Board Governance: ERM Trends

How do boards get a better handle on risk? Triggered in part by the Wells Fargo fiasco, which featured incentivizing sales goals that lead to fraudulent employee behavior, there has been in the governance literature a reexamination of enterprise risk management.

A couple of themes have developed. The first is that boards need to do more, which means requiring more detailed reports from management and greater involvement.

A second theme is establishing more aggressive claw-back clauses, which typically have economically penalized senior management if there are financial statement revisions based upon misconduct, or indeed based upon any reason; these agreements can be written to also penalize breaches of executive risk judgment as evidenced by economic performance in the future.

Discussion also has centered around establishing a well-managed, conservative and risk adverse “tone at the top,” a seemingly vague term which encompasses elements of conservative management and centralized control. One outgrowth of this latter focus, as noted in the always informative Ernst & Young “Board Matters Quarterly” (April 2017) is that ERM, traditionally the bailiwick of the audit committee or of a separate risk management committee, now in some companies is in part becoming the responsibility of the Nominating and Governance Committee, at least as to dictating the design and structure of the company’s ERM function.

Finally, recent literature suggests that, contrary to expectation, the presence of independent directors does not militate against fraud and high risk activity. Seemingly, independent directors are not only unsuccessful in a preventative role but, in some instances, have been participant in corporate fraud. Independence does not seem to be, necessarily, a guarantee of perspicacity, diligence or non-corruptibility.

Corporate Boards and Crisis Management

Does your company, whether public or private or nonprofit, have a crisis management plan? An expert panel convened by the National Association of Corporate Directors in Boston on May 9, 2017 all agree that a plan is necessary; they also agree that it is very hard to follow.

A written plan defines actions to be taken by lawyers, management, public relations, crisis management experts and the like. The first message from the company is very important as it sets the stage for a public understanding of the issues. This first statement must be immediate and is often at a time when all the facts are not known. The key things to remember in this first statement: a tone of concern, and a plan to mitigate or repair the damage.

If things are going well, the role of directors is to make sure that the crisis plan is in place and not to interface directly with implementation. If things are not going well, such as the recent United Airlines flap about injuring a removed passenger or the Wells Fargo flap about improper opening of customer accounts, boards have been known to make public statements.  Once you are in a crisis, boards should be busy monitoring. You can’t monitor a true crisis with weekly meetings; in the heat of things, daily attention is the order of the day.

One thing for boards to remember is that social media is very important for many companies, certainly those which are public-facing. It is important for someone understanding social media to advise the board in this regard, particularly because boards tend to be older and not skilled in this space.  It is also important to identify those constituencies most impacted so that your response addresses their concerns. Are you most interested in public consumers, employees, customers, or executives?

It was noted that many small tech companies, growing quickly, in fact do not have crisis management plans. Things are moving too fast and attention is diverted to growth. The obvious consensus: you nonetheless should have something in place.

One interesting omission in the discussion: when there is a crisis, lawyers often tell companies that the first people to contact are the lawyers, so that the lawyers can investigate, retain experts, and thereby maintain confidentiality of information based upon the lawyer-client privilege. This advice may be difficult to implement in the intense hours following the surfacing of a crisis.

Finally, a word about claims of sexual harassment from the top. There was unanimous sense that this must be, for all companies, a “zero tolerance moment” where the board must make sure that “the right thing” is done for the benefit of the company. Personal allegiances between senior management and the board may make difficult the enforcement of this fundamental position.


Trends in Wealth Management

What do the largest providers of financial investment products think are the economic trends which will drive the design of products in the near term? While there is mixed opinion as to the robustness of the United States capital markets, there seems to be uniform belief that great equity opportunities exist in Europe and in emerging foreign markets.

What do the leaders of the wealth management industry, broker-dealers and advisors, think are the major issues in providing wealth management services in the current environment? These include: overregulation and inordinate fines for minor infractions by the SEC and by FINRA; inability of the current wealth management model to provide cost-effective services to the middle class; difficulty in filling the pipeline with young advisors or diverse advisors interested in the profession; and, an accelerated swing in compensation away from charging fees based upon assets under management, moving toward “fee for service” in providing investment guidance.

These takeaways are from a program presented by Big Brothers/Big Sisters of Massachusetts Bay in conjunction with its annual “Big of the Year” fund-raising event. The program featured two industry-focused panels, comprised of presidents, CEOs and other senior executives from companies including Pershing, LPL, Voya, Hancock, PIMCO and Blackrock.

One panel discussed “robo advisors;” there was general consensus that such firms were not the platform for the future, but that their focus on greater efficiency and delivery of services online, combined with their utilization of big data, would drive modernization of what was described as a change-resistant industry.

Major overall risks? Aside (of course) from cyber security, there was substantial discussion concerning customer longevity. Mortality tables utilized by insurance companies vastly underestimate longevity, based upon advances in healthcare. “You can’t work 50 years and then live on your savings for the next 50 years” no matter how carefully you plan; this reality places substantial pressure on the advisory industry, not to mention the pressure it places upon the public.

(Interestingly and as an aside, the Boston Police Department was granted this year’s Big of the Year Award based upon its commitment to provide 25 “men in blue” to serve as big brothers or big sisters to the youth of Boston.)

Trends in Non-Profit Board Governance

The term “nonprofit organization” is a misnomer, agreed a panel convened Tuesday by the New England Chapter of the National Association of Corporate Directors. Organizations performing public service need profit in order to be sustainable in the long-term delivery of their missions.

And beware of establishing endowment funds. Some problems are not continuous, and people like to invest in solving problems and not perpetuating them. By way of example, if you have a problem that $1,000,000 might cure, why establish a $1,000,000 endowment where the annual income at a 5% yield is $50,000? The proliferation of endowments may be inhibiting the meeting of certain mission goals.

Other panel takeaways included:

Beware of the practice of establishing “consent agendas,” the practice of sending out detailed board agendas and committee reports for pre-meeting analysis, followed by a vote adopting all corporate action required by that agenda. The argument is that this saves time for more important discussions. However, major weakness were noted, including particularly that the practice encourages board members to not read the material carefully because there would be no discussion; and, the temptation for management to use the technique to hide exactly what is going on within the organization.

Beware also, in the face of the trend of nonprofit organizations to have larger and larger boards, often driven by donor participation, that you do not place too much power in an executive committee. With larger donor driven boards, there is a tendency to view deciding everything within an executive committee as being more efficient. However, ALL board members have fiduciary duties and an executive committee is a small group. You gain benefit from discussion within a larger group. Further, concentrating power in the executive committee tends to make your better board members less attentive, as they sense they are becoming “rubber stamps.”


M & A Trends in the Mid-Market

Last week, the Boston Chapter of the Association for Corporate Growth held an M&A Outlook Conference at the UMass Club. There was much discussion as to where the general economy fell on the timeline between boom and bust.

We are in a midst of a very long bull market; what was the consensus about the longevity of that market? There was general consensus that the bull market, which drives higher valuations of companies, including those on the block for acquisition, was not fully played out. Although some caution was expressed, including the thought that one should not assume that any future break in the market would be no worse than the 2008 recession, most commentators anticipated that there would be no major adjustment for nine to eighteen months, and one financial analysist thought that the current bull market might go as long as another four years.

The M&A folks noted that the first quarter of 2017 was very strong, with valuations as high as fourteen times EBITDA, perhaps reflecting the impact of the Trump Administration agenda. Particularly, it was noted that software tech deal valuations were very high.

It was also noted that there was great interest in funds resetting acquisition goals, looking to earlier stage companies; there are many funds with “too much money” chasing a finite number of deals, which tends to broaden the targets and maintain high EBITDA multiples.

Government policy is a confusion. The anti-international tone of some of the current US rhetoric likely is impacting certain deals. The promise of reduced government regulation might induce owners of smaller business to retain their businesses because the landscape would be more favorable.

There was some discussion as to whether the continued availability of “cheap money” was a current M&A driver. It was noted that cheap money generally doesn’t much affect the lower end of market deals. And indeed, the amount of leverage in the average deal is down somewhat from two years ago. Strategic deals don’t much rely on leverage either. It was also noted that many software companies have an economic model that will not sustain much leverage but, for those software and internet deals where the mathematics do work, such companies are using tremendous M&A leverage.

The median EBITDA multiples during the first quarter were a bit over seven times. Some concern was expressed that some deals were being done at 10 times EBITDA with leverage provided by “aggressive lenders” other than banks.

Bottom line predictions? In the tech sector, one panelist saw eighteen to twenty-four months of robust M&A with rising asset values, while another on the PE side saw two years of growth with particular focus on acquisition of companies with between $30 and $75 Million of EBITDA.

Massachusetts Regulation of Cyber Security in all Businesses

There is a specific Massachusetts governmental regulation concerning protection of personal information of residents of the Commonwealth. This regulation protects individuals, corporations, partnerships and other entities. It imposes obligations on any company which retains “personal information,” which is defined as the resident’s name plus any one of: social security number; driver’s license number or State-issued identification number; financial account number, or credit or debit card number, with or without security or access code.

Any business that has personal information about a Massachusetts resident, by ownership or by license, must have a “comprehensive security program” that contains “administrative, technical, and physical safeguards that are appropriate” to the size and nature of one’s business and data. There is a long list of specifics which must be contained in the security program.

Additionally, the holder of personal information must have provisions protecting computers, including any wireless system, that conform to an additional long list of specific user controls, including authentication, selection of passwords, restricting and blocking unwanted access, encryption for information over public networks, up-to-date software, and training of employees.

It is axiomatic that cyber security is just not a “financial records” issue. Many companies possessing personal information are already closely monitored by reason of their business, for example health care and financial services. But even the simplest of businesses must comply with Massachusetts law.

One more thing; if your business possess personal information that is going to the EU, there are particularly draconian regulations, with massive government fines, of which you should be aware.

Cyber Breach– Whom do you Call First?

Whom do you call first when you discover that your system has been breached? Luckily for lawyers, the right answer clearly seems to be “call your lawyer first.” This means before you call an outside company to remediate, or your public relations firm to guide you in appropriate disclosure. This is particularly true with respect to companies with in-house counsel.

Generally, communications between a company and its counsel are privileged and not discoverable. Sometimes, in house counsel, by acting normally, may waive that privilege where inside counsel is functioning more as a business executive than an attorney. If you first contact outside counsel, and have outside counsel supervise the audit of the breach (hiring third-party experts), and if your communications relative to fault are between the company and outside counsel, then the privilege which protects communications with your lawyer will be preserved; only facts you want disclosed will become public.


Director Fiduciary Duty: Massachusetts Changes

The common understanding is that boards of directors owe fiduciary duties to the shareholders. This is the “Delaware rule” and has been understood until now to apply also to Massachusetts corporations.

Not so fast.

Although the rule in Massachusetts remains that the board duty runs to the shareholders in closely held companies (where the Massachusetts approach has always been similar to imposing the kinds of high fiduciary standards expected from partners), a current decision of the Massachusetts Supreme Judicial Court changes the rules for publicly held entities.

In the high-profile acquisition by Dell of Massachusetts-incorporated EMC, the transaction was structured by EMC’s holding company merging upstream into Dell, rather than having EMC sell each of the individual EMC operating companies separately. Shareholders sued the directors, claiming that the proper way to maximize shareholder value was to sell each individual unit and have a separate price for each.

The Supreme Judicial Court struck down the case, establishing a new rule for public corporations in Massachusetts. Citing the Massachusetts Corporation Act that makes it clear that directors must hold the reasonable belief that they act in “the best interests of the corporation,” and further citing the statute to the effect that in so acting directors may consider other constituencies including employees, creditors, customers and societal considerations, the Court broke with the Delaware rule as it relates to public companies.

This does not mean that disgruntled shareholders have no recourse against directors. They can always make demand on the board, asking the independent members of the board to find that the directors violated their duty to the corporation. But direct litigation by shareholders of public corporations (absent self-dealing) now will no longer be permitted in Massachusetts.

It should be noted that the SJC applied the literal language of the statute in articulating the obligation of corporate directors to public companies. But the statute itself makes no such distinction, and the SJC seemingly has retained its interpretation that the duty of directors in private Massachusetts companies runs directly to the shareholders notwithstanding the language in the statute.

I bet the legislature didn’t have this dichotomy in mind when they passed the statute!

Crowd Funding: Problems Problems….

Yesterday I blogged the start of the joint SEC/NYU “Dialogue” on federal crowd funding for the sale of securities.  Late yesterday SEC Commissioner Stein released a public statement on matters focused by that Dialogue,  suggesting that not only is crowd funding still rare but also it is suffering from a variety of weaknesses.

All transactions must be done through FINRA-regulated “funding portals” which must make sure that the company disclosures required by the SEC Rule are posted (investors cannot deal directly with issuers).  No big surprise here: weakness in enforcing disclosure led to offers being withdrawn, and one portal was expelled.  Is there a “race to the bottom” whereby portals are lax for the purpose of  attracting business?  Does this problem require even further regulation by the SEC?

About a quarter of the crowd funding was with SAFEs, an instrument that is a contract to sell securities at a discount once there is a priced subsequent round of investment.  The SEC asks if retail investors are sophisticated enough to understand that this is not equity, not debt, that a company may never have a subsequent priced round of investment and thus the investor has — zero?  This is a legitimate regulator’s concern, but that very same question fairly could be addressed to the entire idea that retail investors should be making these kinds of investments in the first place; this latter concern resulted in a multi-year delay in the SEC even permitting these transactions notwithstanding being specifically charged with doing so in the JOBS Act.

Finally, there is great geographic concentration among companies using the portals; 60% of all deals, and 90% of all closed funding, were in California, Texas and along the East Coast.  The SEC asks if they should undertake further outreach to educate entrepreneurs elsewhere. The question was emotionally presented: can the SEC make crowd funding “accessible to everyone from the businesswoman in Missouri to the immigrant in West Virginia”?   The thought was not expressed that perhaps that businesswoman and that immigrant were just too smart to engage in this process to begin with….

I close with an anomaly which, readers here know, is a class of logical disconnects which always intrigue me.  Our economy and regulatory scheme seem to be fostering investment by retail investors in speculative new companies at the same time that retail investors have somewhat abandoned the public marketplaces, where information is far more robust and substantive protections for the investor are clearly in place. As a matter of policy, that may be the exactly wrong result…..

Crowd Funding: SEC Trend?

The current Administration of course is suspicious of government regulation.  The Acting SEC Chair, Michael Piwowar, a conservative Republican who has been on the Commission for a long time, has suggested that the SEC may further deregulate crowd funding to facilitate access by small business to broader sources of capital.

In remarks this week to the SEC-NYU “Dialogue on Securities Market Regulation,” Piwowar speculated that companies benefited by crowd funding might not otherwise find financing, while the JOBS Act had authorized crowd funding to reflect bi-partisan Congressional support to empower entrepreneurs in this very fashion.

Crowd funding has been legal at the Federal level for less than a year, but it has been very sparingly used.  Only 163 deals have been offered over the mandatory “funding portals” and only 33 have completed their raises to the tune of only approximately $10 Million.  The Dialogue aims to evaluate experience to date; Piwowar is suggesting he may look for ways to juice up this approach.

It took about four years after the JOBS Act for the SEC to enact Rules permitting crowd funding, and the reason is that crowd funding solicits money from poor people for small projects about which precious little analytical information is available.  Securities professionals typically view these kinds of small retail investors as providing “dumb money” and not the kind of support emerging companies need.  Since most emerging companies seem to fail, inducing poorer investors to inject money into them may sound like democracy in action but may have negative unintended consequences.

The data to be generated may well be informative, but should be analyzed critically based on the facts, not in terms of advancing a philosophical agenda of deregulation.   Is there a “wisdom of the crowd” in this arena?  Those of us who work regularly with investors in early stage companies know that even sophisticated diligence on well-conceived enterprises are prone to failure, which is why a smart portfolio consists of many “bets” in the hope that at least some of them produce profitable returns.