By R. William “Bill” Ide III and Amanda Leech, Dentons Governance Center
With the ever present reality of cybersecurity breaches, there has been a tendency in board governance literature to treat cybersecurity risks differently than other risks facing the organization. In practice, however, boards have long been tasked with protecting their company from significant risks. While cybersecurity may appear to be a daunting new risk to many board members, the long-established “tried and true” board governance approach to risk oversight described herein works well and should be applied to cybersecurity risk.
Board duties generally fall within six categories: (i) governance (ii) strategy, (iii) risk, (iv) talent, (v) compliance, and (vi) culture. With respect to cybersecurity, the board’s duties in each of these categories play a critical role in effective oversight of a company’s cybersecurity program.
Read the rest of this entry »
By Jim Barrall, Partner, Latham & Watkins LLP
In Calma v. Templeton, the Delaware Chancery Court recently denied a motion to dismiss a lawsuit brought by shareholders against Citrix Systems and its directors which alleged that Citrix’s directors had breached their fiduciary duties by paying the company’s non-employee directors excessive compensation from 2011 through 2013. The key holding of the decision is that Delaware’s “business judgment” rule, which affords directors of Delaware corporations discretion in making business judgments and substantial insulation from liability for their judgments, did not apply in the case because the directors were “interested” in the transaction, which therefore required that their decisions be reviewed under the substantially more demanding “entire fairness” standard. The Court also held that the board’s compensation decisions were not “ratified” by the company’s shareholders, notwithstanding that the shareholder-approved “omnibus equity” plan under which their equity was awarded contained conventional (and very high, IRC Section 162(m) driven) limits on the amount of equity that could be awarded to any individual in a single year, because the limits were not “meaningful.” In our Latham & Watkins Commentary, Director Compensation after Calma v. Templeton: Proactive Steps to Consider, we analyze the Calma decision and describe steps that companies should consider taking in the wake of the decision.
Here are my thoughts on how Calma may affect companies, director compensation and corporate governance practices going forward:
Read the rest of this entry »
Now that the rush of proxy season is over for most of you and summer is soon approaching, I thought it might be interesting to reflect on some bigger picture issues. Our friend of the governance center, and former general counsel of Wal-Mart, Tom Mars, has some good advice I thought worth sharing:
Thomas Mars Slides
By R. William “Bill” Ide III and Crystal J. Clark
Shareholders are being prodded by peers, governance “thought leaders,” the media and others to obtain disclosures from boards of directors on their oversight of cybersecurity. Certain pension funds have sent extensive, joint questionnaires to directors of public companies seeking detailed information as to the cybersecurity oversight systems and controls in place. Our view is that until the SEC provides further guidance, companies will generally find it in their interest to respond to such shareholder inquiries. Such disclosures, however, should be kept at a high level to demonstrate appropriate awareness and attention, while not disclosing specifics that could compromise the company’s cybersecurity strategy or raise issues under Regulation FD. Read the rest of this entry »
By Marcel Bucsescu, Assistant Director, Governance Center, The Conference Board
Recent high profile cyber breaches at Anthem, Home Depot, and Sony remind us just how dynamic, complex, and rapidly evolving cyber security and the management and response to those risks is. Every day, email inboxes are flooded not just with phishing emails and other scams, but also with marketing blasts to solve cyber and tell directors everything they need to know. A huge industry is developing around cyber security, preparedness, and response. But managing risk is not a new challenge for management and boards. Every once and a while, it is helpful to ground ourselves. Recently, the general counsel of a Fortune 500 company shared a memo with me that they had prepared for the board. This memo serves as a reminder that the new and evolving threats that companies face today exist within a legal framework. And while there are many unknowns with cyber risks, the role of the board is still rooted in the basic duties of care, loyalty and good faith to the corporation. Read the rest of this entry »