The Importance of Director Reputation
A new article published in the Harvard Business Review confirms that the preservation of reputation continues to be a significant motivating concern for individual board members. This is a factor that should be taken seriously as boards work to establish a reasonable risk profile for the organization.
The article suggests that directors are more likely to resign their board seats when the corporation—and their governance service—experiences negative attention (e.g., some form of material public corporate controversy, media criticism or investigation). The related suggestion is that a primary motivation for individuals to serve on corporate boards is to build and service their personal reputations. Directors most likely to resign when their reputations are threatened include those who are senior executives at other companies, who serve on several boards, or who have a long board tenure at the particular corporation. (While many nonprofit directors undoubtedly join nonprofit health system boards to support mission goals, preservation of personal reputation is likely a significant consideration for them nevertheless.)
The authors also recommend using board service as a way to help burnish individual reputation and thus enhance engagement; and to recognize how reputation influences the market for director talent.
The potential for reputational risk to board members should be considered in connection with both director recruitment and retention efforts; and also when evaluating the risks associated with corporate strategies. Indeed, in the nonprofit sector, state attorney generals have recently been more willing to incorporate director resignation and a ban on future board service within settlement agreements intended to address allegations of corporate and/or board misconduct.
Unique Compliance Role for Major Donors
The ongoing, and highly relevant, corporate controversy involving the University of Louisville Foundation provides a noteworthy example of how major organizational donors can seek to exercise affirmative/positive influence on an organization’s compliance response to a major controversy. This may be noted by general counsel when called upon to advise organizational clients on the range of third parties that may exercise interest in health system risk-related issues.
As previously mentioned in this newsletter, the current circumstances surrounding the governance and operations of the University of Louisville Foundation, the large fundraising affiliate of the University of Louisville, is a highly consequential development for nonprofit health systems. An independent forensic audit released on June 9 identified, in substantial detail, information with respect to its “excessive spending practices, unbudgeted expenses, unapproved actions, high executive compensation and unrecorded endowment losses.” According to prior news reports, several major University donors had demanded that such audit be conducted.
The most recent development confirms that the two donor organizations have each committed $1 million to cover most of the cost of the forensic audit of the University of Louisville Foundation, which has reached $2.2 million. This was in fulfilment of their original pledges to help offset the cost of the audit. According to media reports, the goal of the audit—and the intent of the donors’ contributions—was to restore confidence in the Foundation amongst donors.
Donors have historically limited standing rights to challenge or otherwise exercise formal influence over organizational decisions, as well as over the administration of charitable gifts. The audit demands made by these major donors—and their willingness to reimburse the Foundation for the costs of the audits—demonstrates that they are willing to take a strong and highly public position with respect to compliance-based controversies involving nonprofit organizations that are significant beneficiaries of their contributions. The broad-based media coverage of the Foundation controversy may well bring the actions of the two Foundation donors to the attention of other major corporate and individual donors to nonprofit organizations, including health systems.
Ransomware and Corporate Governance
Health system boards have been inundated over the last year with information and warnings about cybersecurity matters, and their related fiduciary obligations. Yet a new commentary published by the influential policy organization The Conference Board is noteworthy to the extent that it focuses specifically on the governance implications of the recent WannaCry and Petya/NotPetya ransomware attacks. The focus of the article is threefold.
First, it argues for the appointment of at least one person with “deep cyber risk management expertise” to the board of directors. This expertise is defined as including “knowledge of best practices, technologies and key cyber risk metrics.” As with other competency-based board appointments, the expectation is that the presence of at least one cyber expert will support board oversight and decision-making by assuring the presence of a “translation layer” between the cyber risk expert and other board members. This argument is supported by reference to various legislative and regulatory initiatives seeking broader board disclosure of its cybersecurity awareness.
A second argument is to assure the delivery of appropriate cybersecurity information to the board, including a broad-based understanding of key concepts. The author points to The Conference Board’s Cyber-Risk and Security Management Council as a useful resource. In this regard, boards should also be aware of the NACD’s 2017 Director’s Handbook on Cyber-Risk Oversight, which is intended to support board members of public companies, private companies and nonprofit organizations of all sizes and in every industry sector. A third argument is to assure the delivery of appropriate levels of cyber-risk-related information to the board, as well as the implementation of effective cyber-risk reporting and communication practices through the chief information security officer (CISO).
In the current environment, there is a significant concern that governing boards are saturated with cybersecurity information and proposed solutions. That being said, the recent ransomware attacks provide an opportunity for the general counsel, teaming with the CISO, to assure that cyber-risk issues are properly addressed at the board level.
Balancing Director Expertise With Diversity of Experience
Interesting new data rising from the public company sector provide useful guidance to health system governance committees on how best to balance the somewhat competing nomination options of director candidates with previous board experience, and those with broadly diverse perspectives and experiences. While not mutually exclusive, the issue may deserve focused committee attention.
The new data, compiled and interpreted by Institutional Shareholder Services, Inc. (ISS), promotes the need for nominating committees to reach a working balance between the relevant criteria; e.g., new versus experienced directors, industry expertise versus broad knowledge, the right level of refreshment, etc. The premise is that the level of scrutiny over the selection of directors will only increase. This reflects an increasing focus of institutional investors/asset managers in supporting shareholder initiatives to increase board diversity as a means of enhancing the decision-making process of the board in general, and the ability to consider, where appropriate, alternatives to management strategies.
The data reach two high level conclusions, both of which have relevance to the director nomination process of nonprofit health systems. First is that while a majority of S&P 500 directors maintain multiple directorships, approximately one in three S&P 500 companies have seated new first-time directors since the beginning of 2015. ISS data indicates that this number is trending upward, possibly in reaction to internal and external efforts to increase diversity and fill important boardroom “skill gaps.” The second conclusion relates to industry concentration of directors who serve on multiple boards. The results suggest that industry concentration is not as significant an issue for directors as it may be for executives. However, some industries (e.g., pharmaceuticals, life sciences, and health care equipment and services) demonstrate a higher need for “specialty” directors.
The ultimate conclusion is—not surprisingly—that there is no one-size-fits-all combination of directors for every company. Matters relating to new versus experienced directors, and industry expertise versus diversity across multiple perspectives, is a matter for thoughtful consideration by the board’s nominating committee.
Microsoft's Term Limit Pivot
Health system nominating committees seeking guidance on term limits and other director refreshment mechanisms may wish to note the recent related revisions to the Corporate Governance Guidelines maintained by Microsoft Corporation. These revisions relate to matters of director tenure and re-nomination.
As a general matter, Microsoft evaluates its governance framework on a routine basis to ensure that its policies meet the needs of the company and expectations of a diverse set of stakeholders. This practice is consistent with recognized best practices on governance oversight.
More specifically, the Microsoft Board recently adopted a board tenure policy that focuses on an average tenure of 10 years or less for the board’s independent directors. This policy applies to the total years of service collectively for independent directors, rather than individual years of service. Rather than adopting “bright-line” term limits for outside directors, the new Microsoft approach seeks to balance a board composed of directors with extensive knowledge about the company, with those who offer a fresh perspective and those with business experience relevant to Microsoft’s strategic ambitions. Microsoft noted that its new policy was influenced by the perspectives of its investors who actively promote board refreshment and diversity at their portfolio companies.
The revised policy also highlights that directors should not expect to be re-nominated annually. Rather, in making renomination decisions, the Governance and Nominating Committee considers the director’s participation in and contributions to the activities of the board, the results of the annual board evaluation and past meeting attendance.
There are no established governance “best practices” with respect to director tenure and similar matters. Reasonable arguments are regularly made on both sides of the equation. In reaching a position that best serves its governance needs, the health system governance committee benefits from considering how leading companies, such as Microsoft, address similar issues. This can be particularly important given emerging signs that agencies with jurisdiction over health systems may in the future seek to mandate certain levels of board composition as a precondition to the receipt of governmental benefits.
CEO Succession Practices
The senior executive evaluation and succession practices of health systems may be informed by the 2017 edition of The Conference Board report, CEO Succession Practices, which annually documents and analyses succession events of chief executives of S&P 500 companies. The new report provides several findings of direct relevance to health systems and other major nonprofit organizations.
An overarching finding is that 2016 CEO exits from underperforming companies have risen to a level unseen in 15 years (attributable, in part, to record-high dismissals in the retail sector). More specifically, in 2016 the CEO of a poorly performing company had a 40 percent higher probability of being replaced than in 2015, and a 60 percent higher probability of being replaced than the CEOs of better-performing companies. A related finding is that companies are becoming more communicative about CEO succession events, which may help to avoid surprising constituents and regulators. Such communications practices commonly include a description of the role performed by the board of directors in the CEO succession process, and offering more details on the reasons for the transition.
Other findings of relevance to health systems include the following: (i) the stability seen in the succession rate of better-performing companies may indicate that increased scrutiny over executive pay and performance has started to produce results; (ii) one in 10 CEO successions in 2016 were navigated by an interim CEO, a role once used only in situations of emergencies and unplanned transitions; (iii) gender diversity continues to be elusive at the helm of the largest US public companies, as only six of the 63 CEO positions that became available in the S&P 500 in 2016 were filled by a woman; (iv) after years of sharp rise, the succession rate of older CEOs has started to normalize at levels seen before the financial crisis, confirming the completion of a generational shift in business leadership; and (v) departing CEO tenure in 2016 was nine years, but five percent of S&P 500 companies are led by CEOs with tenures of 20 years or longer.
As CEO performance oversight and evaluation is a primary function of the governing board, a discussion of these and other relevant portions of The Conference Board’s report by the board’s search/succession and executive compensation committees may be useful.
The Conflict Review Process
Media reports regarding the review perspectives of the Office of Government Ethics provide an unique, yet particularly relevant reminder of the need for governance committees to pursue a specific, consistent process with respect to evaluating conflicts of interest issues that come to its attention. This is a process in which the general counsel can be a particularly valuable advisor.
The focus of these reports is the transition of leadership at the Office of Government Ethics, and the different approach taken by the old and new ethics leadership in interpreting government ethics rules. Much of the current controversy has related to the approach taken with respect to evaluating conflict and potential divestiture issues relating to new Administration officials. According to The New York Times, the prior Director of the Office applied a strict approach to the review of financial disclosures, the interpretation of conflicts, and to the need for asset divestiture as a precondition to government service. The Times described the new director as applying a less rigid approach to conflicts and other ethical issues; i.e., more likely to be flexible with respect to waivers and divestiture.
There is no doubt that the Office of Government Ethics has lately been at the center of political controversy, and there is no reliable means for evaluating the reasonableness of the evaluation approaches taken by the former and current directors. The value of these reports is that they highlight the importance of process and identifiable, consistent standards to be applied by any board committee with responsibility for evaluating conflicts of interest and code of ethics-related issues. What is the evaluation approach to be adopted by the committee? What standards and criteria will it apply to particular instances of conduct? What are the circumstances in which it will waive conflicts, subject to ongoing conditions? Is the committee’s perspective one of strict/rigid adherence to duty of loyalty standards or a willingness to be more permissive in its interpretation? The general counsel can be an important contributor to the development of written conflicts and ethical review guidelines.
Compliance Program Effectiveness
A series of media interviews with the outgoing “compliance counsel” to the Fraud Division of the Department of Justice offers several meaningful, practical observations about demonstrating compliance program effectiveness that can be shared by the general counsel and the chief compliance officer with the board’s audit and compliance committee.
In these interviews, the former compliance counsel made a series of practical observations based on her interaction with companies that were being investigated by the Fraud Division. She stressed the need to properly interpret the new DOJ compliance program effectiveness guidelines; in other words, to understand that they are intended for use by prosecutors (i.e., they are framed in the context of questions prosecutors might ask). Thus, the company’s ultimate effectiveness focus should be on matching compliance program practices to specific allegations, and on providing examples of the robust nature of the company’s program. In this regard, it may be useful to offer examples of circumstances in which the program had deficiencies (e.g., what went wrong, how the problem was addressed and what lessons were learned from the process). Significant value is attributed to a company’s ability to identify the root causes of particular compliance failures and demonstrate good faith corporate efforts to remedy compliance program failures. She also stressed the application of an ongoing risk assessment process as a fundamental indication of a good faith program.
An overarching theme from the former counsel’s comments is that in order to demonstrate compliance program effectiveness, the focus should not be on the substance/detail of the actual written policies, but rather on the ability to demonstrate examples of how the program works in practical manner.
To be sure, the tenure (and especially the departure) of this compliance counsel has been a subject of significant public controversy. Nevertheless, her comments on how best to demonstrate compliance program effectiveness are of value to health system leadership seeking to satisfy their Caremark obligations.
The Significance of the Appearance of Conflict
A recent controversy surrounding the termination of a high ranking university official highlights the controversy that often surrounds decisions to take disciplinary or other corrective action against officers and directors based on the “appearance” of conflict of interest.
The circumstances, as reported in the media, related to the sudden termination of a university provost based on “appearance of conflict of interest” concerns arising from a contract for conflict resolution services with a firm owned by the provost’s life partner. Approximately 25 percent of the fees generated under the contract were paid through offices overseen by the provost. Following an audit of the arrangement, the provost was terminated, reportedly due to concerns with the “appearance of misuse of resources,” weeks before her scheduled retirement. The university has since adopted a prohibition against family members of senior officials conducting business with the institution. Supporters of the former provost have challenged the basis for the termination, in part, on the grounds that it was only the appearance of conflict, as opposed to an actual conflict of interest—and thus did not warrant termination.
These circumstances highlight the potential for confusion with respect to the application of conflict of interest policies and codes of ethics that implicate duty of loyalty themes. Generally accepted fiduciary principles require these policies to regulate instances of both actual and apparent conflicts, on the grounds that the appearance of a conflict carries the potential for undermining the related decision-making process and prompt associated legal and reputational scrutiny to the same extent as could an actual conflict of interest. Conflict of interest disclosure obligations should thus require the disclosure of all relationships and interests that have the potential for being in conflict with the interests of the corporation. In responding to such disclosure obligations, individual officers and directors should not reach their own conclusion whether the conflict is actual or apparent; they should simply make disclosure of the relationship or interest. Whether the committee elects to take action with respect to an apparent conflict of interest, and the extent of any related action (e.g., discipline) is at the committee’s discretion, based on the exercise of informed judgment.
Sarbanes' 15th Anniversary
The 15th anniversary of the Sarbanes-Oxley Act (enacted July 30, 2002) can serve as an important teaching moment for the board and senior management concerning the continuing legacy of that seminal law. This, with respect to both principles of corporate responsibility, and also the relationship of corporate counsel to governance and to the foundational principles of corporate compliance.
As many lawyers and compliance professionals may recall, the law was enacted in response to the series of notorious and crippling accounting controversies that had occurred in prior months involving such companies as Enron and WorldCom. The goals of the Act included efforts to enhance the reliability and transparency of public company financial statements. Yet, many current members of health system board and senior management were not serving in similar positions in 2002 and may have limited recollection of these notorious circumstances.
The essential Sarbanes legacy is grounded in (i) its focus on transparency and accuracy of financial statements; (ii) the need for full and “real time” disclosure of material corporate developments; (iii) expansive new laws relating directly to corporate compliance; (iv) the adoption of new professional responsibility and other enhanced ethical obligations of corporate gatekeepers, including lawyers, accountants and corporate financial officers; and (v) countless corporate responsibility-centered doctrines and source materials; (e.g., the evolution of, and continued emphasis on, governance best practices).
The Act and its progeny have had an enormous impact on the role and responsibilities of the governing board, including the institution of new levels of accountability on directors and executives. It has also directly affected the duties of the general counsel, and her relationship to the client’s governance, executive leadership, financial and compliance functions. Greater awareness of these forces may help leadership respond to the “why” question, as it relates to the origins and continuing legacy of corporate responsibility.