Emphasis on Director Education
The board development committee may wish to reconsider its director education program for 2017 following two recent and unrelated developments. The first is a greater articulation of expectations of such programming generally. The second is the likelihood of significant change to health care policy in general, and to the health industry financing model in particular, under the Trump Administration.
The National Association of Corporate Directors (NACD) recently established a standard for director education within a proprietary “Director Education Framework.” The goal of the NACD effort is to tie core responsibilities of the board to key areas of director competency that are considered critical to a director’s ability to properly respond to his/her fiduciary obligations. Primary topics identified by NACD for focused education include (i) board governance, structure and function; (ii) ongoing board responsibilities and activities; (iii) constituent considerations; and (iv) emerging issues.
The most urgent focus of board education programming should likely be to provide the full board, as well as certain of its key committees, with a series of briefings on the health policy implications of the recent elections, as they are currently understood. The board’s familiarity with such implications will help position it to exercise informed oversight and decision making, and to fully engage with management on health policy-prompted issues and opportunities. Such a briefing, which management can provide, could address the following issues, among others: the possible repeal of the Affordable Care Act; the potential for Medicaid expansion and reform; the potential for Medicare reform; the future of alternative payment models under MACRA and otherwise; and the possibility of program payment cuts under traditional Medicare that could negatively impact revenues. Indeed, possible changes to the broader health care legal and regulatory environment under the Trump Administration would be an additional and highly useful topic for focused director education programming.
The Strategic Asset Board
An emerging governance perspective is the need for boards to assume greater responsibility for positioning themselves to respond to the rapidly evolving legislative and regulatory environment. This is, essentially, a “continuous improvement” message directed at boards that have historically been too sluggish or passive in response to industry and governmental change.
This perspective is championed by the NACD, which describes it as « Building the Strategic-Asset Board. » The underlying theme is that boards are more likely to be successful in adapting to significant change if they hold themselves—collectively and individually—more accountable for their levels of performance and engagement. The most traditional methods for implementing such accountability are through the “refreshment” tools of periodic full board, and individual director, self-evaluation; tenure and age limitations; succession planning; enhanced director recruitment and retention limitations on outside board service; “fitness to serve” standards; “onboarding” practices and specific meeting attendance and director education requirements. While NACD does not formally endorse any particular refreshment tool, it encourages directors to consider whether their board’s composition, director skill sets, and core governance processes remain fit-for-purpose in a dynamic environment where the board’s mandate is dramatically evolving.
NACD’s message of director preparedness is particularly relevant to sophisticated nonprofit corporations, such as health care systems, that are confronting a changing financing model, significant shifts in health care public policy, increased operational complexity, rapidly changing technology, increased competition from multiple sources, and greater levels of media and public scrutiny. The implementation of a board-level continuous improvement program would serve as a clear demonstration of the board’s good faith intent to satisfy its fiduciary obligations.
Update for the Compensation Committee
One of the frequent promises of the Trump campaign was to decrease federal income tax rates, particularly on higher levels of taxable income. The President-Elect’s proposal was summarized in a recent issue of The Wall Street Journal. The possibility of lower tax rates in the future (in perhaps as early as 2017) may make year-end deferral of executive pay to 2017 more attractive than taxation in 2016.
Limited options exist for deferring year-end compensation income into 2017 and beyond. As one option, the Compensation Committee may wish to take steps to delay payment of year-end compensation and bonus amounts until early 2017, in anticipation of potentially lower tax rates. In this regard, it is important to bear in mind that the Internal Revenue Service (IRS) in June issued proposed regulations that provide greater clarity as to how compensation of management and other highly compensated employees can or cannot be deferred by tax-exempt organizations. These regulations provide a narrow path for year-end deferrals and a limited ability for an executive to defer his or her own compensation. While the regulations are not yet final and mandatory, they show the IRS position on these issues. Careful coordination of a year-end deferral strategy with the proposed IRS regulations is necessary to achieve any tax deferral objective. The health system’s general counsel is well-suited to brief the Compensation Committee on this issue, whether alone or in tandem with the corporate human resources officer.
Contributed by Ralph DeJong
Conflicts of Interest Oversight
The extent to which issues relating to conflicts of interest and the appearance of conflicts have dominated the political landscape from the presidential campaign through the transition period provides an excellent, “real world” opportunity for the board’s governance committee to consider the sufficiency of its own policies and procedures. This may be particularly valuable since the daily headlines have no doubt served to heighten regulatory sensitivity to conflicts related concerns.
These headlines speak to conflicts issues arising in three different categories: First is the appropriate scope of a conflict review process; is it sufficient to focus only business, financial, investment and employment relationships involving officers and directors? Some health systems expand the scope of review to include family and intimate social relationships, and certain kinds of non-financial business relationships such as board or similar positions with competitors. Others apply rigorous attention to the disclosure process. Second is whether to address the organizational impact of relationships and arrangements that create the appearance, rather than the actuality, of conflict. As health systems can face reputational concerns from officer/director relationships that create the “appearance” of conflict, some boards obligate directors to use best efforts to avoid such relationships. Third is the extent to which boards adopt management plans to supervise conflicts of interest arrangements that have been approved by the board, often in connection with state “rebuttable presumption” laws. The effectiveness of conflicts management plans will receive renewed attention with the announcement of the President-Elect’s plan to disassociate himself from his business interests.
The board’s governance committee may wish to allow time at upcoming meetings to discuss the evolving treatment of conflicts related issues and whether the board’s own disclosure and review protocols are sufficient, especially given the continuing evolution of the health system and the complexity of the board agenda.
New Yates Developments
The Department of Justice (DOJ) continues to elaborate on its commitment to principles of individual accountability in corporate civil and criminal investigations, even as questions arise with respect to enforcement policies under the new Administration. In a November 30 speech, deputy attorney general Sally Yates provided an overview of DOJ’s heightened focus on individuals and introduced a new website offering resources on the application of the “Yates Memorandum.”
Given the intense industry reaction over the last year to the DOJ’s heightened focus on individuals, any clarification on the application of the Yates Memorandum can be of interest to the board’s audit and compliance committee. This is particularly the fact given that several recent False Claims Act (FCA) settlements involving health care organizations have included some form of financial penalty assessed on officers and to directors. In reviewing the roll-out of the Yates Memorandum over the last year, Ms. Yates commented that, to date, the new policy was achieving its objectives (i.e., that DOJ prosecutors and civil attorneys are focusing more concretely on individuals and doing so earlier in the investigation). “[Our] people are reviewing evidence against individuals up and down the corporate ladder, looking for those who may have violated the law. And if we determine that we have a case that merits prosecution, you can be sure that we are ready to go.”
The new DOJ website, “Individual Accountability,” includes links to the original Yates Memorandum, as well as the changes made last year to DOJ’s Principles of Prosecution of Business Organizations. In addition, it includes answers to a number of the most frequently asked questions on individual accountability issues, as a form of guidance.
The audit and compliance committee would benefit from a briefing by the general counsel and the company’s outside white collar counsel on the ongoing application of the Yates Memorandum, expectations as to continued focus on individual accountability following the change of administration, and the implications for continued board emphasis on an organizational culture of compliance with law. Ms. Yates noted in her speech that a “significant number of investigations” that commenced after the release of the Yates Memorandum will not be resolved “until well into the next administration.” She expects that, regardless of the fate of the policy, “in coming months and years, when companies enter into high-dollar resolutions with the Justice Department, you’ll see a higher percentage of those cases accompanied by criminal or civil actions against the responsible individuals.”
An Auspicious Governance Anniversary
December 2 marks the 15th anniversary of the Enron bankruptcy—a near cataclysmic event that ultimately led to a series of significant legislative, regulatory and public policy developments that inform governance practices to this day. The entire board would be well served by a brief overview of the governance impact of Enron, particularly since many directors were not in board service 15 years ago.
The primary relevance of Enron to today’s corporate boards—including those of large nonprofits—is twofold. First, it provides jaw-dropping examples of problematic governance conduct from which no board, at any time, is safely immune. The Enron board—once acclaimed for its performance—committed a series of significant failures of oversight with respect to multiple fatal, related party transactions. These failures were grounded in the “flawed” decision to proceed with major transactions so complex that even the board lacked an understanding of their purpose and structure.
Second, it is, in essence, “where it all began” in terms of corporate responsibility. The staggering oversight failures of the Enron board helped give birth to the fiduciary guidelines and best practices that form the corridors of modern corporate governance. The board policies, procedures and codes of ethics to which today’s corporate directors are subject are the direct corporate descendants of the lessons learned from Enron.
Fifteen years later, Enron still matters. Current corporate controversies suggest that similar oversight failures could be occurring in some of today’s corporate boardrooms. There remains value in having a board discussion about the Enron board’s critical—and self-admitted—failures, together with some hypotheticals on how those failures might arise again in different circumstances and in different companies.
Compliance Oversight Standards
A recent Delaware Chancery Court decision provides useful guidance to the compliance committee, as well as to the general counsel and the compliance officer, on the types of board/committee conduct (or lack thereof) that could undermine the effectiveness of the compliance program. This is an important consideration given the dedicated resources within DOJ’s Fraud Division that analyze compliance program effectiveness.
On one level, the decision (Reiter v. Fairbank) confirms the long-standing judicial perspective that “bad faith” is required to establish a cause of action for breach of a director’s Caremark compliance plan oversight obligations in a shareholder derivative action. In its decision, the court provides examples of what bad faith conduct constitutes with respect to the oversight obligation—in contrast to what it found to be the good faith response by the defendant’s board. But a heightened pleading standard is not the same as a lowered compliance program oversight standard. There can be consequences to the corporation, and to individual directors, by interpreting regulatory compliance plan effectiveness standards to require only the lowest level of board engagement; the avoidance of bad faith.
Indeed, the compliance oversight conduct of a corporate officer or director can come under scrutiny in ways apart from the derivative environment. Furthermore, it can serve as a powerful boardroom motivation for continued vigorous and fully informed oversight over, and decision-making with respect to, the corporation’s compliance function. For example, it is possible that the DOJ’s compliance program expert or a state attorney general, called upon to review a health system board’s compliance oversight, may be less inclined than the Delaware courts to tolerate inadequate or flawed compliance oversight.
Reiter and similar decisions provide a timely opportunity for the general counsel and the chief compliance officer to team on advising the board’s audit and compliance committee on the most appropriate standard of conduct they should exercise in connection with their oversight of the health system’s compliance program. There is much useful direction from the Delaware courts and other resources on what may, and what may not, constitute appropriate conduct under the circumstances.
The current alumni challenge to actions of the Baylor University Board of Regents provides a good example of how a well-organized constituent group can bring public pressure on nonprofit governing board decision-making without resorting to litigation or deferring to the state attorney general.
The current controversy arose from the highly publicized and tragic series of events involving allegations of sexual abuse by members of the Baylor football team, the response by Baylor administration, associated alleged Title IX violations, a related federal investigation, and the reaction of the Board of Regents to the circumstances. According to media reports, the alumni group was frustrated by what it perceived as an insufficient response by university governance—including a perceived lack of transparency with respect to Regents decision-making—and concerns as to how the controversy was impacting the reputation of the university.
The alumni group, “Bears for Leadership Reform,” includes a substantial number of major donors to the university. It has created a nonprofit corporation through which its efforts are being channeled, and is also communicating publicly through various social media sites. The primary concerns of the alumni group include the accountability of the Board of Regents with respect to Title IX compliance, greater transparency to the university community with respective to corrective actions taken, and broader issues with respect to the ultimate governance role of the Board of Regents. Shortly thereafter, the Baylor Board of Regents announced a new Governance Review Task Force, the purpose of which is to examine the board’s practices, procedures and selection processes.
“Bears for Leadership Reform” is an intriguing example of how powerful constituents of nonprofit corporation (such as a hospital or health system) can use means outside of litigation or political involvement to raise questions of governance accountability and transparency, and pressure the board to make related governance changes. If it can happen in the context of a large private university, it can certainly happen in the context of a large nonprofit health system.
Conflicts and System Diversification
Increasing media stories describing conflicts arising from “angel” and similar types of startup investments take on more relevance as health systems add sophisticated investors to their various system governing boards, and those investors/directors pursue broadly diverse direct and indirect investment portfolios. This has the potential for both conflicts of interest and appropriation of corporate opportunity issues.
Two governance issues are in play here, and they are not easily reconciled. One is the recognized need for health systems to recruit as board members individuals who are financially sophisticated, to help assure effective oversight and decision making with respect to financial matters. This is especially the case with respect to service on board investment committees, as many large health systems maintain suitably sophisticated and broad based portfolios that reflect a diverse investment philosophy. Financially sophisticated directors provide an enormous service by assisting the CFO in developing the philosophy and monitoring the performance of the portfolio and of the various investment managers. At the same time, such financially sophisticated directors may also pursue a broadly diverse philosophy in terms of their personal investment portfolio or may serve in investment advisor roles with venture capital firms. This may lead these directors or the venture capital firms that they serve to make investments in startup companies that are developing products or services to serve the health care industry.
Conflict issues can arise if and when the health system pursues a research or vendor relationship with such a company, or seeks to make a similar investment in, or acquisition of, such a startup enterprise. The advance identification of such a conflict can often be difficult due to the breadth of the financially sophisticated director’s personal investment portfolio and how it is managed. It is also conceivable that corporate opportunity issues could arise if the financially sophisticated director (unintentionally, no doubt) directs, approves or otherwise ratifies an investment in such a start-up that is a strategic acquisition target or collaborator of the health system.
The system general counsel can provide value in these and similar circumstances by monitoring the board appointment process at all levels of system governance, and working with the system’s conflicts or governance committee, and individual directors, to provide guidance to all parties on how best to reduce the potential for duty of loyalty issues associated with diverse investment interests.
The General Counsel and Data Breach Compliance
An important responsibility of the governing board is to work with the CEO to assure proper coordination of the various roles and responsibilities of members of the senior executive leadership team, in order to prevent confusion, gaps in leadership and internecine controversy. An important new survey provides guidance on how the board and CEO should assign executive responsibility for data breach compliance.
The new survey, conducted jointly by the insurance analytics company Advisen and insurer Zurich North America, concludes that since cyber risk is more frequently viewed as an enterprise-wide issue, departments such as general counsel and risk management are now taking on larger roles in responding to data breach issues. The survey references the importance of compliance with all applicable federal, state or local privacy laws arising in connection with a data breach event. While it notes that in previous years the IT department was primarily responsible for maintaining such compliance, that responsibility is shifting as cyber risk has increasingly become an executive- and board-level concern, as well as an enterprise-wide focus.
Notably—and for the first time in the survey’s history—the office of general counsel is cited as the department most frequently responsible for assuring compliance with all applicable federal, state or local privacy laws, including state breach notification laws. The survey observes that the importance of compliance is represented in the increased role of general counsel and demonstrates the influence of regulation and heightened awareness of the legal issues that result from a data breach.
Management and board leadership are often called to make time-sensitive decisions with respect to executive responsibility in the context of vital corporate matters and crisis circumstances. It is important that those decisions are made on an informed basis. While a traditional conclusion might be that the CIO or other senior IT executive should be the executive directly in charge of the data breach response team, the new Advisen/Zurich survey serves as compelling evidence of the benefits attributed to greater general counsel participation in the work of that response team. Such greater general counsel participation is also consistent with the broader roles and responsibilities increasingly assigned to the general counsel—not simply technical legal advisor, but also valued business partner to management and leading advisor on organizational ethics and reputation.