ore than 300 directors and general counsels shared their biggest risk management worries in the 2012 Law and the Boardroom Study, conducted with Corporate Board Member magazine. An increasingly interconnected world has blurred geographic boundaries and allowed information to spread quickly and freely. U.S. businesses have expanded into global markets and increased online communications and Web-based products and delivery channels. Such trends have brought tremendous opportunities, as well as new risk management challenges, for corporate board members and counsels.
In 2012, FTI Consulting once again partnered with Corporate Board Member magazine on the annual Law and the Boardroom Study, which gathered opinions from more than 300 directors and 100 general counsels about their risk management concerns.
The full report was published as a supplement to Corporate Board Member magazine’s third quarter 2012 edition. Here are some highlights.
Companies are looking to expand operations and benefit from business opportunities in emerging markets, where prosperity is rising but operational risk is greater. Since operations have a direct impact on corporate performance, this risk is of great concern to those in corporate governance.
Both directors (40 percent) and general counsels (47 percent) in our survey were concerned about risks to their operations in emerging markets. However, nearly 60 percent of general counsel respondents say their boards are doing a decent job of managing risk in these markets; another 33 percent are neutral.
The presence of risk alone should not be a deal breaker in determining where to build and which markets to serve. Instead, directors must carefully weigh the risks against the potential reward, with input from management and the general counsel.
According to Neal Hochberg, Senior Managing Director and Global Leader of the FTI Consulting Forensic and Litigation Consulting practice, boards need sophisticated tools to help them weigh the risks and potential rewards of emerging markets. “To make informed decisions about these market opportunities, corporations increasingly are conducting proactive market risk assessments that identify and prioritize in-country risks,” Hochberg said.
Corporate Reputational Risk
Thanks to Twitter, social media and 24-hour news cable stations, a reputation that took years to build can plummet quickly. Details about executive compensation, labor disputes, product recalls and other corporate matters can be public knowledge in seconds. Not surprisingly, 40 percent of directors and 35 percent of general counsels note corporate reputational risk as a major concern, up from just 18 percent of directors and 25 percent of general counsels in the 2007 Law and the Boardroom Study.
In a related area, worry over business continuity and disaster recovery has increased. More than a quarter of directors and 35 percent of counsels say these are high-level concerns compared with 16 percent and 15 percent, respectively, just two years ago.
Cyber Strategy and IT Risk
Invisible, constantly changing and pervasive, data security risk is very difficult for boards to manage. Corporate Board Member magazine has reported that the median cost of cybercrime each year was $5.9 million per company. Not surprisingly, 55 percent of general counsels and 48 percent of directors rate cybercrime as a major concern, double the percentage from four years ago. The survey asked general counsels to rate how well their board is managing cyber/IT risk. One third (33 percent) of general counsels worry that their boards are not managing it well. In a related area, the survey measured business continuity preparedness and disaster planning in the event of a cyber attack. Only 42 percent of directors say their company has a formal, written crisis management plan in place to deal with such a disaster.
Despite these worries, 77 percent of the survey respondents say they think their company could detect a data breach if it occurred. Corporate Board Member Chairman TK Kerstetter says this overconfidence sets up a company for increased risk and that preparedness for cyber attacks should continue to be monitored.
“I hate to say this, but I think it is going to take several well-publicized security breaches before a supermajority of corporate boards finally embrace the fact that doing business today without a prudent crisis plan in place is a formula for disaster,” said Kerstetter. “Cyber risk and social media developments only increase the odds that a data breach will happen to your organization—so boards should take steps to protect their company’s reputation.”
Since the 2008 financial crisis, top executives’ pay has attracted both scrutiny and scorn. Even the merit of performance-based compensation — once the gold standard — has been questioned. Whether the sticking point is the dollar amount or how it compares with rank-and-file employees’ or other CEOs’ salaries, compensation is a delicate issue for every public company board. Boards must balance long-term incentive plans that satisfy shareholders and governance watchdogs and still reward and retain top executives.
While this issue is distracting, one thing is clear: Companies need open and effective communications about compensation matters. Survey results show that companies are focusing on this subject. The directors say they have improved communications with shareholders about the rationale for the compensation (64 percent), its metrics (59 percent) and the evaluation of peer groups (44 percent). More than three-quarters of directors give their general counsel high marks in how executive compensation issues are handled; 82 percent of the counsels give high marks to their boards. Yet it’s clear that general counsels feel they could offer more: Sixteen percent of general counsels say they are regularly excluded from committee meetings, most of them on compensation issues, where counsels believe they could contribute.
More companies than ever are using social media as part of their communications and marketing strategy, but the 2012 survey, the first to ask about social media, shows that respondents still are unfamiliar with the opportunities and risks that social media presents. Only 39 percent of directors say their company has a social media policy; 38% do not have a policy and the rest of the respondents don’t know.
The survey also asked respondents if their boards fully understand the risks of social media. A majority of directors (60 percent) say their board does not.
The international marketplace now touches just about every major domestic corporation somehow — through global distribution of products and services, overseas supply chains, offshoring or even cloud solutions for human resources. The Foreign Corrupt Practices Act (FCPA), which became law in 1977 but has expanded its scope since then, has given companies stricter standards for conducting business, especially in emerging markets, where bribery is more commonplace and may be an accepted part of doing business. While once affecting just a few multinational companies, the FCPA’s reach now extends to many U.S. companies. Siemens AG in 2008 was hit with $800 million in FCPA penalties for bribing foreign officials.
While compliance was a top-10 concern for the general counsels in our survey, most of our respondents say they are comfortable with their company’s oversight of FCPA compliance.
Less than half (47 percent) of directors are worried about government investigations, which is a bit surprising given the increased vigor of securities law enforcement since 2008.
In another compliance area, the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act has provided incentives for whistleblowers to expose financial wrongdoing in their companies. The vast majority (91 percent) of directors say they have instituted an in-house whistleblower hotline; 84 percent of directors and 80% of general counsels say the hotline helps reduce risk.
“This confirms that companies operating in today’s regulatory environment are taking a proactive stance to mitigate fraud and protect the enterprise,” said Hochberg. “Given the SEC’s [U.S. Securities and Exchange Commission] new whistleblower bounty incentives, now more than ever, companies must adopt standard practices to respond to hotline reports. Enterprises must act on a report quickly and confidentially through an independent internal investigation, with the aim of establishing employee confidence in the hotline and instilling an internal culture of compliance throughout the organization.”
Increasingly, worried shareholders are demanding more access to the proxy and direct contact with board members. In 2011, the U.S. Court of Appeals, D.C. Circuit, limited the powers of SEC Rule 14a-11, which would have given shareholders at all public companies a standard procedure for shaping the nominating process or proposing their own directors. While the rule’s provisions were curtailed, shareholders still can demand a say through a private ordering process. SEC Chairman Mary Schapiro since has stated that she would not appeal the decision but added that she remains committed to making it easier for shareholders to nominate candidates for corporate boards.
It is clear that shareholders will continue to push to be more involved. Several Law and the Boardroom questions asked respondents about proxy access, private ordering and ways companies manage their communications with shareholders. Roughly half — 54 percent of directors and 51 percent of general counsels — say they are comfortable letting board members address shareholders face to face; the rest of the respondents are not. The majority of general counsels (93 percent) and directors (89 percent) do not think it is a good idea to have an analysts’ session that allows shareholders to dial in and ask questions.
“One should not feel too confident that this will deter shareholders,” Kerstetter warned. “We expect more pressure from shareholder groups asking to speak directly with board leadership and committee chairs. Therefore, directors should discuss their company’s plan to improve its shareholder communications prior to the next proxy season.”
A significant number of directors are worried about risks related to mergers and acquisitions and the board’s relationship with investors, while a significant number of general counsels note concern with the management of outside legal fees and disaster recovery.
Directors were asked which types of information they most need in order to be as effective as possible. The areas receiving the most responses are strategic planning (88 percent), executive compensation plans (48 percent), board/management relations (41 percent), enterprise risk management (36 percent) and investor relations (33 percent).
Corporate Board Member, an NYSE Euronext company, is the leading information resource for senior officers and directors of publicly traded corporations, large private companies and Global 1000 firms. The quarterly publication, Corporate Board Member magazine, provides readers with decision-making tools to deal with the strategic and corporate governance challenges confronting their boards. Corporate Board Member further extends its governance leadership through an online resource center, conferences, roundtables and timely research.
The magazine maintains the most comprehensive, up-to-date database of directors and officers serving on boards of publicly traded companies listed with NYSE Euronext, NYSE Amex and the NASDAQ OMX Group Inc. stock exchanges.