Welcome to BoardExpert

This blog is intended to be a governance resource and source of current governance commentary, offered by a corporate governance academic engaged in research, teaching and other ongoing academic activities. There is a very public element to the governance field, and it is hoped that this blog will contribute to the public discussion of current governance issues. It is also hoped that it will address a need in the governance field by presenting a holistic online approach to the topic. There is a rapid rate of change in the field of governance (public, private, government and not-for-profit entities) and developments in internet technology move swiftly. This governance gateway offers resources for a broad variety of stakeholders including: [...more]




Twenty Anti-Fraud and Corruption Governance Red Flags

The following reflect my work in assisting regulators and enforcement authorities, and research on governance in companies that have been accused of fraud, bribery, corruption, and other malfeasance such as harassment, nepotism, expense reporting, and excessive compensation. I also draw on my interactions with, and guest lectures by, fraudsters who are currently in prison or who have served time in prison, and experts such as forensic accountants.

Here are the red flags, as I see them, in problematic companies and boardrooms that may contribute to fraud and other malfeasance going undetected or undeterred. Drawing on a speech I gave this month to a bribery and foreign corruption conference, and an earlier speech to corporate directors, the red flags are, in no particular order:

  1. Independent oversight functions (audit, compliance, risk) either non-existent or reporting to senior or operating management.
  2. A board lacking in risk, international and relevant industry expertise, and paucity of audit committee know how of how fraud is or may be committed.
  3. A whistle blowing procedure that is neither anonymous nor protected.
  4. A board that does not believe it sets tone at the top. A tone that is not equal and consequential.
  5. A focus on rule and legal correctness, not spirit and intent. Failure to account for exogenous shock, stress, and a different frame of analysis. Directors not speaking up.
  6. Complex design being approved by directors. Directors approving when management does not fully tell them the counter-argument, and directors do not ask (know), or press.
  7. Captured, conflict-seeking, self-dealing, over-compensated, over-tenured directors and gatekeepers who are not objectively independent.
  8. Immature risk management, non-investment in information technology, and defective or non-existent controls, particularly non financial, reputational and behavioural.
  9. Defective, non-existent, or dominated internal audit function.
  10. Lack of culture and reputation control assurance to the Board. No understanding of tone in the middle, or toxic or bullying work culture.
  11. Non-audited compensation, and improper incentives (quantitative, financial, short-term) that incent risk-taking behaviour. Unconstrained risk-takers and a complacent board.
  12. Clawbacks not at correct threshold of ethics or risk. Lack of risk-adjusted compensation.
  13. Charismatic, dominating, and/or stretched CEOs and CFOs, including distracting external activities, personal issues, living beyond their means, not tasking vacations, and undue attention to accounting.
  14. Ethical code poorly designed, controlled, monitored, enforced, assured and reported to the board.
  15. Lack of documentation with explicit limitations and thresholds for material risks, cascading to emerging markets and key suppliers.
  16. Lack of executive sessions, with only independent directors, and with only internal oversight functions (audit, risk, compliance).
  17. Lack of due diligence and integrity controls at the hire or contract stage. Lack of integrity controls over senior management, and capacity for over-ride.
  18. Non-zero tolerance of facilitating payments. Mixed message sent by the board.
  19. Lack of independent, expert validation (board, risk, controls) reporting directly to the board.
  20. Weak or corrupt host country auditors not vetted or overseen by the audit committee, and lack of availability and translation of documents.

Do you recognize any of the above red flags? On a board or in a company of which you serve? Allegations of wrongdoing can put assets and reputation at risk. Regulators have enormous power, and are focusing their sights much more on the role a board plays, or does not play, in overseeing the affairs of the company.

Technology-Ignorant Boards Are Costing Shareholders Billions: What Should Boards Do Differently?

Five years ago, social media was perceived by many to be a passing fad. Then came the introduction of tablets and mobile devices. Now, cyber security has emerged as one of the greatest threats facing Anglo-American corporations. It is front and centre in the minds of directors, or should be.

In the area of technology, are boards fulfilling their duty of care in overseeing management and protecting shareholders’ investment? Indicators are that many boards and directors may not be. Plaintiffs’ lawyers are suing companies and their boards over technology failure. Here are some recent statistics and trends:

  • “Our entire lives are on the internet,” according to FBI Director, James Comey, adding “The internet is the most dangerous parking lot imaginable”;
  • “Social media is the number one activity on the web,” according to Belle Beth Cooper in a Huffington Post article;
  • The average user picks up their device 1,500 times a week, and reaches for it at 7:31am each morning, according to MailOnline;
  • The average smartphone owner uses his or her smartphone for three hours, sixteen minutes, each day;
  • Cybercrime constitutes the “greatest transfer or wealth in history,” according to the National Security Agency’s General Keith Alexander;
  • Russian hackers initiated almost 2.5M attacks in a month, followed by Germany and Taiwan, in the Province of China, according to a 2013 report by the Centre for European Policy Studies;
  • Only 13% of companies have BYOD (bring your own device) policies, according to a 2014 report by Ernst and Young;
  • Fewer than 50% of companies use encryption techniques for devices;
  • 38% of companies do not address cloud risks;
  • “Only 56% of companies conduct penetration tests, and 19% fail to test at all,” according to an Ernst and Young report;
  • Less than one-third of boards are addressing risk management in relation to IT operations or computer and information security, according to a 2012 report from Carnegie Mellon; and
  • “Most policies currently in place,” “are too weak to reasonably ensure that systems are not breached,” according to a 2014 NACD (National Association of Corporate Directors) report.

What should boards of directors be doing to exercise their duty of care over technology risk, including social media, BYOD, and cyber security?

  1. “You have to own this problem as a leader,” in the words of Admiral Michael Rogers, Director of the National Security Agency. You do not need to be an expert in technology as a director, but you now need to be literate and informed. If you are not, then get educated. Request a glossary of acronyms from management as a start. There are several leading standards and frameworks from which to learn, including the National Institute for Standards and Technology; ISO/IEC 27032 Guidelines for Cybersecurity; the SANS Institute for Critical Security Controls; and the IoD and NACD in London and Washington. If your board lacks information technology expertise, consider putting this on your competency matrix for director recruitment. If you are in a key industry such as financial services, retail, utilities, defense or health care, technology should be represented at the boardroom table. If much of your company’s business model resides on the Internet, consider having a separate technology and strategy committee.
  2. Examine your committee structure. If your audit committee oversees the substance of all risk oversight, you may be at risk if committee members lack recent and relevant information technology and risk expertise, or are overworked. All material business risks, financial and non-financial, should be covered off and mapped to one or more board committees, and these risks should be made explicit within committee charters and board guidelines, including technology, reputation, operations, and heath and security risk. The audit committee is not necessarily qualified to oversee non-financial risks, including terrorism.
  3. See technology risk as a broader enterprise risk, and as a strategic and business imperative, not a narrow technology issue. Regulators should be requiring your board to approve the risk appetite framework, which includes explicit internal controls, assurance, reporting, and limitations. Ask management to see the real-time, prospective internal controls over technology risk, in writing. This is where many companies are weak, and if you are, you should see this gap and ensure it is remedied as a director. This is not micromanagement, but good oversight.
  4. Understand and demand information on the internal controls over social media, BYOD and cyber crime. This will facilitate a learning curve to question management, including over training, education, acceptable use, mobile device management, risk and control assessment, situational awareness, threat and vulnerability risk management, and cyber security incident management and governance. Does management show you internal control results over each material risk, including their interactions, and how each risk is identified, controlled and assured? Are you satisfied? Do you have a good dashboard? Does risk culture support cyber security? (Human error and carelessness are big risks.) A recent NACD survey showed a quarter to a third of directors were unsatisfied with the quality and quantity of IT information.
  5. Obtain third party assurance if you have any doubt about how technology risk is being mitigated, or of the strength of the technology and assurance bench. Are you satisfied with the IT, risk management, and internal audit bench strength? These are your eyes and ears. You may need to direct changes and resources. Do you have the power, within your board and committee charters, to request an independent audit of technology risk? Do you exercise this responsibility? If you are blocked by management, this is a red flag. Do you meet separately with risk, compliance and audit to assure cyber security risk?
  6. Information technology risk, compliance and auditing should functionally report to you as a board or committee, not senior or operating management. Senior management should no longer own the risk function. The chief risk officer, the chief compliance officer, and the chief audit executive, should now be independent and report functionally to the board and its committees, not senior management such as the CEO or CFO. This means that the work-plan, independence, resources, reporting, compensation and succession of these three functions (risk, compliance and audit) are now recommended by committees and decided by directors, not management. Do you practice the foregoing? If not, you could be the last to know for a major technology breach and the resulting reputational and financial loss. Experts will scrutinize how you directed reporting and assurance.
  7. Management may be adverse to spending what is needed, and the imposition of internal controls over technology, including those that are reputation or behavour-based. This is why risk oversight rests with the board. Your job is to understand, identify, and oversee, not to manage. The budget, talent, resources, reporting, assurance and disclosure of enterprise risk mitigation, including technology, should rest with you. Information, documentation and informed, best practice and precise questions are your management influence and oversight touch-points.
  8. Become engaged. If you have one or more laggard directors who resist technology or keeping current, these intransigent directors are compromising the governance of the company and should be addressed or replaced, especially if they are on or chair key committees. Good boardrooms are now paperless, and good directors use devices and social media with acumen.
  9. Have technology stress testing. Do you direct management to implement and report on scenario testing and mock exercises over social media attacks and cyber breaches? When it happens, it is too late.
  10.  Most of all, protect your company’s crown jewels. Think like a hacker. Protect the perimeter, but once inside, are your company’s valuable assets still protected? How? Agree on a platform and framework and direct management to have an action plan and target date for full implementation.

Tis the Season to Prevent Cyber-Hacking

What are best practices individuals can employ to lessen the chance of hacking of their computer or device?

Here is a quick “top 20 list,” based on part of an education session I have been providing to directors of company boards on cyber security.

  1. Never click on unknown or non-credible emails, attachments or downloads.
  2. Never click “save password.”
  3. Never use the same password across multiple devices or accounts.
  4. Use smart, strong passwords, and regularly update and change your passwords.
  5. Have a second credit card that you use online, with a low limit.
  6. Use two-step authentication whenever possible.
  7. Install firewalls on all your computers and devices.
  8. Always update your software.
  9. Always logout at the end of your work-time.
  10. Always install anti-virus, anti-spam and anti-spyware or adware programs.
  11. Use only your own computers and devices.
  12. Never leave your device or desktop computer unattended or accessible.
  13. Have a professional validate all of the above and never give your password out.
  14. Cover any cameras that are not in use.
  15. Browse anonymously whenever possible.
  16. Use secure, encrypted connections: https where “s” means “secure.”
  17. Resist unencrypted, public wifi hotspots.
  18. Back up your data in real time, twice as a fall-back.
  19. Be careful what you store or send (crown jewels).
  20. Always use a document shredder.

“Our entire lives are on the internet,” according to FBI Director, James Comey, adding “The internet is the most dangerous parking lot imaginable.”

Russian hackers initiated almost 2.5M attacks in a month, followed by Germany and Taiwan, in the Province of China, according to a 2013 report by the Centre for European Policy Studies.

The greater individuals are aware of steps that can be proactively taken, the less the chance that your property or data can be breached.

2015 Trends and Answers in Corporate Governance

2015 is shaping up to be a year where boards, once again, will be under intense pressure and scrutiny to get it right. Here is a list of trends and key issues, along with what boards are or should be doing in response.

1. Greater Director and Advisor Independence

Pressure:

A director or professional advisor can be formally independent, and yet captured inside the boardroom. Forms of capture reported to me include social relationships, donations, jobs or contracts for friends, perks, vacations, office use, director interlocks, supplier or customer relations, and excessive tenure and compensation. Look for more regulators implementing term limits and moving towards an objective standard of director independence. Look for activists going into the background of directors to demonstrate the capture. Look for investors focusing on the origination of each director and service provider, which is to say how he or she came to be proposed, to address social relatedness.

Answer:

Boards can protect themselves by terminating any director or professional advisor who cannot be reasonably seen, by directors themselves and more importantly by an outsider, to be independent from management in their oversight and assurance roles. Assume what boards know internally is what is or will become known externally. This trend towards tighter independence standards will continue: For example, internal oversight functions should also now be independent from senior and operating management, and that includes the risk, compliance and audit functions, who now should report functionally to the committees and board. Any director or external or internal advisor to the board or a committee should be, in law and in fact, independent of all reporting management or any other adverse interest, in order to be free to make recommendations that run counter to that of management. A board fully protecting itself would also require a third party anonymous review of director and advisory independence annually, and acting on the results. Directors know who is captured and there should be a mechanism for this to come through.

2. Better Board Composition and Diversity

Pressure:

Regulators are moving towards prescribed competency matrixes; the production of curriculum vitae (not perfunctory short bios); and interviews with directors and oversight functions to determine whether these individuals are fit for purpose. Activists are searching director backgrounds and track record to determine alignment between competencies and the business model and strategy of the company. Regulators are legislating board renewal and diversification, through quotas or the production of measureable objectives covering recruitment to retirement.

Answer:

Competency, diversity and behaviour matrixes should: flow from the purpose of the board and the strategic and oversight requirements of the company; be established by the nominating committee; and be independently designed and validated to ensure recent and relevant expertise is possessed by each director. The diversity policy should extend the prospective director pool to previously unknown directors and who may be joining their first board (80% of directors are on one board only). Tenure limits and excessive directorships (beyond two) should now be policied and capped (the average board position is 300 hours). Robust matrix analysis and director evaluation should occur by the nominating committee and its independent advisor, not management. The board should extract directors who do not possess relevant and recent competencies or desired behaviours. (See boardroom dynamics, below, for a separate discussion of director behaviour.)

3. Risk Governance

Pressure:

Plaintiff’s investor lawsuits and proxy advisory firms are targeting directors at risk for oversight failure. Regulators are imposing onerous risk coverage requirements on directors that require oversight of internal controls, risk-takers and limitations. Lack of understanding of social media, bring your own device, and cyber security are contributing to enormous investor loss and brand impairment, as an example of technology risk. Recent risk failure by boards also includes sexual harassment, safety, security, technology, bribery, fraud and reputation.

Answer:

Boards should now have directors possessing risk expertise, as regulators are requiring this. The identity of these directors should be disclosed. Every company should board-approve a risk appetite framework, including internal control reporting and independent, coordinated, assurance over controls mitigating each risk and their interactions. Directors using technology dashboards should oversee risks prospectively. Hiring of risk, compliance and audit functions should occur, reporting to the audit and risk committee. Known limitations should cascade throughout the organization, and back up to the board, with ease, including within each market in which the company operates, and to key suppliers. Annual third party reviews should occur, reporting directly to the board and audit and risk committees. Board and committee charters should have coverage over each material risk, financial and non-financial. Audit committees that oversee substantive non-financial risks may be a red flag. There will need to be significant investment and restructuring of reporting relationships for the foregoing risk governance regulation to occur.

4. Compensation Governance

Pressure:

Media and public pressure over the quantum and alignment of executive pay have resulted in regulation over: compensation committee and advisor independence; say-on-pay; proxy advisors; and pay ratios; but not over pay-for-performance (most important) and clawbacks, yet. Certain public regulators have become more aggressive, targeting the quantum of pay. Financial regulatory focus is on the delivery and alignment of pay. There is a modest, but will be a growing movement once full regulation occurs, moving from (i) short-term, quantitative, financial pay metrics, relying on comparator inter-company benchmarking, which exacerbates pay unrelated to performance, to include (ii) long-term, qualitative, non-financial pay metrics, with customized, risk-adjusted pay delivery commensurate with internal value creation and shareholder return.

Answer:

Boards should engage directly with long-term, major shareholders on their pay plans, without management influence. Clawbacks should be restructured or implemented based on risk management and ethical failure, not fraud, using an independent advisor not the company lawyer or management-retained counsel. Boards should approve key performance metrics based on an explicit full business model invoked from the strategy. 75% of the performance metrics reflecting the firm value chain should be leading and non-financial indicators. Peer benchmarking should be balanced with the foregoing pay principles and long-term alignment with the product cycle of the company (five to seven years, not three). Non-financial leading metrics such as innovation, value and quality, and financial metrics such as balance sheet and capital treatment and returns, should be incorporated into pay plans that have a line of sight to management performance, without any unjust exogenous enrichment. There is much work to be done here, and more regulation is expected in 2015 and 2016.

5. Greater Shareholder Accountability

Pressure:

Look for activism to grow unabated, and institutional shareholder and even regulatory support of proxy access in 2015, giving greater control to shareholders over director selection and removal. Look for further shareholder assertion of rights and coordination over the targeting of below-average management supervised by complacent boards. Look for shareholder focus on director mindset, track record, and lack of management capture or self-interest. Look for continued attack on entrenchment devices by management and their retained advisors to insulate under-performers.

Answer:

Camera-ready boards should implement private, candid, executive session meetings with long-term shareholders to discuss governance, risk, pay, and value creation. Investors and boards should focus on company performance in comparison to peers, and superior governance that exceeds the minimal. This includes background of directors. Independent governance auditors should be retained to provide an activist point of view, ahead of a possible attack. Any advisor to the board on shareholder engagement should be independent of management.

6. A Focus on Strategy and Value Creation Focus

Pressure:

Activist and, increasingly, good board focus is on the value creation plan, monitoring, and holding management responsible for its achievement. Complacent or inexperienced boards incapable of directing an under-performing, ineffective or inefficient management team are being targeted. Weak or legacy chairs and directors are also targeted. Excessive or non-performance based compensation is a red flag for governance intervention.

Answer:

Good boards are becoming engaged, focused, results-oriented and disciplined. Agendas and committee structures are being revised to focus on strategic primacy and value creation. Robust debate and review of the plan is the primary board agenda item each meeting, and strategic practices are adopted, such as, among others, that at least one presentation each meeting from key personnel below the senior level, on that person’s role in the value maximization plan, and a full discussion of progress to date in that regard. However, board renewal is not reflecting this structural and deeper board focus, yet. Ill-chosen directors are still unable to add value strategically, my applied research suggests. There remains ample opportunity for activist intervention.

7. Information Technology Governance

Pressure:

Rapid technology advancement has created opportunity and risk. There is profound technological ignorance by many or most boards that is creating an inability to direct and oversee management. Cyber security, bring your own device, and social media are just three IT risks that, reviews indicate, have deficient or non-existent internal controls, which in turn causes privacy breach, reputational damage, and significant investor loss. Plaintiff’s lawyers are suing boards, correctly alleging breach of duty of care. Regulation is not keeping up with cyber-threats and hacker advancement.

Answer:

Boards should be IT literate, agree on the standard and platform, and direct management to have an action plan and target date for implementation, covering crown jewels; assuming penetration; and including internal controls over behavior and human error. Boards should control the budget, talent, resources, reporting and assurance of IT risk as part of broader ERM (enterprise risk management) and strategic risk. Scenario testing, mock attacks, and expert assurance should be board-reported. If management resists third party validation, this is a red flag for any board.

8. Board Performance Audits

Pressure:

Regulation, activist, technical and public pressures are augmenting the objective standard of care for directors. Director action (or inaction) will be visible and risk liability or other loss post failure. Resourced and sophisticated investors are a particular threat, as are regulators. Complying with basic practices is no longer adequate assurance or protection for boards, as capture, entrenchment, self-dealing, complacency and non-performance have all been shown to occur within existing governance frameworks. Governance failure, including bribery, corruption, cyber and under-performance, have occurred at companies whose governance has been said to be exemplary.

Answer:

Good boards and regulators are moving towards independent, internal and deep reviews over the board, risks and internal controls, similar to financial audits. Just as management cannot assure its own work, neither can boards assure a self-review. A well-chosen third party or independent internal auditor provides boards with advance warning on precisely where their vulnerabilities and weaknesses are. An expert audit within an activist and emerging regulatory framework is a wise use of time and resources.

9. Tone at the Top – and Now in the Middle

Pressure:

Long arms of regulators are now able to hold boards vicariously responsible for fraud, bribery and other forms of corruption at deep levels within and even interacting outside their organization. The distraction, assets put at risk, and reputation damage can be significant. “Tone in the middle,” culture, and imprudent risk-taking are the new warning signs on which sophisticated boards are requesting concrete assurance, to ensure directors are not the last to know.

Answer:

Resourced boards are instituting: confidential and incented whistle-blowing procedures; audits of internal controls over culture and reputation; and amnesty, among other best practices, to ensure bad news rises. Explicit and monitored thresholds for the board-approved risk appetite framework are being instituted, along with a line of sight by the board that compensation is not driving bad behaviour. Due diligence, climate, values, spot audits, and the code of conduct are all being independently reviewed and reported to committees and boards, without interference or funneling of reporting management. Good boards are much less tolerant of ethical lapses or management blockage.

10. Boardroom Dynamics

Pressure:

Lastly, the board must gel as a team, and, as a team, control management. Any behavior gap – undue influence, reliance, dislike, dysfunction, or even contempt – by one or more directors or managers, introduces information and oversight asymmetry that can and does lead to governance failure. Every seat at and reporting to the board table matters. The pressure here is a toxic or under-performing director who refuses to resign out of self-interest, or a board allowing integrity breaches and leadership shortcomings by an officer to continue.

Answer:

Good boards: have behavior matrixes and performance reviews that define and rate behaviours at the board table; have peer reviews and mentoring that develops and refines behaviours; and act on the results regardless of profile or tenure. Due diligence, background checks, interviews, and assessments are all becoming commonplace. Personality testing is also developing.

Conclusion

There have been more governance change occurring in the last five years than in a generation. Enron, WorldCom and other implosions in 2001-02 are very different from the global financial crisis of 2008-09, which: was systemic, involved banking, and required broad government intervention. There is a regulatory and investor appetite for broad and deep governance change. The above ten changes and responses are touch-points for where governance change is happening the most. Boards and management teams are only about 40% through digesting all of the above reforms, and there are more to come in 2015.

Canada’s Corporate Governance Guidelines Are Out of Date, Part 2

Following up from last week’s blog, I argued that Canada’s corporate governance guidelines were out of date because of: 1. Lack of principles and practices; 2. Lack of focus on risk management; 3. Lack of independence of mind; 4. Lack of industry expertise; and 5. Lack of shareholder engagement, here are reasons 6-10 that our Guidelines need an update:

6. Lack of shareholder engagement: The words “investor” and “shareholder” are mentioned once each, in a perfunctory manner, within the 2005 Guideline. Shareholders own the company and regulators and investors are explicitly providing context now: for investor input on director selection; for engagement and dialogue between investors and directors; and for the use of technology in shareholder communication and annual meetings. The foregoing are all absent from the Guidelines. Canada has still not adopted “say on pay,” which has also been a catalyst for shareholder engagement. The US, UK, Australia, Germany, France and other European countries either have say-on-pay or are moving rapidly in this direction. Canada is a laggard.

7. Lack of focus on strategy and value creation. “Strategy” is mentioned only once within the entire Guidelines, and that is that the board should approve a strategic planning process, and approve, at least annually, a strategic plan. It is hardly surprising that many boards short-change strategy at the expense of compliance. This requirement of once a year essentially marginalizes a board in its strategic role. When I interview top directors who add value strategically, the strategic oversight and involvement by boards are much more focused and engaged. There are strategic best practices here that would enhance the performance and value creation that a proper board can make. Regulators drafting this guidance should have experience creating listed company value.

8. Lack of focus on sustainability: The word “environment” or “sustainability” is not mentioned at all in the 2005 Guidelines, a noticeable omission. Australia’s emphasis on economic, environmental and social sustainability risks, within its Corporate Governance Principles and Recommendations, is second to none, as is South Africa’s focus on “integrated sustainability reporting” within King III. This omission is especially noticeable given investor focus on the environmental, social and corporate responsibility. The lack of environmental stewardship and response to climate change is also a broader issue. Canada is also a laggard here.

9. Lack of compensation guidance: The regulatory movement from short-term, quantitative, financial metrics, to risk-adjusted, long-term, qualitative, non-financial metrics for executives is absent from the Guidelines, as is guidance on non-executive remuneration. Investors, regulators and good boards are focusing on leading performance metrics that reflect the entire business model and value chain (most of which is non-financial), and that are longer-term in nature.

10. Lack of focus on the chair of the board: Lastly, but far from least, the position of the board chair has undergone a metamorphosis since 2005. There is no guidance at all offered on the role, responsibility and attributes of an independent chair, within the Guideline. Other codes offer extensive guidance on skill-sets and responsibilities that and on which the chair should possess and execute. Without this regulatory guidance, a chair (and committee chairs) can be bullied or unduly influenced by dominating reporting management such that they are rendered ineffective, albeit formally independent. More guidance is needed. Chair position descriptions should not be drafted by management lawyers or management-retained lawyers.

 

Conclusion

 

Does Canada improperly have a false sense of governance superiority? Perhaps so. But in this rapidly changing field, if you rest, you are left behind. Nine years is sufficient rest.

 

There are arguments (i) by industry and advisors to management that corporate governance in Canada is not broken so does not need to be fixed; and (ii) by regulators who complain of scarce resources and how difficult it is with fragmented securities commissions and the diversity of Canadian companies. I have never been persuaded by these arguments.

 

To address the second argument, what is required is leadership and political will. Premier Kathleen Wynne’s and the OSC’s Maureen Jenson’s emphasis on gender diversity have resulted in nine jurisdictions collaborating and endorsing recent changes to the disclosure of gender diversity, term limits, and measureable objectives, for example. To address the variety of Canadian companies, South Africa’s King III Code applies to all types of companies (public, private, state and non-profits). The issue is one of drafting.

 

To address the first argument, namely the arguments by industry, regulators should be conscious of undue influence by reporting management and service providers, whose internal power, business model, or commercial interests may be disrupted by governance rejuvenation. The primary consideration for policy renewal should be evidence-based policy and international consistency with best practices. Regulators should also guard against potential conflicts of interest and regulatory capture, by themselves, including those individuals within regulators who intend to return to private industry, or who have other close association with regulated companies. Regulators should also guard against those provincial regulators who oppose reform on the basis of extraneous and non-relevant considerations, such as a desire to maintain turf.

Richard Leblanc is a Principal at Boardexpert.com. He can be reached at rleblanc@boardexpert.com.

Canada’s Corporate Governance Guidelines Are Out of Date

In my teaching and research, I no longer use “NP-58201 Corporate Governance Guidelines,” June 17, 2005 (“Guidelines”), that apply to publicly traded companies in Canada, as an example of exemplary corporate governance. I regard them as stale and dated. I cannot think of another developed country that has not updated its governance guidelines in almost 10 years. There have been more changes to governance since the financial crisis of 2008 than in a generation. And we are only about half way through all of them. Canadian regulators – including all provinces and territories – need to keep up, and step up.

Here are the deficiencies to the Guidelines as I see them:

1. Lack of principles and practices: Our Guidelines are four pages long. The UK’s new Code (September 2014) is thirty-six pages. Australia’s Principles and Recommendations (March 2014) are forty-four. South Africa’s “King III” (2009) is sixty-six pages, to pick only three examples. Quantity is not necessarily quality, but by having such succinct guidelines, the opportunity to set out (i) best practices that (ii) achieve the objective of principles is gone. It is comply or explain against a perfunctory unitary guideline, which can be – and is – gamed by reporting management. There should be more robust guidance, where the regulator explains various ways good governance can occur, from which listed companies can pick and choose according to their circumstances.

2. Lack of focus on risk management: Take risk for example. The Canadian Guidelines simply state that the board should identify principal risks and ensure appropriate systems are in place to manage these risks. I have no idea what this actually means, nor may directors. Risk management oversight now involves an explicit risk appetite framework, internal controls to mitigate, technology, limitations, and assurance provided directly to the board and committees by independent risk, compliance, and internal audit functions. None of these practices, which are very much addressed by other regulators, appear in the 2005 Guidelines. Consequently, many public companies have immature risk management, especially in addressing non-financial risks such as cyber security, operations, terrorism and reputation. Regulatory inaction has an effect. Even a forward-thinking director may be blocked by intransigent management to devote greater resources to mitigating risk because of inadequate regulation.

3. Lack of independence of mind: In Canada, a board can subjectively believe a director to be independent, but this belief need not be independently validated, nor tied to any objective or reasonable standard. Nowhere else can a conflict of interest lack a perceptual foundation. As a result, directors tell me how colleagues are compromised by an office, perks, vacations, gifts, jobs for friends, social relatedness, relations to major shareholders, excessive pay, excessive tenure, interlocks, and other forms of capture. If a director or chair is captured, they are owned by management and totally ineffective. If there is a difference between regulatory independence and the independence of mind of directors, the fault lies with the regulation. Regulators should implement an objective standard of director independence, not a subjective one.

4. Lack of industry expertise: It was admitted in open forum that the original 1994 committee did little research. Sufficient industry expertise on boards is glaringly absent from the Guidelines, and consequently in many boardrooms. We are suffering from an independence legacy, perpetuated by entrenched directors, and unsupported by academic research. For example, in Australia, two academics claim has cost their country’s decline in shareholder value between 30 and 50 billion Australian dollars (“Does “Board Independence” Destroy Corporate Value,” by Peter L. Swan and David Forsberg).

Fraud, meltdowns and underperformance such as Nortel, RIM and CP all had a paucity of industry experts on their boards, including, most recently, Tesco in the UK. JP Morgan at the time of the risk management failure did not have a single independent director with banking experience. Prior to Bill Ackman’s involvement in CP, not a single independent director had rail experience. I recently assessed a similar board and not a single director had the necessary industry experience. The Guidelines should require relevant industry expertise on boards. I recommended this to OSFI when I was retained by them to examine their earlier guidelines, and this is now the law for all federally regulated financial institutions, along with risk expertise being present on boards.

5. Lack of financial literacy and internal audit: There is no requirement to be financially literate to sit, initially, on an audit committee of a Canadian public company. This presumes someone can acquire financial literacy as opposed to having it to begin with. There is also no requirement to have an internal audit function for a Canadian public company. This should also change so audit committee members hit the ground running, and there should be a comply or explain approach to internal audit. In many compliance failures, there is a defective or non-existent internal audit function, with a weak audit committee lacking recent and relevant expertise. Regulators are now moving towards “independent coordinated assurance,” which means that reporting to, and functional oversight by, the board and committees are fulfilled by internal and external personnel who are independent of senior and operating management, including, most importantly, an effective and independent internal audit function.

Join me next week where I will talk about 6-10, including: lack of shareholder engagement; lack of focus on strategy and value creation; lack of focus on sustainability; lack of compensation guidance; and lack of focus on the chair of the board.

The Corporate Governance Game Changer That Needs to Come To Canada

I teach my students and counsel board clients that shareholders elect directors; directors appoint managers; directors are accountable to shareholders; and managers are accountable to directors. This is largely theoretical.

Here is the reality: Shareholders: (i) cannot select directors; (ii) cannot communicate with directors; and (iii) cannot remove directors, by law, without great cost and difficulty. Therefore, directors are largely homogenous groups who are selected by themselves, or, worse yet, management.

Addressing the foregoing is the one piece of reform that will change corporate governance and performance for the better. The rest is, as they say, window dressing.

I have encouraged institutional investors and regulators to consider advocating what is known as “proxy access.” This means that a shareholder, or a group of shareholders, who (i) own a modest, minimum threshold of shares (say 3%, although the percentage could be higher or lower, or floating, depending on the size of the company); (ii) for a period of time (say 3 years, although the time period could be shorter); (iii) can select up to 25% of proposed directors, of the total board size, in an uncontested election (meaning a change of control is not desired by the shareholders) in a given year.

When shareholders “select” their nominees for the board, these directors would be alongside, in the management proxy circular, in alphabetical order, with profile parity (short bios and areas of competency), the management slate of directors. Management would be obliged to include shareholder-nominated directors, at a cost to the company, not shareholders, if the above ownership and time requirements are met. There would be no costly proxy battles or dissident slates. There would be no undue influence by management to marginalize shareholder-nominated directors within or outside of the proxy. Rules of the road will be set.

Then, shareholders get to decide, as they should, on the best directors from among the management-proposed and the shareholder-proposed directors. Ideally, the selection should be as blind or neutral as possible. The focus should be solely on the qualifications, competencies and track record of the proposed directors for election at that company. May the best directors win, as should be the case in any election, versus a slate of management-nominated directors, which is the case now. Under this new regime, there will be winners and losers. The practical effect may be that legacy or unqualified directors may withdraw from this scrutiny, as Canadian Pacific directors did at the time of shareholder Pershing Square’s involvement. This is not an undesired outcome and creates a market for the most qualified directors to rise to the top.

When proxy access was proposed by the Securities and Exchange Commission (SEC) in the US, management and lawyers who work for management used shareholder money to fight proxy access proposed under Dodd Frank, and won in the US Court of Appeals, on the basis of an inadequate cost benefit analysis. (Canadian investors and regulators should learn from this experience.) Proxy access now is left to companies on a one-off basis, rather than being system wide. Meaningful proxy access has only occurred at a small number of companies as a result. The SEC should revisit proxy access. Industry Canada is currently looking at implementing proxy access at the 5% level for all federally incorporated companies.

Opponents to proxy access argue that shareholders selecting directors will propose special purpose directors or directors who lack the background or experience. The evidence is the opposite. Shareholders are better at proposing directors who have the shareholder track record and industry expertise that the current board lacks. Recall Canadian Pacific, where not a single director possessed rail experience prior to shareholder involvement. There are other examples at Hess, Office Depot, Darden, Bob Evans, Abercrombie and Occidental Petroleum (see Field Experience Helps Win Board Seats), where shareholder-advocated directors were either better than incumbent ones, or caused the renewal of management-advocated ones. A director qualification dispute is welcome and will focus the lens on competencies of directors, including industry expertise, which is a good thing. Ann C. Mule and Charles Elson report in “Directors and Boards” that “One study concludes that more powerful CEOs tend to avoid independent expert directors.”

Herein lies the real resistance to proxy access: Management does not want it, and, the record shows, will fight vigorously to resist it. Management-retained advocates hired to oppose proxy access should disclose whom their client is. Directors however, when deciding to support proxy access, or not, should not be beholden to management, nor their advisors, nor act out of self-interest in entrenching themselves, but should be guided only by the best interests of the company, including its shareholders. There is evidence that the market values strong proxy access positively, leading to an increase in shareholder wealth. If a director possesses the independence of mind, and the competency and skills to serve on the board, they should welcome proxy access. It will mean that the under performing directors on the board will be ferreted out, and current directors can avoid this uncomfortable task. Shareholders and the new competitive market for corporate directors will do it for them.

Advice to Boards: Renew Your Directors or Shareholders May Do It For You

Here is a top 10 list reflecting forty recent director and executive interviews and ongoing advice and assessment provided to activist investors and boards.

Infuse your board with a shareholder mindset and directors with value creation track records

“Too many service providers” … “with no industry experience” … “who have not run anything” and “who lack value creation experience” go silent when tough business decisions need to be made, directors say. They “cannot provide the hard core insights to the management team” other than “be careful.” They default to process, “flavors of the day,” and recency, rather than leading substance and strategy. Directors and executives describe such formally independent but experientially lacking directors as “immature,” “provincial,” and “naïve.” Management is more critical: They “lack depth” and “contribute nothing.” Trying to get them off the board, in the words of one director, is like “pulling teeth.”

Remove over-tenured directors and ensure committee chair rotation

Long-serving legacy directors and committee chairs are described as “tired” and “complacent” by fellow directors who have been there “much too long,” and block renewal efforts when “they are the most conflicted.” Research suggests that directors beyond nine years diminish shareholder value. Tough discussions are occurring in boardrooms. Conflicted directors should leave the room during the discussion, directors say. Long-serving directors are loath to give directorships up, arguing they are different. Fellow directors and investors are increasingly unpersuaded by self-interest.

Conduct an independent performance review

One answer, according to head of corporate governance at CalSTRS Anne Sheehan who served on a recent panel discussion with me, is to have independent director performance reviews, with expectations set at the outset, and link the results to renewal. Don’t rely on retirement age as a performance proxy. Directors and regulators are mandating independent reviews. Blockage by self-serving chairs and directors are increasingly falling onto deaf ears. The review should have consequences, which means removing directors who have outlived their usefulness. “Rigorous evaluation,” consistently is a theme in my interviews. If a board blocks independent critical review, or does not act on the results, investors will step into the gap, and it will be far more consequential, costly and adverse.

Engage directly with investors on board performance and composition

What investors want to see now is recent, relevant, validated industry experience contributing directly to the company’s value creation chain, by each and every director. If a board cannot lead a value creation model that is endorsed by major investors, including capital and asset allocation and performance, and what each director’s contribution is to that, the board is vulnerable. Few boards have conducted this internal review with the rigor that an activist does. Camera-ready boards are having structured meetings with long-term shareholders to listen, learn and act. Boards ignore investors at their peril.

Address director origination and its impact on independence

Assume that investors will ferret out any and all conflicts, including friendships. If a director has previous or current relationships, to each other or to management, they lack independence and will not ask tough questions, new research suggests, unlike directors who are recruited primarily on the basis of merit who are unknown previously to the board. These directors are “owned” is the common refrain. Current examples include reciprocity, favours and capture. These directors cannot push back as the cost is too great. They are part of management. Therefore, boards need to rid themselves of these directors and discontinue recruiting based on prior relationships.

Diversify your board to add value

Make sure your board is diverse, and underpinned by the skill sets needed. Many companies do not have board diversity policies. Defensive, perfunctory policies are not useful. The best policies are prescriptive, have measureable objectives, and define diversity, with increasing numbers that a board holds itself responsible for meeting and on which progress is reported. There are measureable objectives for gender, age, ethnicity that align with the company, its business, its industry, and the markets in which it operates.

Focus on company performance over governance box-ticking

Governance has been a cottage industry dominated by self-serving professional advisors and associations, many directors and investors have told me. The pendulum as swung so far, such that investor performance is either entirely absent or an afterthought rather than the primary focus. “You can tick all the governance boxes, and underperform your peers,” one director states. So-called governance awarded companies have even been rife with corruption. Conversely, you can have many governance boxes unticked and perform for investors. Good boards do not let the governance tail wag the performance dog. Investors want performance, not governance accolades. We know that governance rating agencies and proxy advisory firms have metrics that lack prescriptive validity. We see award-winning companies who have failed in their performance, subsequently being attacked by activists with share price appreciation soon following. Activists are unimpressed, and, increasingly, the governance community is questioning its own focus and priorities. One award winning company with a director who has seen the activist light remarked that his board could be “10 times stronger.”

Conduct a thorough transparent director competency review, and act on the results

The director competency matrix belongs to investors and directors, not management. A matrix can be back-doored and manipulated, resulting in a complacent board. An inclusive, dynamic, objective, peer-to-peer, validated matrix review will generate development opportunities, remove directors who are lacking, and generate desired skills in the next directors. Regulators are calling for curriculum vitaes, interviews, and want to see each director is fit for purpose. Boards are wise to ensure that matrix design and administration is expert, free from management control, and reflects investor input.

Focus on softer director attributes

Skills I have recently developed for directors include: integrity, teamwork, communication and commitment. If only one director does not possess these, a board can be poisoned. These attributes can and should be recruited for and validated. A director who is lacking and cannot improve should be promptly replaced. The best boards are embarking on this review.

Display leadership and integrity

Lastly, ultimately, board renewal is about leadership and integrity. The Board Chair position is rapidly maturing. Directors who dig in and entrench are placing their own interests ahead of those of the company, resulting in grave disquiet. This is an integrity issue. Entrenched directors should do the right thing when it is time to go. Activism has become mainstream and shareholders may have much greater power in the future than they do now to propose effective and remove ineffective directors, if directors do not do it themselves.

A rebuttal to Terence Corcoran’s “OSFI and the bureaucratization of corporate governance”

Terence Corcoran launched a scathing attack against recent regulatory announcements by the Office of Superintendent of Financial Institutions (OSFI) and the Ontario Securities Commission (OSC) on assessing and interviewing directors, and strengthening gender diversity, respectively.

OSFI announced, in a draft advisory, that it intended to ask for curricula vitae of, and interview, certain directors and senior management, who include oversight functions. The Ontario Securities Commission, in a request for comment, has proposed disclosure amendments that include addressing term limits; the representation of women on boards and in executive officer appointments; and internal targets that companies could set to achieve greater gender diversity.

Mr. Corcoran calls OSFI’s announcement a “bureaucratization” of governance; contends that the OSC will “force” women directors onto boards in a “social policy agenda”; and calls an academic study “Junk Science,” while accusing the study’s authors of “manipulating” their data: a very serious charge. All these contentions warrant a counterpoint.

Currently, financial institution and public company directors are self-selected by themselves or, worse yet, management. Shareholders may not propose their choice of, or remove incumbent, directors. They press for this right, otherwise known as “proxy access,” (e.g., shareholders who own 3% of common shares for three years can propose up to 25% of a board’s directors in an uncontested election), but boards resist. Company management has challenged proxy access in court, and has won.

Therefore, there is no third party oversight or validation of director skills, qualifications and selection. This reality enables self-interest, entrenchment, recruitment on the basis of personal relationships, discrimination, and directors who do not possess requisite expertise and background.

My own research and work with boards suggests directors can and often are conflicted through gifts, donations, offices, vacations, jobs for acquaintances, prior friendships, and other perks that management gives them. I have observed and assessed bank directors who tell me they do not understand acronyms that are being discussed. One director, emblematic of many, told me, “we don’t understand derivatives.” I have witnessed directors: arrive unprepared for meetings; fall asleep at meetings; who have “not made a single contribution in years” (according to other directors); and who do not do “any of this” (proper risk management). In one instance, a female director was proposed to a largely male OSFI regulated board, and a male director remarked “she’s attractive … since she likes skiing and sailing, she’ll be a good board member.” In another, a director asked “You want us to appoint a lady to our board?” A board chair once told me “There are only twenty women in Canada who are board ready.” (The qualification to be a director is often minimal: over 18, not bankrupt, and not insane.)

I also regularly conduct reviews of significant companies where directors are lacking in relevant industry and risk expertise. This is not true of all boards.

In short, how directors are selected, and what their qualifications are, are largely shielded from scrutiny. Investors are left to rely on fuzzy short bios, and assertions that a proper recruitment process based solely on merit has occurred.

OSFI enacted significant changes to governance, requiring: boards to have directors with risk and financial industry expertise; an explicit risk appetite framework; and oversight functions (including internal audit) reporting directly to them.

I know of at least one bank, one utility, and one university (and these were the only three organizations I checked) where the Internal Audit function reports to the CEO or CFO, which is wrong.

Corporate governance involves a legacy of “independent” directors, opaque selection, and deficient reporting, assurance and internal controls. Interviews, CV checks, and greater disclosure, which shareholders should be doing, can put the heat on boards to clean much of this up. Regulators have shown internationally that they are prepared to conduct interviews and enact competency matrixes in the absence of shareholder oversight. If boards wish to forestall regulation, the answer is to improve their practices and disclosure consistent with best practice, which now includes diversification.

Indeed, Canada is late to this global board diversity movement. The majority of peer countries around the world have already enacted diversity legislation, in many cases in a much more intrusive approach than the balanced and proportionate approach the OSC is suggesting. Mr. Corcoran states the OSC is going to “force” companies to appoint more women. This in my view is not correct because companies with no or few women on their boards are free to describe why this is the case, and why this should continue.

This is not a bureaucratization of governance, but a prudent assurance of systemically important financial institutions. Interviews are wise because simple questions, such as “To whom do you report?” “How did you come to be selected?” and “What relationships do you have with directors or management?” address what CVs can hide.

Shareholders can tell when they meet with a director whether that director is “camera ready,” and OSFI will be able to as well. If a director is camera ready, and possesses all the requisite qualifications to be fit and proper, they should have nothing to worry about. Indeed, good directors should welcome the interview.

Lastly, Mr. Corcoran derides academic studies. This past summer, a primary drafter of guidelines that had a profound effect on governance and director selection in Canada remarked publicly, “We did virtually no research.” This is unfortunate because academics bring something to the table. They adopt an independent, evidence-based approach. I have numerous studies underscoring the positive effects women on boards have. There are studies suggesting CEOs do not make better directors; tenure beyond 9 years diminishes shareholder value; and busy boards with over-boarded directors result in diminished board oversight and performance. People should not be afraid of, or deride, academic studies. On the contrary, they should welcome and learn from them.

Academic studies should be more widely consulted, not less. My own LinkedIn group, Boards and Advisors, has almost 10,000 members, attesting to the benefits of academic, practitioner – and journalist – interaction.

Richard Leblanc is an Associate Professor, Law, Governance & Ethics, at York University. He also teaches corporate governance at Harvard University, and regularly advises boards and regulators. His views are his own. Disclosure: Professor Leblanc has advised, and has been retained by, OSFI and the OSC.

Richard Leblanc: Ten reasons that pay governance is broken

Executive pay is always in the news. Just last week an executive of Yahoo walked away with what was said to be a 100M parachute. I was interviewed by CBC radio on upcoming sunshine laws that are going to be enacted in Alberta. Last month, Ontario Power Generation fired three executives after an auditor general’s report on excessive compensation. The Premier of Ontario has vowed to crack down on excessive public sector executive compensation.

Do politicians have a track record of properly addressing compensation? I don’t believe so. Here are ten reasons that the governance of executive pay is broken, starting with politicians.

Politicians. Politicians have been the single greatest driver of increasing executive pay. Transparency or “sunshine” laws that politicians enact enable executives to utilize the pay of other executives to exert upwards pressure and threaten to leave, which is difficult to counteract. Transparency is good, but transparency without any guidance towards pay setting results in pay spiraling upwards. There is not a single jurisdiction that introduced pay transparency where pay has gone down. There was a time where executive pay was written within an envelope in a top desk drawer, and the focus in pay negotiations was on what the executive can do for the company, not what everyone else was earning.

Pay consultants. Pay consultants use this pay data and sell it back to the company in the form of “peer benchmarking,” which consultants have cleverly invented, which is now the predominant way to set pay. This means executive pay is driven by cherry-picked larger companies at the 75th or 90th percentile, resulting in a baked-in pay increase to the executive irrespective of performance.

Lack of professional standards. Lawyers and accountants can lose their license if they breach their fiduciary duty to their clients. They (we) have professional standards and rule-books addressing the duty of care, conflicts of interest, fee arrangements, continuing education, and just about everything you can think of to ensure the client is well served. Compensation consultants have no such obligations. Anyone can put out a shingle and call him or herself a pay consultant, and they do. You can sit on a compensation committee without any compensation expertise whatsoever. The requirement to be a director is shockingly low. In many cases, you need only to be over 18, not bankrupt and not insane. Maybe it is time to raise the bar for compensation consultants and compensation committee members. When advisors have standards, and pay-settors have expertise, they will make better decision.

Unnecessary complexity. Ask any director how much did his or her CEO “earn” last year, and see if you get a consistent answer. You likely won’t. It’s a simple question that deserves a simple answer. Pay depends on whom you ask and can’t even be defined. Is it “intended,” “realized” or “realizable”? We now have multiple “vehicles” for getting all types of pay to executives, with multiple valuations and performance periods. It becomes impossible to understand, value, and compare pay to performance. Therefore, mistakes and self-interest are possible. Pay needs to be radically simplified. Complexity deliberately frustrates and obfuscates basic analysis.

Captured pay-settors. Even if a compensation committee has formally independent directors, this does not reflect social relationships, the use of company resources by the directors, interlocks, excessive tenure, over-boardedness, reciprocity, favors, exorbitant pay to directors, vacations, gifts, donations, jobs for directors’ children, and a host of other factors that my research and work with boards uncovers. The compensation committee is then an arm of management.

Short termism. Most pay metrics are short term and financial. This means the executive is being unduly enriched and is trading on the effects of his actions that materialize years down the road, or not. Pay metrics should be matched to the actual effects of performance over time, and the value chain of the company. It is impossible to align pay to performance with only short-term financial metrics. Long term, non-financial metrics must be used, and pay-settors should have the spine and competency to insist on it. (Or regulators eventually will.)

Heads I win, tails you lose, or no downside for risky behaviour. Pay needs to incorporate risk-taking. We know that risk management in many companies is immature, so how can the downside of a decision possibly be incorporated into pay? If it is not, there is no or limited downside for executives to swing for the fences. Pay metrics and awards should account explicitly for risk. Most do not. This is not an insignificant point, as risk-taking compensation fueled the financial crisis. Regulators are addressing compensation and risk, but not fast enough.

Undue influence of Management. One highly paid CEO said to me once, “I will outgun any compensation committee.” If pay is truly a free market decision between owners and executives, the power, expertise and participation of shareholders must equal that of executives. Pay committees will need surgery for this to occur, starting with shareholders determining who is on their pay committee. That way, pay committees are the agents of their owners, not management.

Directors not listening to Shareholders. Directors assume that they know what shareholders want but this is folly. Surveys reveal a wide divide between shareholders and directors on executive pay. Directors need to meet directly with shareholders without executives present. Most don’t.

Lack of oversight and accountability. In the public sector in Ontario, there have been several governance scandals, including Ontario Power Generation, eHealth, Ontario Lottery and Gaming Corporation, and Ornge, that have included compensation and spending. What this reveals is defective oversight. Governance is not government. Ministers oversee 100s of agencies, boards and commissions operating in major sectors of the economy. Without independently assured oversight, and directors chosen exclusively on merit and not pre-existing relationships, often to the Minister or party in power, these scandals will continue. Premier Kathleen Wynne would be well served to address this lack of accountability and good governance. Saskatchewan has an excellent upward reporting model involving corporate secretaries and use of governance tools I helped create that apply to all crown companies.

One of my colleagues recently said to me, on the outlook of corporate governance in 2014: “Seems like a stand pat year with lots of tinkering but nothing profound happening.” With pay governance to improve, we might need some profoundness and not as much tinkering.


Back to top