Agenda – ISS Adds Cyber Risk to Company Scores

Business and cybersecurity experts recently told the World Economic Forum that there is a high likelihood of a destabilizing and “catastrophic” cyberattack linked to geopolitical instability within the next two years. And the largest segment (34%) of respondents to a recent Allianz survey of more than 2,000 company representatives said cyber risk was the number…

There Is No “C” In “ESG”: An Illustration of ESG’s Biggest Risk

Doug Chia of Soundboard Governance raises concerns that ESG is becoming such a catch-all that it may lose any meaning. One could argue that the term “ESG” is best used as shorthand for anything not typically measured with traditional financial metrics, or “externalities” in general, and pedantic arguments over specific words and letters (like this blog post!) miss the point.  But the possibilities for what is an ESG issue cannot be endless.  What is not ESG?  An undisciplined approach to what constitutes ESG will render it meaningless to those who need to understand its importance (e.g., Warren Buffett),and an absence of boundaries makes ESG ripe for manipulation, co-option, and ridicule by those with ulterior motives (e.g., the Free Enterprise Project).  Continuing down this path will undermine the concept of ESG as a critical component of business and investment decisions.  ESG’s own biggest risk may be that it can be whatever you want or need it to be.

SEC’s New Rules for Fund Managers on Cybersecurity Disclosures

The SEC is proposing new rules on cybersecurity disclosures for fund managers. The Commission also is proposing a new rule and form under the Advisers Act to require advisers to report significant cybersecurity incidents affecting the adviser, or its fund or private fund clients, to the Commission. With respect to disclosure, the Commission is proposing…

Senators Tell the SEC to Withdraw the Proposed Proxy Rules

Senators Richard Durbin, Sherrod Brown, Brian Schatz, and Jack Reed have written to SEC Chairman Jay Clayton to object to the proposed rules on proxy advisors and proxy proposals in the strongest terms. The full letter is below. An excerpt: The SEC fails to make a credible argument that errors in proxy advisor reports justify…

For Facebook and Alphabet, Big-Ticket Fines Cause Limited Pain – WSJ

VEA Vice Chair Nell Minow is quoted in this Wall Street Journal story about whether the penalties Facebook will be paying is enough to discourage further abuses. Financial penalties typically are meant to discourage further misbehavior or make victims whole, said Nell Minow, vice chair of ValueEdge Advisors, a corporate-governance consulting firm for investors.“That second…

PWC on Corporate Boards: Cyber Threats, #Metoo, Diversity, and What Shareholders Want

PWC on Corporate Boards: Cyber Threats, #Metoo, Diversity, and What Shareholders Want PWC’s annual director survey is one of our most trusted resources on corporate governance from the perspective of the boardroom, and this year’s edition has some significant findings on issues like diversity, CEO pay, climate change, cybersecurity, and the gap between what board members…

Facebook Turns Toxic for Some ESG Funds – Bloomberg

Just how toxic is the data-privacy scandal for Facebook Inc.?So toxic that some investment funds now are lumping in the social network with big polluters and other corporations they consider ethically challenged.As Facebook has struggled to contain the damage from Cambridge Analytica’s use of personal data from 50 million users, some environmental, social and governance…

Time For Facebook CEO Mark Zuckerberg To Face Facts

Professor Jeffrey Sonnenfeld explains the failure of corporate governance at Facebook revealed by the Cambridge Analytica breach. We concur, and we call on the board to establish a committee to investigate further and report to Facebook users and investors about the steps they are taking to prevent further breaches. The leadership of Facebook is failing…

Cybersecurity Today Is Treated Like Accounting Before Enron – The New York Times

We believe every board should have a cybersecurity expert and a specific board committee with oversight. And we recommend that companies report on their process and criteria for cybersecurity each year, with particular emphasis on their ability to respond to attacks promptly and effectively. Companies may wish to allocate reserves for potential breaches as well….

The Equifax Hack: More Questions Than Answers About the Board

So what happened? At a time when board composition and disclosure are presented as the board’s best safeguards to a range of corporate crises, what lessons can be gleaned from the Equifax debacle—despite the board’s perceived preparedness in these areas?  <P><P>In each annual proxy, boards disclose their governance practices—from director succession planning to risk management—which…