New Board Removal Action
The removal of four Wells Fargo directors, in connection with other sanctions imposed on the bank by the Federal Reserve, has far reaching implications for the corporate governance of large, sophisticated health care systems and other health industry companies.
Announced on February 2, the Fed’s enforcement action has been widely interpreted as a powerful regulatory message of governance accountability for failures of board oversight. The sanctions prevent the bank from increasing its total assets, thus severely limiting its ability to grow. They also mandate several corporate governance and risk management actions, including the required replacement of board members. The Fed publicly censured the bank’s board, its former CEO and a past lead independent director. It also identified areas in which the bank failed to comply with its own published corporate governance guidelines. Prior board members were criticized for their lack of inquiry and lack of demand for additional information after they had left the board.
Many of the Fed’s sanctions speak to compliance and risk issues that can, of course, arise in other regulated industries, such as health care. These include the need for (i) business development strategies to manage key identified risks, e.g., performance pressures prompted by certain types of compensation incentives, and the potential that business goals could prompt improper business practices; (ii) management assurances on how known misconduct is being addressed, to be supplemented by “detailed and concrete plans”; and (iii) corporate governance practices to be aligned with the company’s business plans and accepted risk tolerance policies.
The Wells Fargo sanctions reflect a prominent federal regulatory agency’s conclusion that the compliance failures suffered by the company were due in large part to the breakdown of established corporate governance oversight practices. The severity of its criticism of past and present corporate directors is extraordinary. Obviously, the Federal Reserve has no jurisdiction over health care systems. Nevertheless, system audit and compliance committees should acknowledge the potential that the Fed’s strict message of director accountability could be adopted by state and federal agencies with enforcement authority over health care companies.
LESSONS TO HEALTH SYSTEM BOARDS FROM THE FEDERAL RESERVE’S ACTION AGAINST WELLS FARGO
Click here to see Michael’s additional thoughts on the implications for directors.
Innovation-Driven Conflicts of Interest
The board’s governance and innovations committees may benefit from a briefing on the conflicts of interest implications of Sheryl Sandberg of Facebook and Jack Dorsey of Twitter’s recent decision not to run for re-election to The Walt Disney Company board of directors.
According to a statement from Disney, the decision of these prominent business leaders was based upon the evolving nature of the businesses in which Ms. Sandberg and Mr. Dorsey are active, which has made it more difficult for them to avoid potential conflicts with Disney’s initiatives (e.g., online video). But don’t think that this issue is limited to the giant entertainment, media and technology companies. Perhaps more than before, companies across many industry sectors are retooling their strategic direction and business models to address challenges and opportunities presented by the economy, tax legislation, government regulation and legislation, consumer preferences and, particularly, “disruptive” innovation.
For those reasons, the Sandberg/Dorsey/Disney development is a useful example of how increasing corporate diversification and business model evolution are recalibrating concepts of competition in a way that strains the effectiveness of board conflict of interest policies. Going forward, boards and individual directors may need to think more expansively about relationships and arrangements because of increasing difficulty in avoiding conflicts of interest on board issues. This also means taking a second look at existing policy provisions that define the types of financial arrangements, employment relationships and outside board service that could give rise to a conflict of interest. It also means revisiting the scope of the conflicts of interest questionnaire and the types of information it seeks to generate. Disclosure obligations based upon pre-existing or obsolete concepts of competitive interest may no longer provide a reliable means for “flagging” potentially problematic relationships or arrangements. This, with potential implications for the sustainability of corporate agreements, and the reputation of individual directors.
Governance Implications of Business Disruption
The recently announced health care joint venture between Amazon, JP Morgan and Berkshire Hathaway serves as a reminder of the important role the health system board is expected to play, interacting with management to guide the organizational response to business disruption.
The new venture involves the formation of an independent health care company for the parties’ employees in the United States. The company is still in a conceptual stage and the extent to which it will change their employees’ existing health coverage is uncertain at this point. Nevertheless, the venture is the latest, and perhaps most significant, in a series of recent developments involving business disruption in health care. As Ken Kaufman noted in Modern Healthcare, “When you have mediocre access and a low level of convenience and high costs, then you have disruptors that are going to be all over you.”
For the health system, leadership responsibility for business disruption is an extension of the shared approach historically applied to tasks such as strategic planning and risk management. These tasks incorporate prominent roles for both the board, which can encourage the development of a strategic or risk management plan and oversee management’s implementation of it, and management, which develops the specific plan. The effectiveness of both of these tasks relies upon on an integrated perspective on the long term strategy and risk management, as the case may be. An effective response to innovation-based business disruption relies on a similar approach; i.e., the board encourages management to identify business disruption threats and to develop responsive strategies, and then monitors the evolution of such strategies. Management, on the other hand, informs the board as to the nature and source of disruption threats, implements a responsive plan, and supports the board’s ability to monitor the success of that plan. Ultimately, responsibility for dealing with business disruption is grounded in the board’s fundamental obligation to ensure that the company maintains its long term value and serves its principal constituents.
Positioning the Board for "#MeToo" Focus
The board of directors should anticipate, and take proactive steps to respond to the possible expansion of the “#MeToo” social responsibility movement to the health care industry.
The board’s interest is grounded primarily in its overarching fiduciary responsibility for the oversight of workforce culture. It is supplemented by the board’s responsibility to preserve the reputation of the corporation as a critical strategic asset. In that regard, it is one of those unique issues for which the board can justify assuming the leadership role on behalf of the organization, working in consultation with (not deferring to the action of) its senior executives.
Several of the most recent developments have included explicit suggestions that key elements of leadership (e.g., the board, senior executives, the office of general counsel) were either inattentive to warning signs of sexual misconduct, or more deliberately “turned a blind eye” to such warning signs. In other situations, the scope and independence of internal review processes have been criticized for failing to protect the interests of victims. There are serious consequences, no matter the organization. And, in virtually each instance, the damage has extended beyond the corporation to its officers, directors and even members of its legal team. (Such observation is in no way intending to diminish the profound harm inflicted upon the victims of misconduct and abuse.)
A proactive board response could logically incorporate a series of components, intended to establish “tone at the top”; assure that legally compliant policies are in place; improve hotline and other reporting mechanisms; improving vertical reporting mechanisms; and possibly conducting a confidential internal review of potential organizational exposure to how prior allegations of sexual harassment and similar complaints were addressed (particularly as they may have implicated key organizational insiders), and the board’s role in any such response.
Fitness to Serve—Fiduciary Gray Area
The recent controversy regarding the reaction of the Humane Society board to allegations of sexual harassment by its CEO reflects the fiduciary “tug-and-pull” involved with decisions that implicate a combination of director judgment, elements of fairness and equity, and the obligation to protect the reputation of the organization.
As reported in The Washington Post, the controversy arose from an internal investigation conducted by the Humane Society, that identified three sexual harassment complaints made against the CEO, as well as internal complaints from “senior female leaders” that their concerns regarding workplace misconduct had been ignored. Some of the allegations related to conduct that occurred 13 years ago. Initially, the board voted to close the investigation and to retain the CEO (with the media reporting a controversial quote from a board member). However, seven directors who disagreed with the decision subsequently resigned from the board. Following the initial published reports, and related concerns expressed by staff and some donors, the CEO elected to resign.
The Humane Society controversy provides a useful example of how board treatment of “fitness to serve” issues at either the executive or board level can be a “gray area” in terms of application of fiduciary principles. It is not unusual for boards to adopt what they believe to be principled stands supporting the retention of officers or directors who are accused of certain conduct, on an “innocent until proven guilty” perspective. The board also has the authority to exercise informed business judgment in reacting to the results of an internal investigation and any related recommendations. It can, for example, conclude that the facts developed by the investigation are inconclusive, or absolve the target of wrongdoing; in either case not justifying punishment or termination. (Of course, the board may reach an opposite conclusion as well.)
The board’s ultimate responsibility is to act in what it reasonably believes to be in the best interests of the organization and its mission. With matters of personal fitness to serve, there are increasing concerns that the board’s obligation to protect the reputation of the organization may be a paramount consideration, regardless of the equity of the circumstances and the impact that a punishment-grounded decision may have on employee or board morale and the ability to recruit or retain directors and executives. “Optical matters” can create negative publicity that is harmful to the organization, can prompt regulatory investigation and can lead to significant donor backlash. Fitness to serve issues can be complicated decisions for governing boards—for which there may not always be a “right answer.” Ultimately, informed, good-faith board decision-making is key.
New Pressures on General Counsel
In several recent instances involving internal investigations of prominent sex harassment controversies, the conduct of the general counsel, and the scope of engagement of outside investigative counsel, have become the focus of controversy.
The most noteworthy example involves the role of the Michigan State Attorney Office of the General Counsel in connection with the notorious Nasser matter. There has been substantial media coverage of the ethics-based complaint of a plaintiff’s attorney that a Michigan State University (MSU) Office of Inclusion lawyer mishandled the preparation of a Title IX report by failing to include key elements of the Title IX investigation (relating to concerns with Nasser) in a version of the report provided to the claimant. (The insinuation being that full disclosure by the claimant may have helped prevent further abuse by Nasser). Based on these allegations, an MSU trustee has publicly called for the immediate resignation of the MSU general counsel, and for an independent review of the legal department’s handling of the Nasser matter. In addition, a front-page article in the January 27 edition of The New York Times reflected criticism that the scope of engagement of the university’s nationally prominent outside counsel was to conduct an internal review of the Nasser allegations to protect the university’s interests, as opposed to conducting a full-fledged independent investigation.
A separate example was the resignation of the long-time American Red Cross general counsel following published reports in ProPublica that he had once made public comments that were perceived as undermining the organization’s decision to terminate a senior executive for concerns with sexual harassment. A 2012 internal investigation conducted by outside counsel regarding the executive’s conduct had prompted the executive’s termination. Shortly after the termination, the in-house counsel made favorable comments concerning that senior executive, including an expression of regret that the executive was leaving the organization—without making reference to the harassment allegations. A third example is the allegation in a shareholder derivative suit involving a large leisure activity company that the corporate general counsel breached her fiduciary duties by failing to disclose to proper authorities evidence she supposedly had concerning the alleged sexual misconduct of the company’s CEO.
These and similar developments reflect a disquieting trend (at least in the media, if not also amongst corporate leadership) of making the role and conduct of counsel in connection with internal investigations a focus of particular scrutiny.
Board Oversight of CEO Health
An increasing concern of the executive search and succession, and the executive compensation, committees is the need to take appropriate steps to assure the health of executives for purposes of the hiring and retention processes. This is an effort in which the general counsel, who supports the work of these committees, can provide leadership.
Much of the concern on this point arises from the experience of a major transportation company, who had hired a prominent executive as its CEO, knowing that there had been prior concerns as to the executive’s medical history. As part of the recruitment process, the executive refused the company’s request to provide copies of medical records and to submit to a physical examination. Once hired, speculation as to his health continued, and indeed after roughly a year of employment, the CEO died following short leave of absence. Subsequently, the company adopted a policy requiring its CEO to have an annual physical exam performed by a physician of the board’s choice.
The personal impact notwithstanding, CEO transitions arising from death or other material physical incapacity can have serious disruptive financial and strategic implications for a company. The full range of issues with respect to the board’s right to be made aware of the health of its senior executives has not been resolved with clarity under the law (this is particularly, but not exclusively, the case under the securities laws). However, there is an increasing level of agreement amongst thought leaders that both the CEO and the board should be transparent regarding the health of the CEO and his/her ability to perform the duties of the chief executive. This may extend to matters such as “medical due diligence” in the recruitment period, specific disclosure obligations in the employment agreement, and expectations of disclosure to senior board leaders should material health issues arise. At the same time, there are legitimate concerns associated with the medical privacy rights of the executive that must be taken into account. For these and other reasons, there is no “best practice” on the extent of board oversight of CEO health issues.
The general counsel is well qualified to assist the board and its key committees on executive health disclosure concerns.
Reallocation of Cybersecurity Duties
Despite the extraordinary amount of attention from multiple sources on the issue, a series of recent articles in The Wall Street Journal suggest an ongoing level of uncertainty and unease on the part of the board with respect to its responsibilities for cybersecurity oversight. The general counsel, teaming with the chief information security officer (CISO), can be most helpful in providing guidance to the board in this regard.
The major theme of these articles is that boards are pursuing greater clarity and understanding of their cybersecurity oversight responsibilities following the Equifax breach late last year; i.e., the Equifax crisis seems to have been a particularly defining moment to many boards concerning these responsibilities. This is driven in part by the scope of that breach, and a general lack of understanding of how closely the Equifax board exercised oversight of cybersecurity matters. This increased emphasis on oversight responsibilities is reflected in part by, among other measures, (i) the possible reallocation of cyber-oversight responsibilities more broadly among board committees (e.g., removing it from audit committee direction); (ii) additional board/committee meetings with the CISO and other cybersecurity executives; and (iii) increasing the number of comprehensive internal cybersecurity reviews conducted annually.
A particularly interesting observation from the articles is that very few companies maintain board committees dedicated to information technology risks and strategies (i.e., only four Fortune 100 companies). A consistent “year-over-year” theme is that directors lack confidence that their company has adequate protections to deal with a cyberattack. One suggested alternative is for the board to cultivate a much more direct level of engagement with the CISO (e.g., perhaps, a direct reporting relationship, much like the compliance officer). An additional concern expressed by those interviewed for the articles is the fiduciary propriety of authorizing the payment of ransomware attack demands.
The need for continued director engagement on cybersecurity oversight is clear, especially given concerns with Equifax-level breaches and an uncertainty as to the most effective way for the board to satisfy its oversight obligations. Barriers to more effective board engagement continue to arise from (i) the extraordinary level of information and “white noise” on cybersecurity information made available to the board, directly and through governance publications, and (ii) the extent to which individual directors feel inadequate to address cybersecurity oversight because of the associated technology complexities. The general counsel and the CISO can help the board overcome these barriers with meaningful governance solutions designed to facilitate oversight—including a better understanding of the respective roles of governance and management in this complex area.
Governance Observations from Institutional Investors
Health system governance committees can benefit from consideration of the latest perspectives on corporate governance as promoted by asset managers and institutional investors, the differences between proprietary and nonprofit corporate models notwithstanding. Often times, the evolution of governance “best practices” begins with these perspectives.
For example, the 2018 Proxy Season Review prepared by a major consulting firm identified the following five primary governance priorities of surveyed institutional investors: (i) board composition (e.g. “fresh and different perspectives in the boardroom” with a specific focus on diversity, and “robust” board assessment and director refreshment processes); (ii) board-level competencies that are aligned with corporate goals and long-term sustainability (e.g. specific industry expertise, as well as broad-based expertise in technology and risk management); (iii) increased attention to environmental/sustainability/climate concerns, especially as a potential risk factor (a focus which has yet to arise materially in health care governance); (iv) greater focus on talent and “human capital management,” including, but not limited to, diversity and inclusiveness matters and, particularly, the recruitment, training, retention and engagement of the workforce and matters of corporate culture; and (v) executive compensation that is more tied to performance, achievement of corporate strategy, and to satisfaction of corporate values and culture.
BlackRock’s 2018 Global Corporate Governance and Engagement Principles set forth its general philosophy on corporate governance matters, with particular focus on topics such as (i) independence guidelines (that are more stringent than those of the listing standards); (ii) the elements of director engagement (including oversight of accounting practices, satisfaction of attendance standards and limitations on outside board service); (iii) board composition and effectiveness, especially with respect to competencies, the selection process, evaluation processes and their outcome, and consideration given to diversity in all of its elements; (iv) board size; (v) CEO and management succession planning; (vi) risk oversight; and (vii) the separation of chairman and CEO positions.
These observations and philosophies are not, of course, binding on nonprofit health systems but they are certainly helpful in framing the discussion of their board governance committees on trends and developments (at least with respect to proprietary corporate governance).