'THE DAILY CORPORATE GOVERNANCE REPORT’ (for public company boards, the C-suite and GCs)
?Please see the items below with the related links (NOTE: access to link content may be metered, require a no-charge registration or require a paid digital subscription)
? ? ? ? ? ? ? (i)?more fallout from the recent exit of BP's CEO:?personal conduct of executives a growing risk for boards/the promotion and appointment process at BP:?
? ? ? ? ? ? ? ? ? (a) As noted in a recent item (see item (ii) from Sept. 19), there has been?considerable fallout from the?recent exit of BP's?CEO, Bernard?Looney, over undisclosed personal relationships with workplace colleagues (see item (iv) from Sept. 13/23), which?has put the spotlight on office relationships of CEOs and other executives, as well as the board due diligence process when appointing a new CEO. More in the fallout in this?FT?article last week, "Why personal conduct is a growing risk for business", and below are excerpts:
? ? ? ? ? ? ? ? ? ? ? "What is the difference between a hook-up, a fling and a relationship? For a board director of a big company in 2023, this may now be required knowledge.?Bernard Looney of oil company?BP?and?Cboe Global Markets’ Edward Tilly?resigned last month after their failure to disclose past relationships with employees to the board.?CNN?Worldwide president Jeff Zucker?and?McDonald’s boss Steve Easterbrook also left their roles for similar reasons in recent years.?
? ? ? ? ? ? ? ? ? ? ? ? "Departures such as these have made the private behaviour of business leaders an increasingly hot topic for corporate boards, raising the question of how closely directors need to scrutinise the personal conduct of top executives?— from workplace relationships, bullying and inappropriate use of social media, to an individual’s tax affairs and embellished CVs.....Reputational risk has become as high a priority as financial risk, but board discussions have historically tended to focus on issues such as product reliability, service quality and compliance, rather than personal conduct.?Directors are now increasingly having to make judgments based on what is socially acceptable, as well as legal and ethical, to ensure they maintain the confidence of staff, investors and customers.....
? ? ? ? ? ? ? ??? ? ? ?"There are a number of reasons why it pays for companies to prevent personal conduct issues blowing up. At stake is trust in a leader and the organisation. Unplanned chief executive departures and wider management upheaval present a huge headache for directors, creating uncertainty and disruption for staff and investors alike. The share price can also suffer.......
? ? ? ? ? ? ? ? ? ? ?“Good personal conduct of executives is as critical now as it has been at any point in time. It is just now the information flow is worldwide and immediate,”?said the chair of a multinational company. “Ten years ago it would have been dealt with in the boardroom and we wouldn’t have been witness to it. Now everything is so visible.”......Boards are also under more pressure from activist investors. “Expectations are just different today. There is way more scrutiny of top leaders and more transparency is required. If you have an issue with that then you probably shouldn’t be in the role,”?the chair added........
? ? ? ? ? ? ? ? ?? ? ?"One way to stop HR issues snowballing into a broader crisis is to give more seniority to human resources directors.?Many companies have elevated HR officers to leadership or boardroom roles, enabling them to directly advise the chief executive.....In the event that governance processes and HR functions do not catch bad behaviour, there has to be a way for the average employee to take action.?Well publicised and effective codes of conduct and properly functioning whistleblowing mechanisms without fear of reprisals are essential.?Some companies have ethics champions throughout the company that individuals can turn to.?“People need to feel empowered,”?said one adviser to major companies. “But is it really possible to catch everything? Obviously not.”
? ? ? ? ? ? ? ? ? ?(b) According to this Sept. 29?FT?story, "Looney accused of promoting BP women with whom he had undisclosed relationships",?the allegations that prompted Bernard Looney’s resignation from BP included an accusation that the chief executive promoted women with whom he had undisclosed past relationships, according to people familiar with the matter." Below is from the?FT?article, inter alia?quoting a?BP?spokesman on the process at?BP?for promotions and appointments:
? ? ? ? ? ? ? ? ? ? ???"In a response to the?Financial Times,?BP?said that?appointments and promotions at the company follow?"rigorous hiring and talent management processes”?and?that no employee, including the chief executive, is able to make unilateral appointments. “These include detailed role descriptions, interviews with diverse hiring panels, third party assessments and diverse candidate slates,”?BP?said.?“Promotions and appointments are not made solely at the behest of any single executive or individual.” ?
? ? ? ? ? ? ? (ii)?HBR post on boardroom discussions on cybersecurity and a tool to improve them: Below is the headnote summary of this?HBR?post last Wednesday, "A Tool to Help Boards Measure Cyber Resilience", by?Dr. Keri Pearlson, Executive Director of the research consortium Cybersecurity at MIT Sloan (CAMS):?
? ? ? ? ? ? ? ? ? ????"Summary.?During our research,?we asked cybersecurity leaders, board directors and other subject matter experts about board cybersecurity discussions and the reporting given to boards?in preparation for these discussions.?All respondents had strong opinions about cybersecurity boardroom discussions. Generally, participants agreed that boards had a difficult time discussing cybersecurity at a meaningful level, the board needed different information, and a new approach was necessary."
? ? ? ? ? ? ? ? ? ? ? Below are excerpts from the post, which inter alia proposes a tool it refers to as a "Balanced Scorecard for Cyber Resilience (BSCR)" to provide better information to boards (not discussed in the excerpts below):
? ? ? ? ? ? ? ? ? ? ???"By now most?boards know that cybersecurity is a business risk that they must oversee and ensure proper mitigations are in place......Organizations cannot protect themselves enough to simply rely on additional investments in protection....Companies, and the boards that oversee them, have failed to find the right way to be protected enough...Instead,?we advocate that boards must have conversations about resilience, not just about protection.
? ? ? ? ? ? ? ? ? ? ? "To properly mitigate cyber risk, company leaders must have rock-solid plans in place to respond and recover quickly so even in the face of a cyber attack, the company continues to operate.?Those are the right conversations for board directors to have with their cybersecurity leaders. In this article, we share research on the kind of information directors need for these conversations, and it is not the information they are getting today.
? ? ? ? ? ? ? ? ? ? "Research into Board Oversight: .....We began our research by trying to understand the kind of information CISOs and cyber executives were reporting to their boards, and comparing it to the information boards need to do their job.....While it’s easiest for cyber executives to report on technology metrics or organizational metrics, such as phishing exercise results, this information does not help the Board with their job of ensuring cyber resilience. It’s just the wrong level of information......We asked questions of cyber leaders who report to boards, board members, and other subject matter experts about the information most useful to boards from a business perspective, rather than a technical perspective. This approach yielded a framework and set of recommendations that hold promise to assist boards in understanding the real risks they face, give cyber executives a language to communicate these risks, and create opportunity for useful dialogue between the two groups.
? ? ? ? ? ? ? ? ? ? "The Need For Better Board Cybersecurity Reporting: ........All respondents had strong opinions about cybersecurity boardroom discussions. Generally,?participants agreed that boards had a difficult time discussing cybersecurity at a meaningful level, the board needed different information,?and a new approach was necessary. For example,?one director who responded said,?“I think a discussion about cybersecurity metrics is worthwhile. It’s hard to measure and communicate security ‘value.’ So, some thoughts in that regard would be interesting to me.”........
? ? ? ? ? ? ? ? ? ? "Providing The Right Information to Boards:?Directors understand their organization faces risk from many sources, including cybersecurity risk.?The big elephant in the room, however, is how to appropriately discuss and manage this risk..... Managing the risk means making decisions on the best way to spend resources protecting our organization and at the same time, preparing for a possible incident and insuring resilience to operations. For this,?boards need a balanced view of cyber vulnerabilities and threats and an understanding of how operational leaders are managing them.?
? ? ? ? ? ? ? ? ? ?"While it is seductive for directors and operational leaders to focus on the technical details and metrics, it’s not the right place to start.?For example, when cybersecurity leaders only report the latest phishing exercise results, boards engage at that level. Quantitate measures are easy to obtain, share, and compare. But they don’t tell the story that help boards oversee cybersecurity risk. Further, directors use the information they are given, and the ensuing discussion focuses on tactical plans operational leaders put in place to reduce the chance of a successful phishing email.?But that is not the best use of the directors’ attention.?It focuses the directors’ attention on one aspect of organizational cybersecurity and may miss other vulnerabilities that threaten the business.?Instead, the board should be discussing the business-level risks the leaders see, and what the operational leaders are doing to insure resiliency.?This broader question leaves open the opportunity for any organizational vulnerability, not just a phishing email vulnerability....."
? ? ? ? ? ? ? ? ? The HBR post is discussed in the latest?WSJ "What Board Need to Know" article, "Cyber Attack Costs", under, "How good is communication on cyber risk between management and the board?":
领英推荐
? ? ? ? ? ? ? ? ? ?"In a Harvard Business Review?article, Keri Perlson, executive director of the research consortium Cybersecurity at MIT Sloan, discusses the findings of her board research and proposes a scorecard for communicating key cyber risks to boards. One of the areas Perlson identified as an issue for businesses was communication between management and the board.?
? ? ? ? ? ? ? ? ? ?"Perlson’s solution, the?'Balanced Scorecard for Cyber Resilience'?“combines financial, technological, organizational, and supply-chain indicators, and an aggregated indicator of resilience.” Each of the four quadrants representing finance, technology, organization and supply chain shows the biggest risk, the risk management plan and a quantitative indicator of risk. This allows directors to quickly understand the most critical risks, how they can be managed and how concerned directors should be."
? ? ? ? ? ? ? ?(iii)?Moody's report on cybersecurity spending and rising cyber insurance premiums: On Sept. 28,?credit-rating agency Moody's published this report on cyber security spending, "Cyber budgets increase, executive overview improves, but challenges lurk under the surface", based?on?a?survey?"sent to?roughly 9,000?issuers globally in May" and the "more than?1,700?responses received through July?18."?Below is from the section, "Cyber insurance premiums have risen exponentially":
? ? ? ? ? ? ? ??? ??"While cyber budgets have increased, so have the demands made on them.?Cyber insurance has become an indispensable tool in the risk management toolkit for many issuers, and premiums increased by a median of 50% across the board between 2020 and 2022.....The rising premiums hit some issuers harder than others. Some US issuers in education, healthcare, construction and manufacturing experienced?premium hikes?of 300% or more in 2021.
? ? ? ? ? ? ? ? ? ???"The rise in premiums peaked in 2021 but has eased off since?then as insurers found greater profitability, new carriers began writing cyber insurance, and the volume of ransomware attacks decreased.?Statistics from insurer?Marsh?illustrate the trend well. Marsh?reported?that rates for its US-based cyber insurance customers increased an average of 130% in December 2021 but fell for the first time in at least 3 years by 4% in Q2 2023......
? ? ? ? ? ? ? ? ????"Despite the higher cost of cyber insurance, only 3% of issuers said they planned to buy less cyber coverage in 2023 than in 2022.?The vast majority (82%) plan to purchase about the same amount, and 16% said they would buy more.?These numbers hold even for those that have faced substantial increases in cyber insurance premiums.....", and,
? ? ? ? ? ? ? (iv) press releases/precedents of the day?(Walgreens CEO employment agreement, including as an exhibit, Walgreens 'non-competition, non-solicitation and confidentiality agreement'; Humana COO employment offer letter):
? ? ? ? ? ? ? ? ? ? (a) On Sept. 1,?Walgreens?Boots Alliance, Inc.?announced in?this press release?that its?Board of Directors and its CEO,?Rosalind Brewer,?had?mutually agreed?that the CEO would step down, to be replaced by the company's lead independent director as interim CEO. Today, Walgreensannounced in this press release the appointment of a new permanent CEO from outside the company, as follows:
? ? ? ? ? ? ? ? ? ? ? ? ?"Walgreens Boots Alliance, Inc. today announced the appointment of Tim Wentworth as the company’s new Chief Executive Officer, effective on October 23. Mr. Wentworth will also join the WBA Board of Directors upon assuming the role. Most recently, as founding CEO of Evernorth, Cigna’s health services organization that partners with health plans, employers and government organizations, Mr. Wentworth brought together health service capabilities including care provision, pharmacy solutions and benefits management......."
? ? ? ? ? ? ? ? ? ? ? ? ?In connection with the appointment of the new CEO, the company and the new CEO entered into this Employment Agreement, including as Exhibit A the Walgreen "Non-Competition, Non-Solicitation and Confidentiality Agreement, as summarized in the related Current Report filed with the SEC;
? ? ? ? ? ? ? ? ? ? ? ?(b) Paint company?The Sherwin-Williams Company announced today in this press release the promotion of its COO to the position of CEO, with the current CEO and Chairman to continue as Executive Chairman, as follows:
? ? ? ? ? ? ? ? ? ? ? ? ? ? ?"The Sherwin-Williams Company announced today that its Board of Directors has elected?Heidi G. Petz?to serve as the Company's next Chief Executive Officer (CEO), effective?January 1, 2024. Ms. Petz, 48, who has served as President and Chief Operating Officer of Sherwin-Williams for the last two years, will assume the CEO duties currently held by Chairman and CEO?John G. Morikis. Ms. Petz will continue to serve as President.?
? ? ? ? ? ? ? ? ? ? ? ? ? ? "After serving as CEO since 2016, Mr. Morikis will continue to serve as Executive Chairman. In addition, the Board increased its size from 10 to 11 members and elected Ms. Petz to fill the resulting vacancy, effective?October 10, 2023.?"Today's announcement follows a comprehensive process and multi-year organizational succession plan to identify the best candidate to lead the Company," said Mr. Morikis...."The selection of Heidi as CEO is the result of a well-developed and thoughtful process to ensure a seamless leadership transition that focuses on strength, momentum and growth," commented?Jeff M. Fettig, Sherwin-Williams Lead Director......"
? ? ? ? ? ? ? ? ? ? ? ? ? ? ?Compensation arrangements with the new CEO are disclosed in the related Current Report filed with the SEC;?
? ? ? ? ? ? ? ? ? ? ? ? ?(c) NYSE-listed,?health care services company Humana Inc. announced today in this press release a "leadership transition plan" involving the appointment of a new COO from outside the company as the CEO successor, with the current CEO to step down in the second half of 2024, as follows:
? ? ? ? ? ? ? ? ? ? ? ? ? ? ?"Leading health insurer and health care services company?Humana Inc.?announced today it has named health care industry veteran?Jim Rechtin?as President and Chief Operating Officer of Humana Inc., effective January 8, 2024, as part of a long-planned CEO transition. He will report to?Bruce Broussard, CEO, until the latter half of 2024 at which time Broussard will step down and Rechtin will assume the CEO role.?Broussard joined Humana in 2011 and assumed the role of CEO in 2013.......Rechtin joins Humana from Envision Healthcare where he serves as President and CEO. He has more than 22 years of health care experience......"
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? In connection with the appointment of the new COO, the company and the new COO entered into this Employment Offer Letter, as summarized in the related Current Report filed with the SEC.
------------------------------------------------
??Please contact me if you would like to be on the distribution list and receive every issue of this newsletter directly in your inbox.