'THE DAILY CORPORATE GOVERNANCE DIGEST' (for public company boards, the C-suite and GCs)

?????Please see the items below with the related links (NOTE: access to link content may be metered, require a no-charge registration or require a paid digital subscription)

???????(i)?2nd anniversary of the Business Roundtable's revised statement on the 'purpose of a corporation: the debate continues: As noted in yesterday's?Fortune CEO Daily Newsletter, "Two years after the Business Roundtable statement on stakeholder capitalism, has anything changed? ", today marks?the second?anniversary of the Business Roundtable’s revised "Statement on the Purpose of a Corporation " which has provoked an ongoing debate over what the purpose of a corporation is, and the related concept of "stakeholder capitalism" (v. "shareholder capitalism.")?

?????????This debate is ongoing, with op-eds in the business press regularly appearing taking a position one way or the other, witness these two articles this month that are referred to in the said?CEO Daily Newsletter, "America’s top CEOs didn’t live up to their promises in Business Roundtable letter, researchers find " (with reference to the paper by?Bebchuk and Tallarita?referred to below)?and?"Don’t believe the cynics: Done right, stakeholder capitalism is what America needs " (co-authored by the CEO of JUST Capital), as well as, from a Canadian perspective, this?Globe and Mail?op-ed over the weekend, "The purpose of a corporation is not simply to make money " (co-authored by?Peter Dey, chairman of Paradigm Capital, and Sarah Kaplan, distinguished professor at the Rotman School of Management.)?Below is from the?CEO Daily Newsletter:

?????????"Tomorrow marks the two-year anniversary of the Business Roundtable’s statement on the purpose of business,?which either did—or didn’t—usher in a new era of “stakeholder capitalism,” depending on whom you believe.?Among those who argue it didn’t?are Harvard Law professors Lucian A. Bebchuk and Roberto Tallarita, who recently released their second study on the subject. They examined the Business Roundtable members’ corporate governance guidelines, corporate bylaws, proxy statements, etc., and found, well, nothing new. Thier conclusion:?he whole exercise was “mostly for show.”

?????????"But in an op-ed for Fortune, Martin Whittaker and Peter Georgescu of JUST?Capital,?a non-profit organization created by billionaire hedge fund manager Paul Tudor Jones to advocate a “more evolved form of capitalism,” dispute?that view. "Done properly,” they argue, “stakeholder capitalism…doesn’t necessarily need policy interventions, corporate governance reform, or amendments to company documentation to be pursued.”?Instead, it’s about?“the disciplined generation of long-term value” by serving the needs of people and planet.?Rather than focus on governance changes, they argue, companies should focus on how their stakeholder commitments?“can best be measured, and how (they) can be used as an engine for better financial performance.”?Over the long term, returns to shareholders and returns to society need not be in conflict......"

????????Note also this?WSJ?op-ed yesterday by?Lucian A. Bebchuk?and?Roberto Tallarita,?director and associate director, respectively, of the Harvard Law School Program on Corporate Governance, "‘Stakeholder’ Talk Proves Empty Again ", with reference to this research paper released by?Bebchuk?and?Tallarita?earlier this month, "Will Corporations Deliver Value to All Stakeholders? "?

?????????And note as well this?Harvard Law School corporate governace?blog?post today , based on this just released?Report #2? by the?Enacting Purpose Initiative ?(EPI), the product of meetings by a "group of 30 business leaders from organisations and institutions headquartered in the US to form the Directors Steering Group and a separate Global Investor Steering Group which was attended by 30 leading asset owners and managers." This Report #2?builds on the first EPI report published last August, "Enacting Purpose Within the Modern Corppration:?A Framework for Boards of Directors ."

????????

????????(ii)?the growing demand for, and increasing compensation of, the chief information security officer?(CISO)/reporting lines of the CISO/interview with Delta Airlines CISO:?

?????????(a) As?reported?in this July 29?WSJ?article, "Cybersecurity Chiefs Are in High Demand as Companies Face Rising Hacking Threats" ,?executive search firm Heidrick & Struggles International Inc. released on that day its "2021 Global Chief Information Security Officer (CISO) Survey ", which inter alia includes this section of interest, "CISO reporting lines: Up and down".?Below are excerpts from the?WSJ?article with highlights from the survey, including a discussion of?CISO reporting lines:

????????????"As companies face growing hacking risks, corporate cybersecurity chiefs are earning more money compared with last year, but in many cases are still reporting to IT leaders.?Many companies that previously didn’t have chief information security officers have hired one in the past few years, driving the need for professionals with experience, technical skills and business knowledge, experts say. Security leaders with these qualifications can be difficult to find, which has pushed salaries higher.

????????????"CISOs in the U.S. earned a median salary of $509,000 this year, compared with $473,000 in 2020, according to a new survey of 354 CISOs, published Thursday by executive search firm?Heidrick & Struggles International Inc.?Total compensation, including equity grants and?bonuses, rose to $936,000 from $784,000 in 2020.?Last year’s survey included responses from 372 CISOs......

????????????"Thirty-eight percent of CISOs report to their companies’ chief information officer, making it the most common reporting relationship, according to the Heidrick & Struggles survey. However,?some companies are moving away from cybersecurity leaders reporting to their chief information officer, said Matt Aiello, partner and leader of the global cybersecurity practice at Heidrick & Struggles.?In two recent hiring searches, for example, companies initially wanted to recruit a CISO who would report one level away from the CEO but?ended up hiring someone who will report directly to the CEO,?Mr. Aiello said.?At both companies, the boards of directors wanted the CISO to report to the CEO,?he added......

????????????"CISOs at publicly traded companies are much more likely to report to the CIO?compared with their counterparts at privately held firms, according to a survey published in March by cybersecurity-focused recruiting firm Hitch Partners.?There can be tension between the two roles?if cybersecurity requirements slow down or impede a technology project overseen by the CIO,?said Michael Piacente, co-founder and managing partner at Hitch Partners.?Many candidates for CISO positions aren’t interested in a job reporting to a CIO, Mr. Piacente said. “The CISO needs to be able to say this is not the way to secure our enterprise. They can’t have the CIO be influential in any way,” he said."

??????????(b)?Debbie Wheeler is the chief information security officer (CISO) for?Delta Air Lines,?and her recent interview with?Deborah Golden, a principal and U.S. Cyber & Strategic Risk leader for Deloitte Risk & Financial Advisory, appeared in this Deloitte-sponsored?WSJ?article, "Delta CISO: Problem-Solving Reigns as Core Skil l."?Below is an excerpt:

?????????".....Many would-be cybersecurity professionals, however, mistakenly believe they must have a degree in computer science or information systems. “Some of the absolute best cyber engineers come from nontraditional backgrounds in art, physical education, finance, and more,” says Wheeler. “To excel in this field, you have to be a good problem solver, not necessarily a strong programmer.”.......

?????????"Golden:?Can you share some creative solutions for managing third-party risk?

????????"Wheeler:?What I've learned over the course of my career about third-party risk is the importance of staying in constant communication with key suppliers. Informing and educating your business partners is also critical, even when the news is hard to accept. For instance, just because a particular third party has a widely recognized brand does not mean it has outstanding cybersecurity practices.?We find time and time again that even well-respected brands struggle to put basic cybersecurity measures in place. Smaller companies often face even greater hurdles. Beyond the standard security audits and risk assessments, we offer guidance to smaller businesses that don’t know how to properly secure the services or capabilities they want to provide. This practice helps to expand our pool of suppliers without introducing undue risk to the business....."

???????(iii)?chief compliance officers?(CCOs)?at Goldman Sachs and Morgan Stanley on top emerging compliance issues/WSJ interviews with Eli Lilly CCO and?Freddie Mac's new CCO/BarkerGilmore's 2021 Compliance Compensation Report/Walmart hires chief ethics and compliance officer- press release of the day:?

??????????(a) A number of the CCOs at the major Wall Street banks, among them?the CCOs at?Goldman Sachs?and?Morgan Stanley,?spoke at a?Securities Industry and Financial Markets Association event last month, and they are quoted?discussing a number of the top emerging compliance issues for the second half of 2021?in this recent?Law360?post, "Bank CCOs Outline Their Top Emerging Risks Of 2021 ". Below are some excerpts:

?????????"Post-Pandemic Workforce:?Keeping tabs on employees in a hybrid environment — which combines remote and on-site work — could be challenging, the CCOs said.?Michael Richman, CCO with?Goldman Sachs, said he anticipates that more workers in consumer-focused sides of the business will work from home more often, including those in call centers and salespeople in private wealth and banking units.?"I think more of the businesspeople are going to be out of the office than they were historically, which will put pressure on compliance,"?Richman said. "I think that a lot of the people that are overseeing and monitoring and trying to detect their activity will be out of the office.".......

?????????"Edvard S. Olsen, the Americas CCO at?Barclays, drilled into the key challenges he believes will be associated with the hybrid work?environment.?He pointed to internal challenges like maintaining office culture and talent development, as well as external concerns including the monitoring of new communication channels and data privacy issues.?"We're at an inflection point from an industry perspective,"?Olsen said.?"Those that adjust and really handle this the most effectively and are the most agile, I believe, are really going to be the leaders in the space.".......

?????????"ESG: ......."[ESG is] a growing business opportunity ... but also presents challenges in new packaging and disclosures, in conflicts, and how to manage those issues," said?Raul F. Yanes, CCO with?Morgan Stanley.?"There's been a signal from the SEC, in any event, that they're expecting a pretty built-out framework around those risks,"?Yanes added, noting that?compliance folks will need to"think a little differently about how we take the traditional compliance tools and wrap [them] around a new subject area."?

?????????"Jennifer Taylor, CCO with?Citigroup's Institutional Clients Group,?pointed out that getting up to speed is not "just about the regulations, it's about the various reporting standards that we'll have to follow," advocating for a holistic, companywide approach.?"The cross-enterprise approach to managing ESG risk is going to be so important because it will pervade all of our businesses," she said. "The compliance program will have to adapt and evolve."

?????????"Digital Assets: ......Richman, the Goldman CCO, acknowledged that the emerging space is a "complicated area."?"It's not just trading crypto, it's issuing debt denominated in crypto, it's making loans secured by crypto, there's custody and subcustody, trading and futures structured notes, private funds and ETFs," he said. "Compliance has to react to that and develop a compliance program around this new product, or whatever it is."?Richman also pointed to disclosure and suitability issues surrounding crypto, as well as the financial crime risks......."One of the things we're struggling [with] and thinking about is what should our personal trading policy be around our employees trading crypto?"?Richman added. "There aren't a lot of answers, and we're trying to figure it out."

????????"Social Media-Driven Market Activity:?Nancy Swift, head of enterprise compliance with?Fidelity Investments,?noted that 2021 changed how compliance will have to approach social media.?Previously, it has?"largely been around capturing and retaining and monitoring it, but now we actually see social media driving market events," she said.......Yanes of?Morgan Stanley?said the firm is establishing rules about how employees should or should not react to these market events, including those that touch on?"communicating internally [and] avoiding conflicts."?

?????????"Goldman?too is providing guidance on what employees can include in communications on social media and when they need compliance's approval, Richman said.?Without such a framework,?"the volume is so high, the speed is so fast [that] it's going to be very hard for us to [operate] in a timely way for them to be able to accomplish their commercial objectives," he said."

?????????(b) Below are?excerpts?from a?WSJ?interview with?Eli Lilly's CCO,?Alonzo Weems,?which appeared in this July 30?WSJ?article, "Eli Lilly’s New Compliance Chief on His Priorities ":

????????????"WSJ:?Coming into this position, what are your priorities? Are there any changes you’re looking to make?

?????????????Mr. Weems:?We need to be doing [compliance] in ways that are easier for our colleagues to understand. We need to be thinking about how it can be easier to get the information—as we enable, partner, and assist our colleagues in doing their work. That’s not sexy. But it’s really, really important in delivering a program that meets the needs of the business.?We have to be making sure that we have the right capabilities, that our monitoring and assessing of risks are right. And that we’re doing that in the best ways. That we’re running our enterprise risk-management program in the best ways. That we are optimizing our training and communications resources.

?????????????"WSJ:?Has how you monitor and track compliance with your different regulatory obligations at Eli Lilly evolved in recent years?

??????????????Mr. Weems:?Yes, it is evolving. It’s about trying to move from a far more manual, individual and observation-predominant [approach]…to [one] where there’s a lot of data feeds.....I’ve now had two conversations and one deeper dive with the new leader of our information and digital solutions group [Diogo Rau], as we think about the partnership between that group and our global ethics and compliance, and enterprise risk-management function.?He was about as excited as I was during the conversation. So I see it as a really strong partnership. But you know, you’re moving data from different systems, from different platforms. The details are not insignificant, and the journey is not an easy one. But that is the future of doing monitoring work even better.......

????????????"WSJ:?Going forward, will there be some sort of hybrid situation where, in some cases, you’ll continue doing things virtually, but in other instances where it’s of higher value, you’ll do things in person?

?????????????Mr. Weems:?I think we will continue to do that.?We’ve learned there’s a lot that we can accomplish virtually. Communications in some ways, across the globe, probably improved. At least the frequency of communications improved.

????????????"WSJ:?You have a background working on diversity issues at the company.?Is diversity, equity and inclusion something you see compliance playing a role in?

???????????"Mr. Weems:?Here’s where I think there are commonalities: The leaders who are driving diversity, equity and inclusion, and the leaders who are driving ethics and compliance, we’re all in the culture business.?Diversity, equity and inclusion isn’t rooted in a legal standard. Rather, it’s about saying, “Do we have the processes that are consistently making sure that we are identifying, rewarding, recognizing and promoting the talent across the organization and doing that broadly?” And looking at processes that are giving us some assurance that we’re doing that right.?We all have an interest in making sure that we’re doing that right, regardless of what function you sit in as a leader, or as an employee."

???????????Note also excerpts from a?WSJ?interview with?Jerry Mauricio, newly appointed senior vice president and?chief compliance officer at?Freddie Mac?and who previously?worked in compliance at?BNP Paribas SA, Barclays Capital Inc., and?Lehman Brothers, appearing in this?WSJ?article yesterday, "Freddie Mac’s New Compliance Chief on Lessons Learned From Previous Crises ."

??????????(c) Earlier this month, legal and compliance executive search firm, BarkerGilmore, released its "2021 Compliance Compnsation Report. " Highlights appear in this Aug. 5?Corporate Counsel?blog post , of which below is a short excerpt:

?????????????"Looking....at?compliance chief pay by gender, total comp for men was $314,000 versus $295,000 for women,?a 6% difference. But the gender pay script flipped?a little lower down the compliance rung. For compliance officers and counsel, women’s comp totaled $223,600, compared with $210,000 for men.?Overall, the average salary for men was $224,000, nearly $10,000 more than the average salary for women. Men also received higher average bonuses of $65,000 versus $55,000 for women. Long-term incentive comp was the same, $25,000, for both genders...."

??????????(d)?Walmart?announced yesterday in?this press release ?the appointment of a new?Chief Ethics and Compliance Officer,?reporting to the CLO, as follows:

?????????????"Walmart announced that Matt Miner has been?appointed as executive vice president and global chief ethics and compliance officer.?Miner,?with more than 20 years of compliance and legal experience,?will lead the company’s global compliance program and report to Rachel Brand, Walmart’s executive vice president of global governance, chief legal officer and corporate secretary......Miner comes to Walmart from the Washington office of Morgan, Lewis & Bockius LLP....."

???????(iv)?Accenture’s 2021 Global Risk Management Study/crisis management preparedness: Last month, Accenture released its?2021 Global Risk Management Study , based on?a survey?of?700 risk professionalsfrom a wide range of industries. Below is from the section, "Prepare for the crisis just around the corner", at p.24:

??????????"Scrutinize crisis-management plans:?Even if businesses do everything possible?to bolster operational resiliency, “disaster”?inevitably strikes. When it does,?businesses?need to have in place robust, flexible crisis-?management plans that can guide their responses.....?(B)usinesses need to devote the time to making sure that their crisis management plans are complete, well-communicated, understood and practiced.?

???????????"The study data indicates that risk leaders are?confident in their updated crisis-management plans: although 71 percent of risk leaders say that COVID-19 exposed deficiencies in their ability to respond to crises,?83 percent have?updated their business-continuity plan in?the past 12 months and 82 percent say their business-continuity plan is fit for purpose.?

???????????"What practical steps can risk teams take so that their crisis management plans and?the strategy for executing them are fit for?purpose??As a starting point, risk teams need to make sure that these plans contain all of the detail that is necessary, including prescriptive guidance that is practical and executable about how to respond to an adverse shock. In addition,?they need to broaden the spectrum of potential shocks they cover. It’s not enough to create resilience?to financial risks; preparation needs to also?cover cyber attacks, supply-chain disruption, another pandemic, and other unpredictable events.?

???????????"Risk teams also ought to make sure the crisis-management plans are understood by those who have to use them and test the business’s ability to follow the guidance?they contain in an adverse event.?To understand the latest industry thinking, and to avoid the inadequate crisis response that can create systemic risks, there’s great value in sharing crisis-planning best practice with industry peers, creating a self-supporting network that can withstand future shocks....."

???????(v)?a primer on AI and 'machine learning'/HBR post on AI ethics:?

?????????(a)?A primer on AI and "machine leaning" in this recent?Bloomberg?artcile, "Artificial Intelligence Could Dramatically Speed Up Climate Action ":

???????????"...Artificial intelligence is one....technology that has big potential to help cut plenty of planet-warming emissions....As with any new technology, there’s also a lot of hype.?To cut through the noise, I spoke with?Priya Donti of Carnegie Mellon University and David Rolnick of McGill University, two?of the three co-chairs of the group Climate Change AI, which brings together academic and industry experts.

???????????"What exactly is AI??“It’s a very broad term that basically covers any computational algorithm that can perform some kind of complex task,”?Donti??says. “Typically, tasks that humans can do like vision, speech, reasoning.”?There’s still a philosophical debate among AI researchers whether the goal of AI is to do things as well as a human — or achieve superhuman performance.?

??????????"Machine learning?is a type of AI application that is narrowly focused on drawing insights from large datasets. It’s probably what a human could have done, Donti says, but machine learning helps speed up the process."

???????????(b) This is the "Summary" of this?HBR?post from July 26/21, "Everyone in Your Organization Needs to Understand AI Ethics ":

??????????"Summary:?When most organizations think about AI ethics, they often overlook some of the sources of greatest risk: procurement officers, senior leaders who lack the expertise to vet ethical risk in AI projects, and data scientists and engineers who don’t understand the ethical risks of AI.?Fixing this requires both awareness and buy-in on your AI ethics program across the organization.?To achieve this, consider these six strategies: 1) remove the fear of not getting it right away, 2) tailor your message to your audience, 3) tie your efforts to your company purpose, 4) define what ethics means in an operational way, 5) lean on trusted and influential individuals, and 6) never stop educating."

-----------------------------------------------------

Please contact me if you would like to receive each issue of this daily newsletter