Thoughts for Boards: Key Issues in Corporate Governance for 2023

While the world recovers from the worst of the pandemic, the economic, political and social repercussions will continue to play out in ways that, while unpredictable, are in some respects characterized by observable patterns of cause-and-effect and cyclicality. The pendulum has been swinging back as, for example, the Federal Reserve has been ratcheting up interest rates and tightening liquidity, activist activity is once again on the rise, Republicans have taken control of the House, and back-to-office policies have been eased into effect. In this environment, stasis is the exception rather than the norm, and boards must continue to be nimble and open-minded in navigating the pitfalls and opportunities of this systemic recalibration.

Importantly, the infrastructure of corporate governance – namely, the structure and allocation of responsibilities and decision-making authority, and related principles, policies and information flows to facilitate such functioning – continues to serve as the anchoring framework for the board’s oversight of dynamic business conditions. Despite the complexity and range of issues that boards today must grapple with, the basic principles of governance continue to provide the best guideposts: engaged oversight, informed decision making, conflict-free business judgments, and balancing of competing interests to promote the overall best interests of the business and sustainable long-term growth in value.

Below are the key trends and developments that boards should bear in mind in the coming year:

• Risk management: Board-level systems for monitoring and controlling mission critical functions are important to demonstrate that the board has fulfilled its Caremark duties, as demonstrated last year when the Delaware Court of Chancery permitted a Caremark duty-of-oversight claim to proceed against the directors of the Boeing Company, with the court pointing to an alleged lack of board engagement with safety issues and the absence of a committee charged with direct responsibility. However, two subsequent cases (Hamrock and SolarWinds) have reiterated the requirement that there needs to be bad faith, not just gross negligence, for a successful Caremark claim.

Boards are expected to oversee significant and critical risks, and to document their oversight of the strategies, policies and procedures adopted to address those risks. In this regard, directors should seek to understand the corporation’s risk profile, and its management of short-, medium- and long-term risks, as well as how risk is taken into account in the corporation’s business decision-making and strategic planning. Given the challenging economic climate, boards should be mindful of possible risks relating to inflation and rising interest rates, availability and cost of financing, increases in operating costs and fluctuations in exchange rates, as applicable. We expect to see continued focus by investors and the SEC on oversight of risk management, including with respect to how boards and committees are structured to ensure sufficient expertise to oversee key areas of risks. See our memo, Risk Management and the Board of Directors.

• Cybersecurity: Cybersecurity continues to be a challenging area of risk management, with plaintiffs bringing Caremark claims based on cybersecurity breaches, regulators requiring additional disclosures about risk management and proxy advisors factoring cybersecurity risk oversight into their governance assessments. Two Delaware decisions in the past year have addressed board oversight duties under Caremark with respect to cybersecurity risks. In both cases (SolarWinds and Sorenson), Caremark claims were asserted following a cybersecurity attack by third-party hackers who exposed the personal information of customers. Both claims were dismissed, but the court’s opinions spoke to the increased risks posed by cybersecurity threats, characterizing cybersecurity as a “mission critical” risk for online providers.

In addition, the SEC proposed rules on cybersecurity risk management in May 2022 that would require public companies to report all material cybersecurity incidents within four business days of determining the event’s materiality, as well as periodic reporting about policies for managing cybersecurity risks, the board’s role in overseeing cybersecurity risks and the board’s cybersecurity expertise. ISS has also updated its governance “QualityScore” metrics to include information security as a factor, including third-party information security risks and related performance measures in executive compensation plans. Boards should ensure that they receive proper information to assist them in their oversight of cybersecurity risks, including from management experts and outside advisors, as relevant. While risks to the company’s business strategy are often discussed at the full board level, it may be appropriate to consider whether oversight of cybersecurity risks should be allocated for particular focus by a board committee. See our memo, Cybersecurity Oversight and Defense – A Board and Management Imperative.

• Cryptocurrency and blockchain: Despite the steep decline this year in the value of cryptocurrencies and the remarkable bankruptcy of FTX, the advent of cryptocurrency assets, markets and related technologies will continue to have long term implications not only for stakeholders like financial institutions, investment firms and payments technology providers, but also more broadly for businesses considering whether and how to leverage commercial opportunities created by cryptocurrencies, stable coins, non-fungible tokens and blockchain technology. Major financial institutions and world governments continue to move into the crypto space, with the Federal Reserve Bank of New York testing digital dollar tokens with major banks and China’s introduction of e-CNY, its central bank digital currency. In addition, the E.U.’s Markets in Crypto-Assets regulations are expected to come into effect in 2024, and proposed legislation in the U.K. would give the Financial Conduct Authority powers to regulate cryptoassets.

When considering cryptocurrencies or uses of blockchain technology, directors must not only be mindful of the risks and opportunities presented by the current state of play (including cybersecurity concerns, accounting and tax implications and other operational risks), but also consider the rapidly evolving nature of the crypto ecosystem. Even corporations that at first glance seem unlikely to be affected by crypto developments may find themselves exposed to peripheral risks, whether through relationships with institutions that are players in the crypto space or supplier networks that utilize blockchain. As a result, it will be important for boards and management teams to work collaboratively to understand developments in this area. As relevant, boards should consider creating committees to deal with questions of digital assets and demonstrate strong internal controls over digital assets. See our memo, Cryptoassets and the SEC’s Mandate.

• Politicization of ESG, and questions about the “woke” corporation: We have previously remarked on the widespread acceptance of stakeholder governance and, relatedly, the value of considering ESG factors in corporate decision-making. The last year has seen a new movement of anti-ESG backlash that is opposed to consideration of ESG factors, in a push to revert to the outdated notion that the purpose of a corporation is to increase short-term shareholder profits. However, this politicization of ESG does not alter the board’s ability to consider ESG factors; to the contrary, such consideration is consistent with the board’s fiduciary duty of care, as well as the board’s Caremark obligations to identify and address material risks.

Properly understood, ESG is not a unitary principle but rather encapsulates a wide range of risks and opportunities that a corporation must balance, taking into account its specific circumstances, in seeking to achieve long-term, sustainable value. A holistic view of corporate purpose recognizes that various stakeholder interests and relationships – including those relating to environmental sustainability, the safety and well-being of employees, co-dependencies with local communities in key locations, credibility with regulators, and creditworthiness with lenders and suppliers – are among the considerations essential to maintaining a thriving, growing business. See our memo, Understanding the Role of ESG and Stakeholder Governance within the Framework of Fiduciary Duties.

• Climate disclosure: In the coming year, the SEC is set to release or adopt several new ESG disclosure rules, including the final climate disclosure rules, following their initial proposal in draft form in March of 2022. These rules are expected to leverage the growing standardization of climate-related disclosures and, if adopted, they would require disclosures about board and management oversight and governance of material climate impacts, greenhouse gas emissions, as well as targets and transition plans. The International Sustainability Standards Board continues its drive toward a global baseline of sustainability disclosures, including a requirement for disclosure of Scope 3 emissions, subject to certain safe harbors that will be unveiled in forthcoming standards to be finalized next year. Simultaneously, there has been enhanced scrutiny of “greenwashing” over the last year, with private lawsuits alleging deceptive marketing, skepticism about sustainability-linked financing and additional SEC enforcement actions alleging misleading climate-related disclosures. While the regulatory landscape continues to evolve, companies are well-advised to work toward compliance with the Taskforce on Climate-related Financial Disclosures and the Sustainability Accounting Standards Board disclosure frameworks, as these are the core of the private market-led disclosure guidelines which have received widespread buy-in from corporations and have been endorsed by major institutional investors.
• Activism preparedness and defense; universal proxy cards: The volume of activist activity has rebounded from the relatively muted level of engagement during the height of the pandemic, with a 20% year-over-year increase in activist activity during the first half of 2022. The volatility and general decline in equity values has created vulnerabilities for many companies, as well as opportunities for activists, and this dynamic will continue to play out in the coming year. In addition, activists continue to leverage ESG topics as wedge issues to rally the support of institutional investors around economic and governance theses (e.g., Engine No. 1/Exxon, Carl Icahn/McDonalds and Third Point/Royal Dutch Shell).

At the same time, the new SEC rule requiring a universal proxy card in director election proxy fights became effective earlier this year. The universal proxy card will facilitate proxy contests by reducing the cost and effort required for activists to nominate and solicit proxies for the election of board members. It could also lead to a greater focus in proxy fights on the track records and skill sets of individual directors, rather than the performance of the company or board as a whole, because a universal proxy card will enable shareholders to pick and choose individual directors from the company’s and the activist’s competing slates.

In preparing for the use of universal proxy cards, some companies have been updating their bylaws to reflect technical updates, and, in a few cases, they have enacted more aggressive bylaw amendments that have been met with resistance. For example, there is a pending lawsuit against Masimo Corporation in Delaware over its bylaw amendment requiring nominating shareholders to disclose information about their own investors, other investors with whom they have spoken, as well as other companies for which they are also nominating directors.

Another development that may impact voting dynamics is the initiative by some large asset managers to provide their retail clients with the ability to directly participate in voting decisions: BlackRock implemented this technology for certain assets a year ago, Vanguard is reported to be considering a trial of similar technology, and State Street announced in November that they are considering the possibility of providing investor choice in more of its products.

• D&O exculpation and insurance: Earlier this year, Delaware adopted an amendment to its corporation laws to permit exculpation of officers (in addition to directors) from personal liability for monetary damages in corporate charters. Such an exculpation provision is not self-effectuating. Implementation requires an amendment to the corporation’s certificate of incorporation which, in turn, requires approval by the corporation’s shareholders. According to its recently released policies for 2023, ISS will generally vote for proposals providing for exculpation provisions in a company’s charter to the extent permitted under applicable state law.

Officer exculpation may help to eliminate the unequal and unfair targeting of officers for negligence claims in stockholder litigation, while at the same time preserving avenues for officers to be held accountable. Notably, the scope of permissible indemnification is limited, insofar as it only allows exculpation for direct claims brought by stockholders and does not eliminate officers’ monetary liability for breaches of their duty of care pursuant to claims brought by the corporation, or for derivative claims made by stockholders on behalf of the corporation. In addition, the amendment would not limit the liability of officers for breaches of the duty of loyalty, any acts or omissions not in good faith or which involve intentional misconduct or a knowing violation of the law, and any transaction from which the officer derived an improper personal benefit. See our memo, Delaware Approves Permitting Exculpation of Officers from Personal Liability in Corporate Charters. 

• Clayton Act Section 8: The Department of Justice recently announced that it is ramping up efforts to enforce Section 8 of the Clayton Act, which prohibits officers and directors from serving with competing companies simultaneously. There are certain de minimis safe harbors for interlocked companies whose competing sales are less than $4.1 million (as of 2022) or where the competing sales make up only a minimal percentage of total sales, as well as a one-year grace period to resolve a violation created by changed circumstances. Several companies have already received civil investigative demands, with a particular focus on private equity sponsors (e.g., Thoma Bravo and its investments in Dynatrace and Solarwinds) based on a theory of corporate deputization that focuses on firms rather than specific individual interlocks at portfolio company boards. The DOJ appears to have established an internal task force dedicated to enforcing Section 8, and we expect additional enforcement actions and press releases to come. Companies should accordingly review their board memberships for competitor interlocks. See our memo, Antitrust Division Actively Seeking to Break up Corporate Interlocks.
• Executive compensation clawback rules: Pursuant to the SEC’s final compensation clawback rules under the Dodd-Frank Act, which were released earlier this year, publicly traded companies must adopt policies allowing them to “claw back” incentive-based executive compensation awarded on the basis of materially misreported financials that subsequently require an accounting restatement. The clawback mechanism applies regardless of whether the restatement was caused by error, fraud or otherwise, and greatly expands the SEC’s authority to force companies to claw back executive compensation following a restatement. The new rules allow for limited board discretion in whether to seek recovery from officers, and boards are prohibited from indemnifying officers for recovered compensation. While many public companies already have clawback policies in place, they should assess whether they meet the SEC’s new requirements on the anticipated schedule. See our memo, SEC Adopts Final Compensation Clawback Rules.
• Board Diversity: Board diversity continues to be an area of focus by major institutional investors, proxy advisors and regulators, and in recent years the composition of boards has evolved accordingly, with 72% of the incoming S&P 500 class of directors appointed in 2022 coming from historically underrepresented groups. According to a recent survey, half of all S&P 500 boards have a policy like the “Rooney rule” to include candidates from underrepresented groups in the candidate pool when recruiting new directors. Beginning in 2023, Glass Lewis will recommend against the chair of the nominating committee of a board that is not at least 30% gender diverse, absent credible disclosure of a commitment to increase board diversity in the new future. Institutional investors, like State Street, have made similar commitments on gender diversity, and are also calling for disclosure of the racial and ethnic composition of boards. Looking forward, new proposed SEC rules on the disclosure of board diversity are expected in April 2023.

In addition to these key trends and developments, directors and companies should remain mindful of other recommended practices in corporate governance:

Boards should:

• Maintain a working partnership with the CEO and management and serve as a resource for management in charting the appropriate course for the corporation;
• Set the “tone at the top” to create a corporate culture that not only gives priority to ethical standards, professionalism, integrity and compliance in setting and implementing both operating and strategic goals, but that also is a reflection of, and a foundation for, the corporation’s purpose;
• Choose the CEO, monitor the CEO’s and management’s performance and develop and keep current a succession plan that takes into account potential candidates as well as the objectives and challenges that the corporation faces;
• Oversee corporate strategy (including purpose, culture and vision) and the communication of that strategy to investors, recognizing that investors want to be assured about not just current risks and problems, but also threats to long-term strategy from global, political, climate, social, economic and technological developments;
• Determine the appropriate level of executive compensation and incentive structures with the basic objective of recruiting and retaining the best management available, and with awareness of the potential impact of compensation structures on business priorities and risk-taking, taking into account specific goals like climate sustainability and current stakeholder, proxy advisor and public and political views on compensation;
• Be prepared to take an active role in matters where the CEO may have a real or perceived conflict, including in the context of takeovers and attacks by activist hedge funds focused on the CEO;
• Receive updates from management or advisors, as appropriate, on changes to regulatory guidance, disclosure requirements and other changes in law which may affect the management of the corporation;
• Have a lead independent director or a non-executive chair of the board with clearly defined duties and responsibilities who can facilitate the functioning of the board, serve as a liaison between the independent directors and management, and assist management in engaging with investors, other stakeholders, their advisors such as S&P and ISS and with regulators;
• Together with the lead independent director or the non-executive chair, determine the agendas for board and committee meetings and work with management to ensure that appropriate information and sufficient time are available for full consideration of all matters;
• Recognize that shareholder engagement is a central component of corporate governance, and participate, as appropriate, in proactive outreach efforts to communicate with and listen to shareholders and other stakeholders;
• Work with management to anticipate possible takeover attempts and activist attacks, understand activist and acquiror tactics, and keep response playbooks up-to-date in order to be able to address these attempts or attacks more effectively, if they should occur; in this regard, it may be prudent to meet at least annually with the team of the corporation’s executives and outside advisors that will advise the corporation in the event of a takeover proposal or an activist attack;
• Evaluate the performance of individual directors, the board and board committees on a regular basis and consider the optimal board and committee composition and structure, including board refreshment, expertise and skill sets (including as it pertains to climate, diversity and key risk areas), independence and diversity, including with a mind to the evolving Delaware jurisprudence on what constitutes “independence” for directors;
• Consider whether to create additional committees focused on key risk areas, such as cybersecurity or cryptocurrency, in order to demonstrate appropriate risk management;
• Review corporate governance guidelines, committee charters and workloads and tailor them to promote effective board and committee functioning; and
• Determine that appropriate records of the foregoing are timely created and maintained.

Corporations should seek to: 

• Have a sufficient number of directors to staff the board’s committees and to meet investor and other stakeholder expectations regarding experience, expertise, diversity and periodic refreshment;
• Have directors who have knowledge of, and experience with, the corporation’s businesses and the key developments and drivers that impact those businesses, even if this results in the board having more than one director who is not “independent”;
• Have directors who are able to devote sufficient time to preparing for and attending board and committee meetings and engaging with investors and other stakeholders;
• Recognize that institutional investors and other third-party ESG activists will monitor the composition of the board of directors for expertise on particular aspects of ESG (including climate change and diversity) and for presence on the board of known opponents of an ESG issue;
• Provide directors with all the data that is necessary for making sound decisions regarding performance, strategy, compensation, risk management, climate change, diversity, other ESG issues, financial stability and stakeholder allocation;
• Provide directors with relevant reporting on material decisions or industry trends, such as the use of artificial intelligence and cryptocurrency, as well as corporate cybersecurity defense and readiness;
• Provide directors with regular tutorials by internal and external experts as part of expanded director education, and provide directors with the information and expertise they need to respond to disruption, evaluate current strategy, strategize beyond the horizon and integrate and balance the interests of stakeholders; and
• Maintain a collegial relationship among and between the corporation’s senior executives and members of the board that facilitates frank and vigorous discussion and enhances the board’s role as strategic partner, evaluator and monitor.