentoring also harnesses networks and creates supportive environments where women managers and executives can brainstorm effective ways to promote diversity in the organization. According to a recent Harvard Business Review article about changing corporate culture, safe havens nurture cultural ecosystems that model what the organization can become in the future, while networks create coalitions that catalyze change.

Make mentoring personal

On the board of Schneider Electric, I make it a point to directly mentor one-on-one a number of women on the company's senior leadership team. I teach them to advocate for themselves, identify executives within their company who they can network with, build rapport with as their mentors and nurture those relationships into sponsorships.

Women in management may find it helpful to have someone in the boardroom take a personal interest in their career strategy and development. For example, at Uber, new board member Ariana Huffington is in an ideal position to put her mentoring and career savvy to work in helping rising women execs rebuild that company.

One key to a successful mentoring program is a regular ongoing coaching and support. In my experience, a good mentor/mentee match also requires synergy: a strong personal chemistry and an alignment of professional disciplines. I'm a passionate advocate of digital transformation and customer-centric processes, so I tend to mentor women executives who have roles and expertise in line with those disciplines.

Board members don't have to wait for CEOs to ask for mentoring of female executives. When I spot high potential women managers within the companies of the boards I sit on, I approach our CEOs and offer to help these women reach the next level in their leadership potential.

Go beyond mentoring to sponsorship

There is a big difference between mentoring—which is periodic advising and coaching—and sponsoring. Sponsors take a far more active role in helping individuals reach the next rungs in their careers. Women who are already senior managers or board members can kick mentoring up a notch by "sponsoring" women with high potential through career coaching, facilitating introductions to other executives and identifying and importantly, recommending them for new opportunities that will accelerate their careers.

Set a goal

According to the Harvey Nash/KPMG survey mentioned above, only 28% of small-cap companies have a formal diversity initiative in place, versus 72% of large-cap companies. For newer, smaller tech companies that are in hyper-growth survival mode, it's unlikely management will organically implement tactics that foster diversity of management. Hope is not a strategy.

If a company really wants to drive cultural change, a prescriptive diversity goal could be considered. That goal can be defined based on the values of the company, and may include gender diversity, ethnic diversity, age diversity, global diversity, etc.

Highly qualified female candidates ARE out there. I was the only woman on the board of HD Supply when I joined, and just three years later 23% of the board is female. I also sit on the board at Schneider Electric, where we set a goal of 40% gender parity on the board. Today Schneider Electric's board is composed of 38% women, so we have nearly achieved that goal in just 7 years. The Volvo board I sit on has 23% women. These companies all operate in industries traditionally thought of as "male-dominated," yet we were able to recruit highly qualified female board members without compromising one wit on the experience, talent and skillsets we were looking for.

Recognize when women make a difference

When I served as chair of the board's compensation committee at tech firm Polycom, we were active in the annual recognition event for sales staff. I noted that women were leaders in sales, making up less than 10% of the sales force yet 34% of our "President's Circle" top sales performers. Making an added effort to celebrate (and promote) this talent is crucial in sending the message that sales is not just a "guy thing" in the company.

The talents of women are a strategic asset to companies, and there is a growing body of research proving that firms who nurture and empower their gender diversity gain in revenues and stock performance. In any company, balance sheet results are always found downstream from company culture. When it comes to reshaping that culture to be welcoming to women, the boardroom is the ideal place to start.


Betsy Atkins serves as President and Chief Executive Officer at Baja Corp, a venture capital firm and is currently the Lead Director and Governance Chair at HD Supply. She is also on the board of directors of Schneider Electric, Cognizant and Volvo Car Corporation and served on the board of directors at Nasdaq LLC and at Clear Standards as CEO and Chairman.


The views and opinions expressed herein are the views and opinions of the author at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular company, industry or security mentioned herein and nothing contained herein should be construed as legal or investment advice.

Publication Date*: 7/20/2017 Mailto Link Identification Number: 1403
Frequently Asked Questions
  Reputation Risk and Opportunity Governance: A 5-Point Blueprint for Boards by Andrea Bonime-Blanc, JD/PhD
Identification Number 1364
Reputation Risk and Opportunity Governance: A 5-Point Blueprint for Boards by Andrea Bonime-Blanc, JD/PhD
Publication Date: May 2, 2017

Andrea Bonime-Blanc is the Chief Executive Officer of GEC Risk Advisory and Author of The Reputation Risk Handbook.

Reputation risk and opportunity management is the front line job of management – however, it is the job of the board to provide reputation risk and opportunity oversight for their company. And most boards don't even think about reputation risk until the crisis or scandal hits and their company's reputation, as well as their own personal reputations possibly, may be at risk.

In this article, we define reputational risk, identify recurring themes that were present in cases where reputation risk has gone wrong, and offer a high level five point blueprint for boards to oversee reputation risk and opportunity at their companies. Why do this? Because effective reputation risk management – just like effective enterprise risk management – is not only useful to mitigate losses and liabilities but also to build reputation opportunity and value with and from key stakeholders (customers, employees, regulators, etc.).

Reputation Risk Defined

Within the context of an organization (whether a company, a government agency, a university or a non-profit), reputation risk is a strategic risk that can amplify other underlying and related risks especially non-financial or ESG (environmental, social and governance) risks when those risks have not been properly identified, managed or mitigated. Here is a simple definition of reputation risk I offer in my book, The Reputation Risk Handbook:

Reputation risk is an amplifier risk that layers on or attaches to other risks – especially ESG risks – adding negative or positive implications to the materiality, duration or expansion of the other risks on the affected organization, person, product or service.

When one couples the notion of an amplifier risk with the notion of stakeholder expectations and impact, one can surely start seeing the gestalt of why reputation risk has both qualitative and quantitative dimensions.

Reputation Risk Management Gone Wrong

It is important to note a recurring theme throughout cases where reputation risk went wrong: something or some things did not work well within these companies in advance of the crisis and there are three critical topics that seem to appear in most of these cases:

  1. The Board did not have a proactive stance on effective risk oversight, let alone reputation risk oversight.
  2. The CEO/c-suite were not creating or supporting a culture of accountability and customer-centricity thus allowing for the erosion key stakeholder trust.
  3. The company itself does not appear to have effective risk management and/or views risk as a liability that happens to unlucky companies (instead of a manageable asset that also has embedded opportunity and potential value).

Why Good Reputation Risk Management and Oversight Matter

Reputation risk matters for worse and for better because it's what happens when the expectations of stakeholders – potentially a multitude of them – are missed, met or exceeded. Reputation risk acts as an amplifier and accelerator of an underlying risk that is not managed at all, poorly managed or is managed up to and possibly beyond the expectations of key stakeholders.

While stakeholder expectations can be characterized as being largely behavioral, emotional or intangible, what happens as a consequence of exceeding, meeting or missing stakeholder expectations is far from intangible:

  • An organization's meeting or exceeding its stakeholders' expectations can have neutral to positive qualitative and quantitative consequences.
  • An organization's missing its stakeholders' expectations can have negative consequences – both qualitative and quantitative.

Reputation Stakeholders

How well an organization understands and incorporates a qualitative assessment of its key stakeholders and their expectations is where the qualitative and quantitative dimensions of reputation risk meet: one does not make sense without the other and one feeds upon the other. The below chart from my book, The Reputation Risk Handbook, shows a range of some of the key stakeholders that organizations should be considering in such an assessment.

Outside Inside Graph 1

The bottom line is this: flying without a reputation risk net is tantamount to hoping for the best in a world full of challenges, risks, threats and (lost) opportunities. Adopting such a framework, in turn, provides the resilience needed for long-term survival and even out-performance as risks are managed and new opportunities are identified on the way to effectively managing reputation risk.

With these themes in mind, let's take a look at the five keys to successful ongoing board reputation risk oversight.

A Five Point Reputation Risk Governance Blueprint

Below is what I would consider to be the five key tasks of a board intent on overseeing reputation risk and opportunity effectively for their company:

  1. As an Amplifier and Strategic Risk, Reputation Risk should be on the Board Agenda Regularly. Reputation risk does not occur in isolation but in relation to other underlying risks. As such, reputation risk must be on every board agenda together with strategic and enterprise risk oversight.
  2. Boards Must Oversee Effective Enterprise Risk Management (ERM). Reputation risk cannot be properly understood, managed or supervised without robust underlying ERM that identifies all risks and allows related reputation risk to be properly gauged.
  3. The Board Must Know Who the Company's Key Stakeholders Are. Why? Because every stakeholder has expectations of a company's behaviors and results both financial and non-financial. If and when those expectations are not met, both qualitative and quantitative consequences will follow, most of them negative. The reverse is true as well: the better an organization understands, nurtures and tends to its principal stakeholders, the better off that organization will be when and if crises occur, with both qualitative and quantitative consequences, most of them neutral or positive.
  4. A Cross-Disciplinary Team of Company Experts Should Manage Reputation Risk. And it is up to the Board to understand from such experts – from the chief risk officer and head of public relations and communications to the general counsel and the audit executive. They are best prepared to understand the reputation risk of the company if they prepare accordingly. That team must also be synchronized with a proper and effective crisis management program.
  5. Reputation Risk is Directly Connected to Corporate Resilience, Opportunity & Value Creation. It is the board's role to ensure that the company and its management develop and implement resilience measures to counteract and mitigate material risk and to take advantage of risk opportunity – reputation risk oversight is a critical part of this process. The more prepared an organization is for its risks, the greater chance it will have to successfully manage the risk, associated crises and value opportunities.

For more information and case studies, readers should go to the thought leadership page of the GEC Risk Advisory website.


Dr. Andrea Bonime-Blanc is CEO founder of GEC Risk Advisory and a global governance, risk and value creation strategist. Her firm specializes in governance, risk, ethics, compliance, corporate responsibility, reputation and crisis advice to the private, public, governmental and non-profit sectors worldwide. She is author of The Reputation Risk Handbook and Emerging Practices in Cyber-Risk Governance and has been consistently recognized by Ethisphere as one of the "100 Most Influential People in Business Ethics." In 2017, she was appointed Ethics Advisor to the Financial Oversight and Management Board of Puerto Rico, created by the U.S. Congress to oversee the restructuring of the Puerto Rican economy. She tweets @GlobalEthicist and writes the Risk2Value Blog.

The views and opinions expressed herein are the views and opinions of the author at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular company, industry or security mentioned herein and nothing contained herein should be construed as legal or investment advice.

Publication Date*: 5/2/2017 Mailto Link Identification Number: 1364
Frequently Asked Questions
  Seven Steps to Implementing Board Oversight of Sustainability by Sandra E. Taylor
Identification Number 1324
Seven Steps to Implementing Board Oversight of Sustainability by Sandra E. Taylor
Publication Date: February 21, 2017

Sandra Taylor is the CEO of Sustainable Business International LLC and a pioneer in the field of sustainability. She has helped many major brands including Starbucks and Eastman Kodak, develop and implement global corporate social responsibility strategies.

Many corporate CEOs and investors have accepted the premise that sustainability issues are material to the long-term success of any business. Effective management of social and environmental risks can improve business performance and produce tangible results. These can include more reliable availability of essential natural resources, significant efficiency gains, reduced transaction costs and access to new capital. The concept of sustainable business seeks to combine environmental and social improvements with financial success.

Investors are increasingly focusing on the role that corporate boards play in overseeing material sustainability issues as a part of their fiduciary responsibility. Between 2010 and 2014, over 250 shareholder resolutions were filed calling for explicit board oversight of sustainability issues. During 2016 alone, 370 proposals were filed related to environmental and social issues, making sustainability the "fastest growing cause for shareholders." Now is the time for boards of directors to protect and promote shareholder interests by adopting and overseeing a corporate sustainability strategy.

Integration of sustainability into key business initiatives, risk management and compliance are all consistent with corporate governance standards. Here are seven key areas when implementing board oversight of corporate sustainability efforts:

1. Start at the beginning and determine materiality.

As a starting point, boards should define what sustainability means for the company by conducting a materiality assessment. The risks posed and opportunities created by the shift towards greater sustainability present companies with complex, multi-dimensional, and sometimes interconnected issues. By developing a robust understanding of what issues are material to their operations, the environment and communities, companies can better prevent or mitigate these risks and gain access to these opportunities.

However, materiality in the sustainability context is not simply about reporting or disclosure. The materiality determination should reflect the organization's significant economic, environmental and social impacts, and stretch far beyond just the production of a sustainability report: it should also touch on the company's overall strategy, risk management, relationships, communications and even the design of products and services with sustainability impacts in mind.

Just as the board oversees or approves sales and financial targets, it should also approve targets (both long-term and short-term) for the company's sustainability performance that can attain the same level of value and influence as other key elements of business performance by driving profitability, innovation and engagement.

In terms of sustainability reporting, there remain questions regarding whether sustainability report issuers, and investors as report users, identify the same topics as material. SASB is an effort to bridge that gap. SASB standards are designed to determine those environmental, social, and governance topics that are reasonably likely to have material impacts on the financial condition or operating performance of a company. SASB is able to identify and standardize disclosure for the sustainability topics that are most important to investors—those that are reasonably likely to have material impacts on companies in an industry.

2. Focus on the supply chain.

Of all the strategies, integrating sustainability into the supply chain and ethical sourcing may be the most critical. Ethical sourcing means ensuring that the products being sourced are created in safe facilities or under safe conditions for workers who are treated well and paid fair wages to work legal hours. It also means that the supplier respects the environment during the production and manufacture of the products.

3. Be innovative.

Rather than approving projects and then asking how the product, feature or service can be developed and delivered more sustainably, the board should add a sustainability lens (through scorecards, lifecycle analysis and indices) at decision-making points, ensuring sustainability is factored in before any go/no-go decision. The board should ensure that environmental sustainability and social responsibility values become important screens that are included in the company's most senior hiring decisions and enterprise risk management framework, and considered when approving major decisions like capital projects, new business lines, mergers and acquisitions, new product launches and expansion into new geographic markets.

4. Be the impetus.

Through their core duties related to setting strategic course, audit and monitoring, and their long-term perspective, boards are uniquely positioned to ensure the full integration of sustainability into business strategy and practices. Integration means incorporating sustainability into the business strategy so that the business model itself creates social and environmental value in addition to financial value. In other words, by the very act of succeeding as a business, a company creates greater value for society and the environment.

Boards and senior management should ensure that corporate responsibility and sustainability are embedded into every part of the business, including planning, strategy, operations, marketing and human resources. Board compensation committees should incorporate sustainability priorities into both the recruitment and remuneration of executives and identify the most relevant and stretch targets to influence executive performance. A simple way to achieve this is to appoint a Chief Sustainability Officer (CSO) for the company who is part of the senior executive team and involved in all decision-making in much the same way as the General Counsel and Senior HR executive, including regular interaction with board committees.

5. Measure outcomes.

Once the company develops a sustainability strategy and policy, it then must identify major performance aspects, establish objectives, select specific indicators and metrics, and commit to achieving specific targets. Ideally, progress should be benchmarked against a set of time-bound, measureable goals laid out as part of the overarching strategy and publicly disclosed. For example, management systems should measure progress and provide assurances that the sourcing strategy a company pursues is delivering the intended results.

It is critical for the board to track performance, oversee reporting and set clear expectations for improving performance. Establish internal performance, communication, incentive and measurement systems for all sustainability goals and conduct quarterly business reviews. Boards should also set short and long-term sustainability targets — just as they do for financial targets — and ensure that the company's sustainability strategy and performance are communicated at annual meetings and investor roadshows.

6. Be transparent.

Transparency is about reliable indicators of sustainability progress and honest communication with various stakeholders about policies, practices and progress, including formal external reporting. Whether an organization chooses a full-scale corporate responsibility report, following Global Reporting Initiative (GRI) guidelines, delivers a CSR report directed at consumers and community groups, or simply communicates progress on its website, external communication is critical to gaining consumer trust.

Reporting plays a pivotal role in communicating these management actions to a variety of stakeholders. Boards should review and approve disclosure of the company's sustainability performance in mandatory and voluntary reporting. GRI Sustainability Reporting Standards are the world's most trusted and widely used standards on sustainability reporting.

7. Align board structure and composition.

In a UN Global Compact-Accenture CEO study in 2010, 75% of CEOs reported that their board of directors take an active role in overseeing sustainability issues. However, when Ceres analyzed 613 of the largest publicly-traded U.S. companies in 2014, only 32% oversaw sustainability at the board level. Some notable international companies have established a stand-alone sustainability committee of the board, including Ford, Roche, Nike, Lockheed Martin, Monsanto, McDonalds, Coca-Cola and HSBC.

Board oversight can take several forms. In some companies the role is combined with the governance committee. This combined committee supervises compliance of internal business principles and principles of behavior with respect to legal as well as safety and environmental matters, diversity and also oversees the preparation of the sustainability report.

The type of committee is less important than the scope and ambition of its mandate, which should include company-wide oversight on issues such as climate change, human rights, sustainable supply chain management, health and safety, as well as sustainable products and services. Nike provides board members with regular training and education on key sustainability issues. This education promotes a more strategic, long-term approach to the board's overall assessment of the company's business performance.

Companies should actively seek to recruit directors with relevant knowledge and expertise – including executives from corporations with a sustainability track record or topical experts coming from specialized positions in business. Ceres found that only 19 percent of directors serving on board sustainability committees of large U.S. companies have discernible expertise in relevant issues. Even if there is just one board member with relevant expertise, he or she may be able to significantly improve the quality of the board's deliberations and, over time, improve the understanding of sustainability among other directors.

Sustainability is a proxy for good governance. Shareholders and other stakeholders look to board engagement as an indication that sustainability risks and opportunities are adequately dealt with at the highest level.

Sandra E. Taylor is the CEO of Sustainable Business International LLC and served on the Sustainability Committee of DE Master Blenders NV of the Netherlands and the Compensation Committee of Capella Education Company. Sandra previously served as the senior vice president of corporate social responsibility for Starbucks Coffee Company and the vice president and director of public affairs for Eastman Kodak Company.

The views and opinions expressed herein are the views and opinions of the author at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular company, industry or security mentioned herein and nothing contained herein should be construed as legal or investment advice.
Publication Date*: 2/21/2017 Mailto Link Identification Number: 1324
Frequently Asked Questions
  Sustainability Meets Integrity By John H. Stout
Identification Number 1307
Sustainability Meets Integrity By John H. Stout
Publication Date: January 18, 2017 

 John H. Stout is a partner at Fredrikson & Byron in Minneapolis where he Co-Chairs the Corporate Governance Group and Chairs the Business Sustainability and Social Responsibility Group.

"Business sustainability" has become an important addition to board/management discussions in recent years. While the term "sustainability" has long had environmental implications, sustainability has become an umbrella for many topics, including agriculture, food, deforestation, energy resources, various human rights issues, carbon and other emissions comprising a global concern for meeting society's current interests and needs in a manner which does not compromise the interests and needs of future generations and is protective of the planet. "Business sustainability" focuses on a company's ability to conduct its activities and build shareholder value over the long term, balancing the need for short-term results while adapting business strategies and operations to assure long-term value creation consistent with sustainable business practices. Inherent in meeting these challenges, companies are required by law to maintain a culture that embraces ethical values and legal compliance.

Issues with corporate conduct have been with us since corporations became a recognized means of amassing capital for a business activities while at the same time limiting the risk of those who provided the capital and conducted the business activities. However, in the late 1900s and early 2000s, from Enron to the present day, the challenges of business misconduct, and failures of business integrity, have attracted the media, the courts, regulators, and lawmakers. Sarbanes Oxley was passed in the wake of Enron and the many corporate failures occurring at that time. Dodd Frank was passed following the financial crisis precipitated by widespread misconduct in the financial services industry. Currently, as we experience the misconduct of Volkswagen and Wells Fargo, it is clear that the promotion of corporate integrity defies legislative and regulatory solutions. What's needed is a redoubling of board and management initiatives to focus on achieving a high standard of corporate integrity on which a company's shareholders and many other stakeholders can safely rely.

Integrity is the foundation on which sustainable businesses must be built. Without integrity as the fundamental principle, there can be no sustainable business, there will be no culture of ethics and legal compliance. What shareholders and other stakeholders most need from boards of directors, as the governing bodies of the companies serve, is the assurance of their companies' integrity. Specifically:

  • That the company has a clear business mission and values formed on balancing short-term performance with long-term enterprise sustainability, adaptability, viability, and performance.

  • That the company's business model is sustainable and that the long- and short term risks and opportunities which accompany that model have been carefully vetted by the board, and that its strategic plans, operating plans, and business conduct embrace the governance, ethics, environmental, energy, and social practices essential to long- and short-term value creation and performance.

  • That the company's financial and nonfinancial reporting has integrity, and can be clearly understood and relied on by those responsible for assessing, financing, working for, and doing business with the company.

  • That the company's public disclosures and the comments of senior management and the board have integrity and are reflective of the true state of the company's values, business activities, and financial and nonfinancial results.

  • That the company's CEO, selected, compensated, and regularly evaluated by the board, and the senior management team engaged by that CEO, would above all of their responsibilities, see that the company's affairs are conducted in a manner which serves rather than detracts from, the company's integrity and reputation.

  • That the compensation and perks awarded to board members and senior management, which directors alone approve, will not in actuality or perception, corrupt their judgment, compromise their independence, corrupt the company's culture, or otherwise detract from the company's integrity and reputation.

  • That the company's compensation and incentive plans for non-management employees and those doing business with the company will promote rather than corrupt ethical conduct on the part of all employees, suppliers, and customers.
  • That directors and management will avoid actual or perceived conflicts of interest which would detract from the integrity of the company and its governance.

  • That management has in place compliance systems and procedures that will provide warnings of activities that would threaten the integrity and sustainability of the company, proactively overseen by the board, and when warnings come that management and the board will investigate the issues fully, independently, and without compromising restrictions, use the results to transparently address issues and needed corrections.

The bottom line of a sustainable governance system and sustainable business conduct, is that the company's ultimate authority, i.e. its board of directors, is proactive and vigorous in taking responsibility for the company's integrity. From Enron to Volkswagen and now Wells Fargo, many of the corporate scandals occurred because boards failed to take responsibility for the company's integrity, long-term value creation, and ultimate sustainability. The directors apparently did not see the company's integrity as an extension of their own, and ultimately this is a critical point.

Given that boards are responsible for overseeing and assuring the development and maintenance of a culture of integrity, ethics, and legal compliance they must be proactive in the use of the tools at their disposal for this challenging task. Key among these tools are:

  • Recommending the election of capable directors, persons known for their integrity, ethics, commitment to legal compliance, and understand that these are critical elements of a sustainable company; persons who understand what it means to be a fiduciary and their fiduciary duties; persons who are knowledgeable about governance and oversight and possess the skills, time, energy, judgment, leadership, and courage to effectively discharge their responsibilities. Everything starts with board composition.

  • Periodically refreshing the board with directors having a variety of skillsets, including an awareness of contemporary subjects applicable to the company, its shareholders and other stakeholders such as cyber risk, social media usage, and business sustainability and social responsibility.

  • Selection of independent board leadership with the knowledge and skills to assist the board in meeting its responsibilities.

  • Selection, compensation, and evaluation of a CEO known to be ethical, and screened for past integrity, legal and ethical issues, who is experienced and committed to building and maintaining a corporate culture of integrity, ethics, and legal compliance, and has demonstrated an ability to balance short- and long-term value creation and performance.

  • Periodic independent assessment of the company's culture, ethics, values, compliance with laws and regulations, and effectiveness of training programs designed to instill appropriate corporate values, familiarize employees with the company's expectations as to ethics, compliance, and integrity, as well as systems designed to test the effectiveness of those training programs.

  • Recognizing that in every company there is an enterprise-wide culture and many subcultures, including the boardroom culture, the board/management culture, and cultures within subsidiaries, divisions, and workgroups. It is important to harmonize these cultures with the overall enterprise culture and values and to assess the degree to which that has occurred.

  • Periodic one-on-one interaction with key senior executives and mid-level managers, internal and external auditors, compliance personnel (particularly those responsible for company hotlines and complaint gathering systems), key group and division leaders, internal and external legal counsel, and the executive in charge of human resources, to gain insight into the company's culture, and the elements of integrity, ethics, and legal compliance.

  • Assurance that management has in place processes and procedures for preventing and detecting integrity lapses, ethical issues, and violations of laws, regulations, company governing documents, including codes of conduct and other company policies, and for assessing risk and risk mitigation followed up with oversight over, and periodic assessment of, the efficacy of those processes and procedures.

  • Oversight over the evaluation, hiring, firing, and compensation of employees who are key to assessing, shaping, and managing the corporation's financial reporting, legal resources, human resources, risk assessment, ethical and legal compliance environment (e.g., the CFO, controller, internal auditor, risk manager, investment relations officer, internal counsel, heads of human resources and information technology/security, and person in charge of sustainability matters). Periodic one-on-one interviews with these individuals are an essential board/committee assessment and oversight tool.

  • Engagement by the board of independent auditors and compensation consultants, as well as oversight over management's engagement of outside legal counsel and other key advisors to assure that the loyalty of these advisors is to the company, the board and not primarily to the personnel of the company who engaged them, and confirming that they recognize their responsibilities to the board and its committees and their roles in enhancing the effectiveness of the board and its committees.

  • Periodic engagement of independent third parties to advise the board and its committees on matters with respect to which the board requires a "second opinion" or advice from a source which is not regularly engaged to serve the company under management's direction.
  • Use of tools such as business intelligence and balanced score carding to assist with monitoring the company's operations.
  • Use of corporate and outside investigatory and research resources to scan the backgrounds of key people and companies which the company is engaging directly or as outside vendors.

  • Engagement with management in vigorous, candid dialogue regarding strategy, opportunities, operations, sustainability issues and risks, and rewards associated with the same, and seeking dialogue with various management personnel regarding concerns about corporate direction.

  • Constantly seeking to understand risks, paying attention to warnings, and confronting problems promptly and forthrightly. Policies and procedures for assessing and monitoring risks are essential and directors must assure that they are in place and functioning well. Warnings need to be heeded and promptly investigated. Investigation means a thorough effort to obtain all relevant information using independent resources where necessary to assure objectivity. History, including Volkswagen and Wells Fargo, provides ample lessons of the disastrous consequences of cover-ups and understanding financial and nonfinancial impact once a problem is discovered.

  • Monitoring the company's public disclosures and management comments for integrity and reputational impact, as well as credible third party commentary regarding the company, its goods and services, the performance of and conduct of its key people, and its reputation for business conduct and integrity.
  • That the public disclosures by the company, and comments of senior management and the board regarding material company affairs have integrity.

Key to markets for talent, goods and services, investment, financings, corporate transactions, and ultimately the sustainability and long-term value creation of companies, is the integrity of the company, the goods and services it produces, and the information it provides, and the people it employs. Serious lapses in corporate integrity have resulted in substantial, sometimes tragic, financial and nonfinancial consequences for employees, vendors, customers, financing parties, shareholders, and other stakeholders. Boards must redouble their efforts to assure the integrity of the companies they govern. Ultimately, the sustainability of our free enterprise system depends on it.


This article originally appeared in the December 2016 edition of Business Law Today, a publication of the Business Law Section of the American Bar Association.

The views and opinions expressed herein are the views and opinions of the author at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular company, industry or security mentioned herein and nothing contained herein should be construed as legal or investment advice.

Publication Date*: 1/18/2017 Mailto Link Identification Number: 1307
Frequently Asked Questions
  Making Sustainability Reporting Work for Investors and Companies by Alan L. Beller
Identification Number 1228
Making Sustainability Reporting Work for Investors and Companies by Alan L. Beller
Publication Date: July 27, 2016

I became Director of Corporate Finance at the SEC in January 2002, in the immediate aftermath of the Enron accounting and auditing failure and bankruptcy, and most of my first 18 months at the SEC were spent on financial reporting, audit committees and the like. Even then, however, others at the SEC and I were convinced that, in the 21st century, financial information doesn't provide a complete picture of corporate performance. We sought, with limited success mostly due to lack of bandwidth and a practicable plan for moving forward, greater emphasis on operating metrics and other forms of non-financial disclosure.

Investors agreed with the efforts then, and they agree even more violently today. In a 2015 CFA Institute survey, 73 percent of institutional investors indicated that they take sustainability (environmental, social, and governance) issues into account in their investment analysis and decisions, to help manage investment risks.

Notwithstanding the title of a recent book regarding the future of accounting, excerpted in the Wall Street Journal, accounting is not dead, and financial information and analysis remains critically important. However, investors need better disclosure in respect of sustainability matters, and under current reporting systems companies have the ability to provide what investors need. The SEC has acknowledged the need for disclosure to evolve in this area. In its long-awaited recent Concept Release regarding disclosure effectiveness, currently open for public comment, the SEC asks "which, if any, sustainability and public policy disclosures are important to an understanding of a registrant's business and financial condition and whether there are considerations that make these disclosures important to investment and voting decisions."

These questions bring companies and investors to an inflection point, whether or not the SEC expeditiously takes the next steps towards disclosure effectiveness. Investors want and already receive disclosure regarding sustainability and related matters through a variety of channels. Companies already provide such information, through SEC disclosures, websites, sustainability reports and questionnaires. What is needed now is a pathway to make sustainability reporting more cost-effective for companies and more decision-useful for investors. In particular, for companies sustainability reporting is already reality. The full-stretch ostrich position of ignoring it and hoping it will go away, to which some companies still seem committed, will not work. What is necessary is implementation of robust and effective governance around sustainability disclosure and effective engagement with investors, as well as other stakeholders.

As noted above, companies currently report sustainability information in a variety of channels, including the periodic reports and offering documents filed with the SEC, sustainability reports, and investor questionnaires. However, standalone sustainability reports lack standardization and comparability and in at least some cases reflect insufficient attention to existing regulatory requirements. The generalized requirements followed for some of these reports also result in both companies and stakeholders spending time and focusing attention on unimportant information. Investor questionnaires raise their own issues. Questionnaires follow different formats and seek information in non-standardized ways, and information made available to an investor may differ from that provided by the company through other channels or to another investor. This disharmony of information is not good for a company, and if there is differentiated or selective disclosure of information that is in fact material under the federal securities laws, a company's practices may run afoul of the SEC's Regulation FD (Fair Disclosure). This current situation provides ample evidence that companies need effective governance around the sustainability disclosure choices that they are making now.

A critical area of focus for governance and engagement involves disclosure in a company's filings with the SEC, including the annual report on Form 10-K (or for foreign companies registered with the SEC, Form 20-F). This is the appropriate channel for disclosure of improved sustainability information to investors within the framework and requirements of the federal securities laws, and it is the one in which my principal expertise lies.

Other disclosure efforts, including those aimed at other stakeholders, should be considered as complementary to and not competitive or conflicting with the decision-useful disclosure that investors deserve under the securities laws. Continuing investor and other stakeholder engagement with companies regarding sustainability disclosure is not inconsistent with the efforts of SASB, described below, to use the existing legal framework and its standard-setting to ensure disclosure of material sustainability information in SEC filings. Neither should these other activities delay or prevent the accomplishment of SASB's mission to make these material disclosures in SEC filings a reality.

Regulation S-K and analogous SEC disclosure regulations, which set forth the specific disclosure requirements associated with Form 10-K and other SEC filings, contain principles-based requirements that call for disclosure of both current and forward-looking information. As the SEC noted in its 2010 guidance regarding disclosure related to climate change, certain sustainability information should be disclosed under existing SEC rules. A lot of good sustainability disclosure requires careful analysis and disclosure of matters as they exist today. At least as much requires similar careful analysis and disclosure of forward-looking information, or how tomorrow is reasonably likely to turn out in respect of material matters, based on what is known today. In particular, Item 303 of Regulation S-K requires that companies describe known trends, events, and uncertainties that are reasonably likely to have material impacts on their financial condition or operating performance in the so-called Management's Discussion and Analysis sections of their annual and quarterly reports and securities offering documents. Similar requirements exist for non-US issuers registered with the SEC in their annual reports and offering documents filed with the agency.

Because of these requirements, companies often include sustainability information in SEC filings. SASB's research shows that information regarding 74 percent of SASB disclosure topics is already being disclosed in companies' annual reports on Form 10-K. However, currently these disclosures are only rarely presented in a manner that is decision-useful for investors. More than 40 percent of all disclosures on sustainability topics contain boilerplate language: broad, generic, nonspecific wording. Current sustainability disclosures in SEC filings do not provide investors with comparable, industry-specific data with which to evaluate and compare performance.

Disclosure of performance on sustainability topics that would be decision-useful to investors and cost-effective and sensible for companies and that would be equal to the quality that markets expect for financial information—can best be accomplished via a clear focus on material information and on an industry-specific market standard. Just as the markets have a standard for material financial information—US GAAP—the markets need a standard for material sustainability information.

This is the need SASB was created to address. SASB standards are designed to help companies effectively disclose material sustainability information and comply with regulatory obligations, working within the framework of existing U.S. securities laws. SASB's provisional standards have been developed, and SASB is embarking on a project to make the provisional standards final, in both cases through processes that are designed to produce standards that are cost-effective and decision-useful, and to embody in those standards industry-specific sets of disclosure topics and metrics that are reasonably likely to constitute material information for companies in that industry. SASB seeks to incorporate by reference metrics already in use by industries where it concludes that is practicable.

In order to move from boilerplate disclosure to metrics, companies will need to strengthen their governance and internal controls and procedures, as well as procedures for independent assurance. However, accepted improved disclosure on material sustainability factors will have benefits for companies. First, they will reduce the cost and burden of the plethora of varied shareholder resolutions and questionnaires that will be the most likely alternative to market standards. Second, there is some support in recent academic research that suggests that by focusing on the limited set of sustainability related risks and opportunities identified by the SASB standards—those reasonably likely to have material impacts—companies can achieve superior results, including return on sales, sales growth, return on assets, and return on equity, in addition to improved risk adjusted shareholder returns.

In addition to improving the quality of sustainability disclosure in their SEC filings, companies need to ensure their description of material information is consistent across corporate communication channels. For example, 81 percent of the S&P 500 companies now produce stand-alone sustainability reports, designed for a broad range of stakeholders. These reports often describe matters as "material" but in some cases use that term more loosely than is the case under federal securities laws. The inconsistent characterization of information as material across corporate communications channels within a company may present legal, reputational and operational risks and itself calls out for more robust governance. Significant issues arise as a result of inconsistent characterization of information as material among companies in an industry.

The SEC's disclosure requirements including Regulation S-K already exist. To make sustainability reporting work better for companies, we need a market standard and a commitment by companies to embrace that standard. A market standard for sustainability information should reduce the pressure for additional regulation and the current practice of scattershot disclosure. It should also level the playing field, so that no one company in an industry is required to say materially more, or less, than another. Lastly, it will reduce the uncertainty around what is material, and maybe even drive competitiveness by helping companies improve performance on the most important issues for their industry.

Alan Beller is a Senior Counsel at Cleary Gottlieb Steen & Hamilton LLP in New York and a Board Director of the Sustainability Accounting Standards Board (SASB). He is a former Director of the Division of Corporation Finance and Senior Counselor to the Commission at the SEC.

The views and opinions expressed herein are the views and opinions of the author at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular company, industry or security mentioned herein and nothing contained herein should be construed as legal or investment advice.
Publication Date*: 7/27/2016 Mailto Link Identification Number: 1228
Frequently Asked Questions
  Taking Your Proxy Statement from Good to Great by Ron Schneider
Identification Number 1292
Taking Your Proxy Statement from Good to Great by Ron Schneider
Publication Date: December 8, 2016 

This article was written by Ron Schneider, Director of Corporate Governance Services with Donnelley Financial Solutions.

Companies are constantly innovating and pushing the boundaries of traditional proxy statement disclosure, inspiring others about what can be accomplished. Proxy innovations should align with a company’s corporate culture and support business, corporate governance, and proxy solicitation goals. Donnelley Financial recently published its 2016 Guide to Effective Proxies that is intended as a tool to help inspire and guide companies in improving the visual appeal and clarity of their proxies, as well as develop a style and format that is right for their organization.

There is no one perfect proxy or CD&A that all other companies should emulate; rather, there are many excellent proxies that work well for their companies at particular points in time. Even these successful proxies must evolve, as performance changes from year to year, areas of investor focus shift, and the key messages companies wish to highlight change.

The best place to start when refreshing the proxy is ensuring you know your audience.

Understand that different investor types read and “use” proxies differently.

For retail (i.e., individual) or employee investors – it’s a reading document. The printed and mailed proxy is the most effective and proven way to maximize retail voting participation. For employee shareholders, electronic reminder notices and follow up campaigns can be effective in generating voter turnout.

For most institutional investors – it’s a reference document. The larger institutional investors that have dedicated corporate governance, engagement and voting teams report that they use proxy advisors as screening tools, along with their own internal policies and review. These institutional investors then use proxies as reference documents. If your company is flagged by a proxy advisor or investor on an issue, that investor will likely do a deeper dive into your proxy before voting to see what you are saying about the issue. Here, navigation is critical as the investor will want to find the section or topic quickly. In this case, what’s written needs to be clear and compelling if it is to help that investor “get to ‘yes’” and support you.

Many of the larger institutional investors access online versions of the proxy – but where? Our research shows that ISS’s voting site is the top destination of major investors, and this may well continue with ISS’s recent purchase of iiWisdom, a creator of enhanced online proxies. In advising clients, we first focus on the filed and printed version of the proxy. We then ask: What else do you want to do with the enhanced online proxy, whether through a company-branded hosting site, additional color (which doesn’t cost more in a digital environment), enhanced navigation, links to videos and other interactive features?

Know the top areas of investor focus.

Through our primary research with institutional investors about their use of proxy statements, Donnelley has confirmed that the top areas of institutional investor focus are:

  1. Boards – Their independence, skills and qualifications, diversity, tenure and refreshment.
  2. Performance metrics – How do pay plans work, and does “pay support strategy”?
  3. Pay for Performance Alignment – Do you connect how you pay executives with how they and the company have performed or do you let proxy advisors and others tell this story for you? Perceived Pay for Performance disconnects are a primary driver of negative Say on Pay votes.
  4. Peer Companies – How are peers used and selected? What is the rationale for changes from year to year? Are the majority of peers size-appropriate for your company?
  5. Engagement – If you conduct regular engagement with investors, are you taking sufficient credit for this practice? You want to make sure others you haven’t or can’t engage with are aware of your efforts.

Engage with investors to develop relationships and understand informational needs.

Engagement in this context is defined as company (management, board or both) interaction with the governance teams and proxy voters at institutional investors, especially outside of proxy season when you are “chasing the vote.” These conversations typically involve relationship building, learning about investor views, hot-button issues and informational needs, as well as clarifying important aspects of the company’s story.

This engagement over governance and compensation issues typically supplements the traditional IR dialogue about company strategy, performance and outlook.

Many of our clients report that such outside-of-proxy-season (or post-meeting) engagement has been instrumental in helping them better understand how investor informational needs are not bounded by SEC disclosure requirements. It also helps them sharpen and target their messaging accordingly, helping investors better understand their companies and why they make the decisions that they do. Clearer proxy messaging helps secure investor support and also can mitigate the impact of inevitable negative proxy advisor recommendations.

Understand the relationship between content, navigation, design and context.

Content is key, as your content reflects the reality of your company, your practices and how you tell your story. Design can help make content more visible and impactful, but you can’t design your way out of a weak story. Efforts to do so likely will be seen through, which can damage your credibility and reputation.

Ease of navigation is critical, particularly for institutional investors and others using the proxy as a reference document. Not all readers gravitate to the same sections or topics for all companies they own. If you are satisfied that your content adequately and effectively tells your story, why not make it easily located and accessible? In other words, why risk key content being missed and overlooked? Navigational tools include detailed Tables of Contents, CD&A roadmaps, clear section headings and sub-headings, and page headers and footers. Online proxies should feature hyperlinked tables of contents, drop-down menus, key word search functions and other features that promote rapid and easy navigation.

Design should support the messages, and can include company-specific branding (such as branded document covers, enhanced navigation systems, page footers and web-hosting sites), as well as visual elements that by definition draw the reader’s eye and make key points quickly and impactfully.

  • When you are discussing performance achievements, why not use graphics?
  • When discussing peer companies or performance metrics, why not use a tabular format?
  • When discussing governance and compensation practices, why not use a checklist?
  • When discussing a process such as pay-setting, succession planning or investor engagement, why not use a timeline?

We’re not suggesting that every page has to feature visual elements, but increasingly, long passages of dense text risk losing readership and retention. At Donnelley Financial, we believe in “design with a purpose” as opposed to “design for design’s sake.” In other words, design can and should support and reinforce key messages and ease of location.

Context is crucial to helping investors understand and appreciate your governance and compensation programs and why they are appropriate for your company. For example, the SEC does not require companies to explain how pay supports strategy, yet that is the number one question investors have about executive compensation. Context is particularly important if you have certain practices that may not be considered standard or best practice, yet believe are appropriate for your company and thus its efforts to generate shareholder value.

Also, consider the fact that most of the proxy voters at larger institutional investors are not portfolio managers who are experts about your industry and company, but rather are governance and compensation generalists. They do wish to cast thoughtful, company-specific votes on many issues, but lack the time and resources to do in-depth research including reading the annual report, your IR website or analyst research reports. For this reason, we are seeing more companies spoon feed some business context within the proxy statement. Often this context and content are borrowed from the annual report cover letter or MD&A, or company investor relations messaging. This business content often is contained in a robust CEO or board cover letter, proxy summary or CD&A summary.

“I know my proxy is in need of a refresh, but where should I start?”

We hear this daily from clients.

Engage: First, if you haven’t yet engaged with your larger investors on corporate governance, compensation and other proxy-related issues, start developing those relationships now. During this process you may receive some valuable feedback on the quality and clarity (or lack thereof) of your current disclosures. If you are not ready for that step, review our latest survey of institutional investors about proxy statements, titled “Deconstructing Proxy Statements – What Matters to Investors.” By reading the survey data, you will get a better idea how institutional investors consume proxy statements and what can make your proxy more useful to them.

Benchmark: In addition to the governance leader companies whose proxies we may admire and even envy, take a look at the proxies produced by your peers. Your investors may own many of your peers, and they may compare the quality and clarity of their disclosures to yours. Do you appear to be making an equal effort to communicate clearly and help investors understand your company and actions?

Incremental refreshment: Remember that proxy evolution is often just that – an evolutionary process that initially takes two to three years before achieving your ultimate goal. Even then though, your philosophy should not be “set it and forget it,” since performance, investor interests and the key messages you wish to highlight may vary from year to year.

Specific areas in which we have helped clients begin a process of proxy improvement:

  • Modernize the document’s look and feel with a company-branded cover page, clearer fonts, and improved navigation via a robust table of contents and page headers and footers.
  • Add a new proxy summary at the beginning.
  • Highlight aspects of board diversity and skills via diversity graphics, and various types of skills matrices (both traditional, check-the-box matrices as well as “matrix-lite” versions that highlight board skills without naming which directors possess those skills).
  • Update and make the CD&A more visual and layered in its disclosure flow.

Start with a couple of these points one year, and then add another one or two more each subsequent year. Simply by making incremental improvements, you may be amazed at how far you will progress in just three years’ time!

Download Donnelley Financial’s 2016 Guide to Effective Proxies >>


Ron Schneider is Director of Corporate Governance Services at Donnelley Financial and can be reached at

Donnelley Financial helps thousands of companies deliver accurate and timely business communications to investors, regulators and other stakeholders on our global delivery platform. A single point of contact helps you stay on top of the dynamic regulatory landscape and create, securely store, localize, analyze and disseminate critical business content for regulatory compliance, capital markets transactions, shareholder communications and language localization.

The views and opinions expressed herein are the views and opinions of the author at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular situation and nothing contained herein should be construed as legal advice.
Publication Date*: 12/8/2016 Mailto Link Identification Number: 1292
Frequently Asked Questions
  Outdated, Inefficient and Misused – It’s Time to Fix the Shareholder Proposal Process by John Hayes
Identification Number 1276
Outdated, Inefficient and Misused – It’s Time to Fix the Shareholder Proposal Process by John Hayes
Publication Date: October 31, 2016 

John Hayes is the Chairman, President and Chief Executive Officer of Ball Corporation, and Chair of the Business Roundtable Committee on Corporate Governance.

America’s business leaders these days are highly focused on advancing the economic interests of the United States and the overall economic climate in which our companies operate. In particular, we strive to create long-term value, good-paying jobs and innovative products and services for shareholders, workers and consumers that, in turn, lead to demand creation for our products and services.

Unfortunately, the attention and focus of senior management at U.S. public companies is strained by an outdated system that needs reform: the process for submitting shareholder proposals.

Originally designed to replicate attendance and participation by shareholders at corporate annual meetings, the Securities and Exchange Commission (SEC) Rule 14a-8 is an important component of good corporate governance in the United States. Over time, however, the process has been misused by a small number of individuals – with often de minimis stakes in companies – who file common proposals at an array of corporations.

For example, during the last four years, only three shareholders and their families accounted for more than 70 percent of all proposals submitted by individuals to Fortune 250 companies. Many of these proposals do not promote the creation of long-term value for the economic benefit of shareholders. As a result, 92 percent of non-management proposals were voted down by shareholders this year.

How does such a small group dominate shareholder submissions? The eligibility threshold for submitting a proposal, set decades ago by the SEC and not updated since, has been effectively lowered by inflation and economic growth. It allows shareholders who have owned just $2,000 worth of shares or 1 percent of the outstanding shares – whichever is less – for a minimum of one year, to submit a proposal. Let’s put that into today’s context. At current market prices, an investor only needs to purchase three shares of Google’s parent company, Alphabet, to file a proposal.

An additional problem is that a 1970 federal court ruling prevents the exclusion of shareholder proposals explicitly designed to promote political, religious or social causes. This is in place even though such proposals frequently are unrelated to the business of the company in question (nor necessarily within its control). The problem is steadily worsening. In 2015, 479 proposals were filed by various shareholders that had origins tied not to issues that an informed investor would consider material to make an investment decision in such companies, but rather to social, environmental and political issues. This marked the highest number public companies have faced since 2010.

The time required to educate, respond and engage on these topics with a corporation’s shareholders is not only a meaningful distraction, it also takes away valuable time spent on ways in which companies can grow and invest in their businesses, create jobs and further develop the U.S. economy.

Business Roundtable believes this outdated, broken system needs to be fixed. To that end, we have come together and put forth specific, pragmatic solutions to modernize and improve the process, outlined in a new report.

Our first key recommendation is to update the eligibility requirements. For any topic other than the election of directors, the monetary eligibility standard should be based on a sliding scale related to company size with a requirement to hold at least 0.15 percent of outstanding stock for proposals submitted to the largest company and up to 1 percent for proposals submitted to smaller companies.

We also recommend increasing the length of the holding requirement to three years, which would mirror the standard frequently used for proxy access. Increasing the length of time a shareholder must hold stock before being eligible to submit proposals would encourage a longer-term view. In addition, the process should require shareholder proposal proponents to provide increased disclosure, such as indicating their intentions, economic interests and holdings in the target company.

Another key, equally important fix is increasing the resubmission threshold for proposals that have been rejected in previous years. Current rules allow a proposal to be eligible for resubmission if it garners at least 3 percent of the vote on its first submission, 6 percent on the second and 10 percent on the third. This means that if a proponent can win 10 percent of the vote, then that proposal can be resubmitted indefinitely. Of course shareholders should be entitled to submit proposals more than once. However, a proposal rejected by 90 percent of shareholders should not be eligible for resubmission year after year without limit.

Improving this decades-old system is overdue. It’s time to fix it for the long-term economic benefit of our companies and, in turn, the shareholders, workers and consumers that make them go.

Read the full report here >>


The views and opinions expressed herein are the views and opinions of the author at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular situation and nothing contained herein should be construed as legal advice.
Publication Date*: 10/31/2016 Mailto Link Identification Number: 1276
Frequently Asked Questions
  Common and Not-So-Common Sense on Executive Compensation by John Roe
Identification Number 1251
Common and Not-So-Common Sense on Executive Compensation by John Roe
Publication Date: August 29, 2016 

This article was written by John Roe, Managing Director and Head of Advisory and Client Services at ISS Corporate Solutions.

A storied list of investors and corporate leaders including Warren Buffett, Bill McNabb, Larry Fink, and Jeff Ubben recently released the Commonsense Principles of Corporate Governance (the “Principles”), a treatise describing consensus views on key governance topics.  Sitting back and putting the Principles in perspective, we wonder – how much “common sense” is there in today’s executive compensation programs, and is “common sense” enough to satisfy the company’s stakeholders?

It turns out that the Principles, for the most part, really are “common sense” – but it also turns out that simply adhering to the guidelines provided by the principles may not be enough to keep companies out of hot water (although many of them will certainly help.)

Let’s take a walk through the principles, one by one, and see where there might still be some gaps to achieving “common sense” – and where “common sense” might not be enough.

Parsing the Common Sense Principles

Here we go, starting with the first principle (which we’ve rephrased for brevity and clarity in bold and italics throughout – see the original document for the original wording):

Executive Compensation Principle 1: Compensation plans should reflect the company’s business and the industry in which it competes. Compensation forms may need to vary for different types of businesses and different types of employees. Compensation plans will evolve over time, but they should have continuity over multiple years to ensure alignment with long-term performance.

It’s common sense that companies are customizing their programs to their unique business situations. For instance, from our Incentive Lab performance award database, we know that S&P 1500 firms that disclose metrics average 4.8 metrics in their short term programs, and 3.4 metrics in their long-term programs. A few companies skew these results since they have large numbers of metrics; the median S&P 1500 company has four short-term metrics and two long-term metrics in their most recently disclosed program.

Based on disclosure, companies are working hard to customize their metrics to their situations. Among S&P 1500 companies, we are currently tracking more than 500 different ways to describe long-term metrics and more than 2,000 ways to describe short-term metrics.

Continuity is one place where some companies have some progress left to make. Swapping metrics in and out of their programs on a regular basis with weights being adjusted frequently can raise questions among shareholders. Even proxy adviser ISS gets frustrated when companies overhaul their metrics year-to-year, as they noted in a recent proxy recommendation:

[The company’s] LTI program used at least four different metrics during the three-year period under review, and none were repeated in a subsequent year. This lack of consistency makes it impossible to determine which goals the compensation committee believes will help the company achieve long-term shareholder value creation, and makes it difficult to reward an executive for sustained growth against performance goals.

What should companies think about in addition to the Principles? Start with ensuring the metrics you select can be linked to long-term shareholder value creation, and adding rigor to how the goals are set.

Executive Compensation Principle 2: Compensation should have both a current component and a long-term component.

This is one Principle where there is plenty of common sense. Almost 95 percent of the S&P 1500 disclosed granting both short- and long-term pay in the most-recent proxy. Many of the remaining 5 percent likely are “special cases,” such Amazon’s Jeff Bezos, who receives no annual equity compensation, or Apple’s Tim Cook, who received a large grant back in 2011 and hasn’t received subsequent grants.

Data from ISS Corporate Solutions’ (ICS) ExecComp Analytics database offers a closer look, with data cut by index membership:

Outside Inside Graph 1

Executive Compensation Principle 3:  Benchmarks and performance measurements should be disclosed to enable shareholders to evaluate goal and the goal-setting process rigor. Compensation should not be entirely formula based, and companies should retain discretion (appropriately disclosed) to consider qualitative factors.

This principle is really two in one – first, encouraging adequate goal-setting rigor and disclosure, and second, encouraging companies to include a qualitative component in executive pay.

On the first part, the principle seems focused on the disclosure, rather than the process. And we firmly agree with the Principle – there are far too many companies that simply gloss over how they arrived at the goal-setting process. But that, in some cases, may be because the board did gloss over the process, electing to set the performance target at management’s business plan, and applying a simple plus or minus to arrive at the threshold and target. Clearly, the bar is rising here, and perhaps this is one of the areas in greatest need of more common sense.

On the second point, it’s clear that formulaic approaches to payout calculations are now commonplace. But contrary to popular opinion, “discretion” need not be a pejorative in the compensation context, although “business judgment” may more accurately reflect what the compensation committee is really doing.

After an empirical look at investor voting behavior, here are some “common sense” guidelines for employing and explaining business judgment in the CD&A:

  1. Limit discretionary/subjective components to no more than about 25 percent of the total STI program target.
  2. Be specific in what you’re measuring in the discretionary components.
  3. Defend, with specific examples that can be linked directly or indirectly to the well-being of shareholders, the reasoning for above-target payouts on discretionary components.

Executive Compensation Principle 4: Consider paying a substantial portion (e.g., as much as 50% or more) of compensation for senior management in the form of equity or equity-like instruments. Vesting or holding periods for equity compensation should link management’s economic alignment with the long-term corporate performance. All equity grants (whether stock or options) should be made at fair market value or higher at grant, with particular attention given to shareholder dilution.

This Principle is decidedly a mixed bag. Compensation committees are clearly delivering a lot of equity – but the long-term alignment seems to be more at the discretion of the executives than at the requirement of the committee.

Let’s start with the percentage of pay delivered through equity – where ICS’ ExecComp Analytics data shows that there is ample “common sense:”

Outside Inside Graph 1

Equity grant governance remains a work in progress, however. Vesting periods are increasingly being adopted, with many companies requiring executives to hold awards for at least one year after the grant. Equity Plan Scorecard data from 2016 shows that 51 percent of companies putting an equity plan on their ballot this year included a provision to require at least one year before the first tranche of at least one type of awards would vest.

Holding period use has increased as well but usually in the context of accelerating the attainment of ownership guidelines. Of equity plans on the ballot thus far in 2016, 38.7 percent contained a holding requirement – with 85 percent requiring executives to hold a meaningful portion of their grants until reaching ownership guidelines. Only 2.7 percent of plans this year have long-term ownership requirements, requiring executives to hold stock through the end of employment.

The jury is still out on whether luminaries such as Warren Buffet or Larry Fink would call a one-year vesting requirement, or dropping holding requirements once ownership thresholds are met, to effectively “link management’s economic alignment with the long-term corporate performance.” But compensation governance is certainly far ahead of where it was a decade ago.

Executive Compensation Principle 5: Companies should clearly articulate compensation plans to shareholders. Companies should not feel constrained by the preferences of their competitors or proxy advisors, they should articulate how compensation links to performance and aligns the interests of management and shareholders over the long term. Shareholders should consider giving the company latitude in connection with individual annual compensation decisions to well-designed compensation plans with clearly-explained rationales.

Disclosure is, arguably, one of the areas where companies have made the largest advances over recent years, moving from “how” and “what” questions of compensation to the “why” questions behind the committee decisions.

Interestingly, the Principles clearly call out “models of proxy advisors,” perhaps calling out an overemphasis on TSR for performance-based pay programs. However, for its part, ISS has been careful to say for many years that TSR isn’t the silver bullet for pay design. ISS has stated for years (page 6):

Note that ISS does not advocate that companies use TSR as the metric underlying their incentive programs; on the contrary, shareholders may prefer that incentive awards be tied to the company’s short- and long-term business goals.

If there is a failure of “common sense” on this Principle, it is that too many companies have implemented TSR as their solitary or main long-term metric, and not metrics which may more accurately reflect the evolution of their businesses, and the contributions of their executives.

Executive Compensation Principle 6: If large, special compensation awards are given to management, such awards should be carefully evaluated and clearly explained.

Special awards often cause problems with shareholders. In fact, they constitute one of the seven reasons why companies face resistance from shareholders most often. While we believe there are cases where special awards are warranted, companies must clearly and plainly lay out the rationale for these awards and how they are in the best interest of shareholders. Retention awards are particularly problematic with many investors. Historically, they have been used too often as “make-up” awards when performance awards have failed to pay out – and that’s not a good reason to use a special award.

The classic situation is encapsulated by a recent ISS “against” recommendation on a say-on-pay proposal:

A vote AGAINST this proposal is warranted. CEO pay increased significantly due to two problematic one-time awards. First, he received a large retention equity grant subject to non-rigorous performance goals measured over a relatively short two-year vesting period. Executives also received discretionary cash bonuses, intended to supplement pay after a previous performance award was earned below target. These actions have resulted in increased pay amid declining company performance.

Most companies do a good job here – but this is one case where the circumstances at hand can (and do) generate results out of line with “common sense,” and on occasion have created difficult situations for companies and their boards.

Commonsense: Necessary, but Not Necessarily Sufficient

The commonsense principles on compensation form a solid foundation for executive pay – but they are just that: a starting point. Most companies don’t – and shouldn’t – stop with the principles, but rather should move far beyond them to build robust executive compensation programs that drive broad stakeholder support. -- John Roe is Managing Director and Head of Advisory and Client Services at ISS Corporate Solutions, a unit of Institutional Shareholder Services Inc.


A version of this article first appeared in the July/August 2016 edition of ExecComp Insights, an e-newsletter published by ISS Corporate Solutions providing independent and insightful analysis on the latest trends in executive compensation and shareholder voting on corporate pay practices.

The views and opinions expressed herein are the views and opinions of the author at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular company, industry or security mentioned herein and nothing contained herein should be construed as legal or investment advice.

Publication Date*: 8/30/2016 Mailto Link Identification Number: 1251
material_search_footer*The Publication Date reflects the date of first inclusion in the Reference Library, which was launched on July 31, 2012, or a subsequent update to the material. Material may have been previously available on a different Nasdaq web site.
Page: 1 of 1
App Store       Google Play       Listing Center Content RSS Feed
The Nasdaq Stock Market, Nasdaq, The Nasdaq Global Select Market, The Nasdaq Global Market, The Nasdaq Capital Market, ExACT and Exchange Analysis and Compliance Tracking system are trademarks of Nasdaq, Inc.
FINRA® and Financial Industry Regulatory Authority, Inc.® are registered trademarks of Financial Industry Regulatory Authority, Inc. OTCBBTM and OTC Bulletin BoardTM are trademarks of FINRA