Back in April, I blogged about DOL cybersecurity guidance directed at ERISA plan sponsors and fiduciaries. At the time, many took note that the DOL guidance could be an indicator that plan sponsors and fiduciaries might find themselves subject to scrutiny over cybersecurity practices in DOL investigations. This Nixon Peabody memo warns, that if you haven’t already done so, plan sponsors and fiduciaries should take action to shore up cybersecurity practices and compliance plans because the DOL has started investigations into cybersecurity practices.
Should an investigation commence and for insight about what the DOL might ask, the memo provides a sample document request from one DOL investigation:
All policies, procedures, or guidelines relating to:
Data governance, classification, and disposal
The implementation of access controls and identity management, including any use of multi-factor authentication
The processes for business continuity, disaster recovery, and incident response
The assessment of security risks
Data privacy
Management of vendors and third party service providers, including notification protocols for cybersecurity events and the use of data for any purpose other than the direct performance of their duties
Cybersecurity awareness training
Encryption to protect all sensitive information transmitted, stored, or in transit
All documents and communications relating to any past cybersecurity incidents
All security risk assessment reports
All security control audit reports, audit files, penetration test reports and supporting documents, and any other third-party cybersecurity analyses
All documents and communications describing security reviews and independent security assessments of the assets or data of the plan stored in a cloud or managed by service providers
All documents describing any secure system development life cycle (SDLC) program, including penetration testing, code review, and architecture analysis
All documents describing security technical controls, including firewalls, antivirus software, and data backup
All documents and communications from service providers relating to their cybersecurity capabilities and procedures
All documents and communications from service providers regarding policies and procedures for collecting, storing, archiving, deleting, anonymizing, warehousing, and sharing data
All documents and communications describing the permitted uses of data by the sponsor of the plan or by any service providers of the plan, including, but not limited to, all uses of data for the direct or indirect purpose of cross-selling or marketing products and services
Please note that you may need to consult not only with the sponsor of the plan, but with the service providers of the plan to obtain all documents responsive to these requests. If you are unable to produce documents responsive to any of the forgoing, please specify the requests and the reasons for the non-production.
A recent Equilar blog takes a look at 2021 say-on-pay vote results so far and like other memos and reports, Equilar projects that 2021 could see the highest failure rate yet. One observation noted in the blog is an apparent trend between the magnitude of CEO pay and the level of support for say-on-pay proposals. Here’s an excerpt:
The overall trend is that of high median CEO compensation paired with low Say on Pay approval – see the blog for a chart showing 2021 median CEO pay vs. say-on-pay approval.
Median CEO pay was around $17 million for companies that fell under 50% approval. This exemplifies that high pay continues to be a matter of concern for shareholders. Though some companies did lower compensation, the data suggests that shareholders may still view it as too high. It is important to note that though shareholders’ reluctance to approve high pay is not a new phenomenon, zooming in on individual companies provides insight into COVID’s role in intensifying this effect.
One failure this year, Starbucks, shows just that. In 2020, Starbucks paid its CEO $14 million, a drop from $19 million in 2019. Starbucks received a 47% vote this year compared to a passing 84% vote last year, despite the lower pay. AT&T witnessed a similar event, failing its vote regardless of an $11 million drop in pay. Walgreens Boots Alliance joined in with CEO pay roughly $1.6 million lower than last year but over a 35 percentage point drop in approval. Though various factors are possibly at play, it’s likely that the pandemic heightened shareholders’ criticism of unnecessarily high compensation. It seems natural that, with economic uncertainty, shareholders are more willing to express disapproval if companies aren’t bearing their share of the burden.
In the past year, S&P 500 companies rapidly changed their executive compensation to incentivize diversity, worker health & safety, and other ESG metrics. In some cases, the metrics were added as one-time modifiers to individual payouts, and in many cases – particularly for D&I – the metrics were added to formulaic plans. This 10-page Semler Brossy memo catalogues many of the changes.
What we don’t know yet is whether these changes to comp plans will effectively motivate actions that support the long-term, sustainable performance that investors want. As I blogged yesterday, pay-for-performance already has some flaws. And just as ESG metrics are becoming mainstream, this WSJ piece from London B-School Prof. Alex Edmans argues that, except in a few unique circumstances, we may be barking up the wrong tree with these new incentives as well. Here’s an excerpt:
These unintended consequences might be even worse for ESG than financial targets. One challenge is that, for financial performance, only a couple of measures might be relevant. But ESG performance is multifaceted. Companies have a responsibility to many stakeholders—employees, customers, suppliers, the environment, communities and taxpayers—and for each stakeholder, many dimensions are relevant. Either the contract includes only a couple of ESG measures and the CEO ignores others, or it includes most of them and the contract becomes so complex that it loses any motivational effect.
A second problem is measurement. For a financial target such as earnings-per-share, there’s consensus on how to measure it. But that isn’t the case for an ESG metric. Should ethnic diversity be captured by the number of minorities on the board, in senior management, or in the workforce—or other factors such as the ethnic pay gap, or the proportion of minorities who get promoted from each level? Even ESG-rating agencies disagree significantly on how to measure ESG performance, so any measure might be perceived as unfair or ignore important dimensions.
The solution, Professor Edmans says, is to pay CEOs like owners – with long-term shares. That’s something that Norges Bank, which manages Norway’s huge sovereign wealth fund, has been saying since 2017 (here’s their policy, which I’ve blogged about a few times). Professor Edmans says that companies can get the benefit of motivation – without the risk of manipulation – simply by setting & reporting on ESG goals. CEOs are a competitive bunch!
It goes without saying that not everyone agrees with Professor Edmans’ take. If we’re locked into the pay-for-performance system – and existing financial goals are at odds with ESG – it makes sense to even the playing field and emphasize the strategic importance of these metrics.
Pay-for-performance tanks productivity, creates a risky compliance culture, causes undesirable conflicts among departments, is only useful for tasks involving physical labor (vs. “problem solving”), and harms customer relationships. Those of us who are involved with compensation should “just say no” to this blunt instrument and instead work on building a culture in which people care about the customer & each other. For example, by treating employees with respect and offering excellent training opportunities.
Those are the conclusions from this recent article from management consultant Roger Martin, whose faith in “pay-for-performance” has crumbled over the last 30 years. I usually blow off articles like this as fluff – but this one goes a bit deeper. It ties intuitive points to real-world events & research (which according to Prof. Martin, is more than can be said for pay-for-performance). Here’s more detail on a couple of the problems he points to:
Fourth, the gaming is without limit. Roy’s machine shop is a poignant example. For every worker, half their day was spent doing nothing productive. Tanking a whole year to reset the budget at an easy level. Stuffing the distribution channel to make the quarter. Chopping advertising spending to jack up this year’s profitability. Diluting the ingredients in the termite spray at the end of the year to make budget — yup, freely admitted to me by field staff at a former client. Opening accounts that customers never approved. Recognize that there is no limit!
Fifth, you can’t fool customers. They figure out that they have a big target on their backs. Your incentive compensation ranks far above their satisfaction. They figure out that are merely a means to your end. But of course, they aren’t powerless. They know that you are trying to make budget to get your bonus and they can wrap you around their finger as year-end approaches. Monetary incentive compensation is toxic for customers. And that is even if it is about customer satisfaction scores. With two of my last three car purchases, the salesperson pleaded with me to give him a perfect satisfaction score to help with his compensation — resulting in me never intending to purchase a car from their companies (Lexus and Range Rover) again — great cars, but terrible customer experience thanks to monetary incentive compensation.
It would require a huge amount of bravery to depart from pay-for-performance – from boards, managers, investors, proxy advisors, and consultants. Maybe even lawyers, as it’s just so different than what we’ve become accustomed to documenting and disclosing. The problem is that people at the top do need to communicate in some way what type of performance they want delivered, and it takes a lot of extra work to figure out what motivates each individual to get there – it may even require the investors/directors/managers to loosen their grip on specific metrics or outcomes. Combine that with frequent executive & employee turnover – and difficulty measuring things like culture – and many are left feeling that a “blunt instrument” is the only efficient option.
The thing is, more than a few investors are starting to show signs of disapproval – and even former execs are questioning it. This may be something where at some point, leaders will admit that the experiment isn’t delivering the results that were hoped for – and that adding ESG metrics isn’t a simple solution, either.
‘Tis the season…for updating off-season peer groups. ISS announced yesterday that their peer group submission window will be open from 9 am ET on Tuesday, July 6th until 8 pm ET on Friday, July 16th – for companies that have annual meetings slated to be held between September 16, 2021 and January 31, 2022. Here’s more detail:
As part of ISS’ peer group construction process, on a semi-annual basis, corporations are requested to submit changes they have made to their self-selected peer groups for their next proxy disclosure. ISS considers companies’ self-selected peer groups as an important input as part of its own peer group construction methodology.
Submissions should reflect peer companies used (or to be used) by the submitting company for pay-setting for the fiscal year ending prior to the company’s next upcoming annual meeting.
If you haven’t made any changes to your peer group, or you don’t want to provide the info in advance, you aren’t required to participate. That just means that ISS will automatically factor into its methodology the peers that you disclosed in your last proxy statement.
Meanwhile, Equilar’s peer group submission window is open through tomorrow – Wednesday, June 30th – targeting companies that file their proxy statement between July 15, 2021 and January 14, 2022. Institutional investors’ voting policies often say that they incorporate a third-party analysis to verify company peer groups, and some use Equilar’s research for that. The portal re-opens in December for spring filings (and any changes submitted after June 30th will be incorporated in that update).
Last week, I blogged on TheCorporateCounsel.net that the SEC has issued a record amount of whistleblower awards this year. Companies need to anticipate the possibility of whistleblowers and encourage employees to raise concerns internally – but that doesn’t mean you can prohibit them from going directly to the SEC! Doing so would violate Rule 21F-17 of the Exchange Act.
Last week, the SEC announced that it had settled an enforcement action with a brokerage firm that tried to do just that, by including this provision in its employee manual and related training:
Employees are also strictly prohibited from initiating contact with any Regulator without prior approval from the Legal or Compliance Department. This prohibition applies to any subject matter that might be discussed with a Regulator, including an individual’s registration status with FINRA. Any employee that violates this policy may be subject to disciplinary action by the Firm.
The manual defined “Regulator” to include the SEC. Meanwhile, the Code of Conduct said:
Nothing in this policy or any other Company policy or agreement is intended to prohibit you (with or without prior notice to the Company) from reporting to or participating in an investigation with a government agency or authority about a possible violation of law, or from making other disclosures protected by applicable whistleblower statutes.
That wasn’t enough to save the company from being tagged in the enforcement action – nor was the finding that no employees were actually prevented from communicating with the SEC about potential violations, or that the company took no action to actually enforce the restriction or prevent communications. Although the company didn’t admit or deny the findings in the SEC order, as part of the settlement they agreed to pay about $210k, revise the manual, alert their employees to the change, and promise not to do it again. See this Stinson blog for more details.
If you haven’t reviewed your employee manual and code of conduct lately, this is a good reminder to do so. If your comp committee is evolving into a “people committee,” they might have a hand in that.
In an unusual twist, last week a company announced voting results from its annual shareholder meeting and said it considered all items of business with the exception of its say-on-pay proposal. Some investor advocates are unhappy with the CEO pay package and the company said shareholders should have more time to consider the say-on-pay vote. Here’s an excerpt from the company’s press release:
Based on requests from shareholders for additional time, the independent members of the Activision Blizzard Board believe it is in the best interest of its shareholders to extend the opportunity for shareholders to vote on this important matter, and therefore recommended an adjournment to allow additional time for shareholders to submit proxies with respect to the [Say-on-Pay] Proposal. The 2021 Annual Meeting will be reconvened on Monday, June 21, 2021 at 9:00 a.m. Pacific Time (the “Reconvened Annual Meeting”). The sole matter of business before the Reconvened Annual Meeting will be the [Say-on-Pay] Proposal.
The company’s press release details certain recent statements about its executive compensation practices that it believes were misleading. The Board members believe that obtaining informed shareholder feedback related to Activision Blizzard’s compensation policies and practices is of fundamental importance, and therefore, allowing additional time for shareholders to meaningfully participate in the vote better represents their interests.
This unusual development ruffled the feathers of some investor advocates and they were speaking out about it. This case might add more fodder to the discussion about whether pay-for-performance is the way to go with compensation because in this case, it doesn’t appear to be pleasing everyone. Activision’s press release says it decreased the CEO’s base salary and cash bonus and made most of the CEO compensation performance based. With that, MarketWatch reports that 54% of shareholders approved Activision’s say-on-pay proposal. Stock awards made up the bulk of the CEO’s compensation and the value of the company’s stock rose and outpaced the S&P 500 last year.
As we cross the high-point of proxy and annual meeting season, Equilar and the NYT recently released their annual look at CEO pay levels for the 200 highest-paid CEOs. Liz blogged about one aspect of the analysis.
It’s also worth visiting Equilar’s interactive chart that analyzes the pay of the 200 CEOs included in the study. It’s sortable by total compensation, change in comp value year over year, the company’s CEO pay ratio and median employee pay, company revenue and change in revenue year over year. Here are some of the findings:
For the first time since 2014, none of the 10 highest-paid CEOs had been in the top 10 in the previous study. Only one of the 10 highest-paid CEOs has been among the top 10 in the past (Regeneron’s CEO). This trend is due chiefly to the fact that there were five newly public companies represented among the top 10, as well as a CEO recently new to his position (DaVita’s CEO).
COVID-19 has had an uneven effect on corporations, often dependent on industry, but the market overall has reached continual highs in the past year. While CEO pay increased due to rising equity values, cash compensation (salary and bonus) was lower in 2020 than the previous year on balance, even among these highest-paid executives. Salary for Equilar 200 CEOs dipped 3.7% at the median from the previous year, while the median cash bonus fell 5.2%.
Meanwhile, median employee pay for the firms included on this year’s list actually increased, albeit modestly, rising 1.9%. While it would be difficult to argue that CEOs suffered as employees benefited in 2020, fixed pay for executives was held to the same standards as that of the median employee across the market in 2020.
Tune in tomorrow for the webcast – “Proxy Season Post-Mortem: The Latest Compensation Disclosures” – to hear Mark Borges of Compensia, Dave Lynn of CompensationStandards.com and Morrison & Foerster and Ron Mueller of Gibson Dunn analyze this year’s wild say-on-pay results, key 2021 lessons, ongoing pandemic-related issues, ESG metrics, CEO pay ratios, status of SEC rulemaking, and what to start thinking about for next year.
If you attend the live version of this 60-minute program, CLE credit will be available! You just need to submit your state and license number and complete the prompts during the program.
Members of this site are able to attend this critical webcast at no charge. If you’re not yet a member, subscribe now. The webcast cost for non-members is $595. You can renew or sign up online – or by fax or mail via this order form. If you need assistance, send us an email at info@ccrcorp.com – or call us at 800.737.1271.
This recent Glass Lewis blog looks at what can go wrong with ESG oversight – and how it can connect to, and impact, executive pay votes. The situation discussed in the blog involves Rio Tinto, a mining company dual listed in both Australia’s ASX 100 and the UK’s FTSE 350. At the company’s 2021 annual meeting, more than 60% of votes cast voted against its remuneration report, which serves as a retrospective, advisory look at the last year’s pay decisions. Here’s an excerpt:
Shareholder concerns centred on the company’s destruction of two ancient rock shelters in the Juukan Gorge, and its subsequent response. The blasting, which caused irreversible damage to a 46,000-year-old Aboriginal cultural heritage site in the Pilibara region of Western Australia, occurred in May 2020 as part of the expansion of an iron-ore mine.
The board review of the matter found certain executives, including the group chief executive, responsible failure to implement an adequate heritage management system. The company then determined that the group chief executive wouldn’t be entitled to receive any bonus awards for FY2020 and also said a reduction would be applied to LTIP awards that were due to vest in 2021. Stakeholders didn’t think the financial penalties were adequate and the executives involved retired, and the board chair announced an intention to retire at the conclusion of the company’s 2022 annual meeting.
Even with all this, investors weren’t happy and ultimately voted against the company’s renumeration report. The terms of the group chief executive’s departure apparently made the situation worse because as a good leaver, all of his outstanding awards will vest as scheduled, subject to pro-rating for the time worked and achievement of applicable performance conditions.
This case shows the importance of ESG oversight and that investors may look beyond the initial matter and consider related compensation decisions too. For executives involved in perceived ESG missteps, this case shows the potential of a wide-reaching effect.