Governance Implications of Equifax

Numerous elements of the Equifax controversy implicate corporate governance across a broad range of oversight, insurance, executive transition and accountability topics. These are sufficiently relevant to merit a board briefing from general counsel (GC), perhaps teaming with the chief information security officer (CISO).

There has been of late—even before Equifax—substantial discourse in the governance sector regarding the extent of time devoted by boards to matters of cybersecurity. A new consulting firm survey indicates a meaningful increase in board involvement in cybersecurity matters year-over-year, for the last four years. In addition, cybersecurity-related budgets have increased by 19 percent. In this respect it may be valuable to have the CISO brief the board on the circumstances surrounding the Equifax (and, perhaps, the just disclosed SEC) breaches, and the preparedness of the organization to respond to similar hacking efforts. The GC can brief the board on the Caremark-based standard the courts have applied to date in the leading cases to evaluate director culpability in cyber-breaches. The National Association of Corporate Directors (NACD) has been proactive in developing recommendations on board oversight conduct. In addition, the board is well advised to review, with both the GC and its insurance advisor, the extent of directors and officers liability (D&O) insurance available to address breach of cybersecurity oversight duties. This, as some insurance industry observers express concern that some insurers may seek to carve out exceptions to such coverage.

Finally, the Equifax circumstances serve as a reminder of the value of a board-developed emergency chief executive officer (CEO) executive succession plan. While most such plans are perceived as options to address health-related concerns, it is also valuable in situations where the board believes that the immediate separation of the CEO is necessary in order to respond to public/congressional/stakeholder outrage with certain major crises that have broad consumer impact—even if they are "black swan" in nature. Finally, Equifax may prove to be another situation in which the board applied accountability through the application of "clawbacks" and other forms of compensation disgorgement. 

The Temptations of Deregulation

The board, as well as the audit and compliance committees, should be wary of the actual impact of what is perceived as broad-based deregulation efforts emerging from the administration and Congress—especially to the extent that such efforts are promoted as justification for reducing the vigor currently applied to legal risk and compliance efforts.

A recent article in The New York Times DealBook addressed what it described as a decrease in enforcement of "accountability-related" regulations under the administration, and raised a concern whether that decrease would ultimately lead to an increase in corporate misconduct. It is certainly conceivable that some managers and executives could misconstrue reduced enforcement activity with reduced legal risk arising from certain controversial business transactions. Efforts to revise the Stark law, and the pending changes to the structure of the Yates Memorandum, may contribute to such misconstruction.

The GC is well aware of the critical distinctions between risk of enforcement, and risk of violation of law. To that end, the GC may wish to provide executives and key committees with a realistic summary of the extent of deregulation and enforcement of the primary health care laws. Indeed, recent related commentary from NACD in its Weekend Reader prompts boards to confirm the organizational commitment to legal compliance and ethics, and to encourage management to continue to share with the board information regarding identified legal risks. Among NACD's most significant recommendations is making sure that management understands that, media reports to the contrary, the current political environment is not one in which regulatory enforcement is on the "back burner" and that organizational compliance efforts can thus be relaxed.

CEOs, Social Media and Political Profiles

CEOs are increasingly willing to adopt public positions on matters of social policy, and to participate in social media forums such as LinkedIn, Twitter and Facebook. The GC is a logical resource with which the CEO should consult as to the advantages and disadvantages of such activity. 

As recent events have indicated, CEOs are under increasing pressure from customers, employees, shareholders and board members to take positions on social or political matters that may implicate their own corporate values. In addition, some CEOs perceive social media activity as offering significant corporate benefits in terms of cultivating brand perception; enhancing customer relationships; increasing rapport with the corporate workforce; recruiting and retaining "millennial" talent; and demonstrating currency with cultural trends. Yet such public positioning is not without significant reputational, performance and perhaps legal risk to the CEO and to the company. Such comments can disturb relationships with the board, create controversy with employees and consumers, undermine corporate relationships with legislators and affect consumer preferences. They can also raise distinct legal issues (e.g., SEC disclosure, antitrust).

To advise them on how best to balance the risks and rewards of public commentary, CEOs are turning to their GC, given her increasingly recognized role both as "wise counselor" and "guardian of the corporate reputation," in addition to technical legal expert. In this role, the GC is by training capable of advising the CEO in the broadest possible context. She will supplement her technical legal analysis with consideration of applicable moral, ethical, political, economic and environmental factors.

The GC/Chief Diversity Officer Coordination

A new Modern Healthcare report describes the increasing application by health systems of the chief diversity officer (CDO) position to promote a more inclusive workforce. The nature of that position is such that the successful pursuit of its important agenda will be enhanced by close cooperation and coordination with the GC

According to the Modern Healthcare report, health systems perceive diversity and inclusion officers as important to assuring that those topics are a strategic priority throughout the organizational hierarchy. The perspective is that a diverse workforce will help health systems be responsive to a more diverse patient population.

Yet many of the duties and responsibilities of the CDO by their nature implicate legal and ethical considerations that are the primary jurisdiction of the company's GC—both with respect to the oversight of the legal risk profile of the company, and to the support of the board in the exercise of its governance responsibilities. These include matters of labor and employment law; reasonableness of compensation; employee benefits; litigation and government controversy; and corporate governance.

The ability of both the CDO and the GC to perform the full scope of their duties will be supported by a willingness to recognize the areas of overlap in their responsibilities, and to implement (with senior management's help) a workable system of coordination and cooperation. The ultimate goal is to take advantage of opportunities to consolidate advice and reporting on particular matters, in order to reduce legal and reputational risk to the company. It is most certainly not to marginalize the hierarchical prominence or responsibilities of either officer.

Fiduciary Expectations Regarding Digital Technology

The rapid pace of technological change, and the related risk of technology-based business disruption, present significant risk oversight challenges for health system boards. This is especially the case with respect to the importance of digital technology, and the opportunities that it presents. The GC, teaming with the chief information technology officer (CITO), can support the board in its effort to become more literate in this area.

A NACD survey, summarized in a recent issue of its Weekend Reader, highlights the need for directors to become more familiar with the transformative power of emerging technologies on the corporate business model. From a fiduciary perspective, there is an expectation that directors will develop a working familiarity with these technologies; and an awareness of both how they may be applied within their own enterprise, and how technology interacts with matters of strategic direction. For health system boards, digital technology is a matter of particular focus given the many emerging areas in which it is being applied through the health care sector. These include, e.g., incredibly powerful back office efficiency tools; a strong IT infrastructure; utilization of consumer IT by providers; the expanded access (both in terms of geography and specialty) afforded by technology; strategic relationships that are being created to implement precision medicine; the expanding notion of health care created by the digital environment; and the impact of artificial intelligence on actual clinical care delivery.

The board can be positioned to address these technology challenges through a combination of more fulsome educational programs; support from a dedicated team of qualified IT professionals; access to outside technology advisors; the recruitment of director candidates with recognized technology competencies; identifying IT-related questions that directors may ask with respect to organizational IT matters; and the delegation of certain technology-related matters to one or more properly composed committees with board-delegated powers.

Click here to access Michael's October 2 presentation to the National Association of Attorneys General/National Association of State Charity Officials on "The Impact of Technology on Nonprofit Corporate Governance."

The Increasing Use of the "Executive Chair" Position

Complex organizational and governance structures, and the increasing need to recruit and retain qualified directors, can require creativity in the identification of board level positions, titles and responsibilities. Such appears to be the case with the emerging use of the board position, "executive chairman."

While there is no generally accepted use of the title, it assumes the trappings of both an executive and of a board member. The concept of "executive chair" is one of three primary accepted means of structuring the role on board chair (the others being the true independent chair, and the combined chair/CEO position). The typical "executive chairman" serves in a board leadership position while simultaneously remaining active with in the company as an executive (not the CEO). The intent is usually to ascribe substantial authority to the position, beyond that which is traditionally assigned to the "chairman." In that regard, the position is attractive to companies as a way to transition to retirement a highly regarded CEO while continuing to receive his services as an executive for a defined period of time. Note in this regard that most state corporation statutes provide certain flexibility in the identification and authority of board officer titles.

The use of such creative titles implicates several legal considerations on which the GC should be consulted. First and foremost is an understanding of the authority afforded to the position, especially in relationship to other, more traditional officer positions such as the chair, vice chair and CEO. (This is particularly the case with respect to interaction with the CEO and the establishment of the board agenda).

Other issues relate to the independence (or absence thereof) of the executive chair and the possible need for a lead independent director. A related issue is the extent to which a conflict of interest would arise, when the executive director is a former CEO, and is called upon to vote on a matter which she may have sponsored, or in which she had a pecuniary interest, while as CEO. One particular benefit of these kinds of nontraditional board officer positions is the extent to which they prompt a review of the powers and duties of each officer position and how those powers and duties relate to the roles of management.

The Ethics of Intra-Family Corporate Representation

The health system GC will be particularly interested in a recent state bar professional conduct advisory opinion that addresses the ability of an in-house counsel to provide legal services to multiple subsidiaries of the same parent organization.

The opinion request was grounded in a familiar fact pattern—an in-house lawyer of a large company in a regulated industry, who is called upon to advise not only the parent entity but also multiple subsidiaries—including some unrelated to the company's core business. Of course, it is a fundamental expectation of large in-house general counsel departments that they will represent not only the parent corporation, but also its various affiliates. Yet, as the bar committee noted, the ethical aspects of "intra-family corporate representation" are rarely addressed in professional responsibility rules and opinions, and even when addressed are often done so in a general manner.

The committee's opinion restates the basic rule, that in-house corporate lawyers may represent a corporate parent, as well as multiple corporate subsidiaries or affiliates of that same parent. This is often referred to the "enterprise theory of representation," and is framed by various sections of the professional rules of ethics. As the bar opinion noted, the principle concerns to be addressed by in-house counsel in those situations relate to client identity, conflicts of interest and client confidentiality. The opinion recommends memorializing more formally key aspects of the in-house counsel's engagement, including a clarification of the lawyer's corporate clients; addressing the potential for intra-family conflicts; and the manner in which confidential information will be protected.

This opinion may provide a useful opportunity for GC to (1) review whether this issue has been addressed by the bar in her own jurisdiction; (2) explain to senior management the professional responsibility nature of their client relationship with corporate affiliates (and the conflicts of interest issues that may periodically arise in such relationships); and (3) establish written policies (e.g., advance waivers) to facilitate resolution of conflicts and confidentiality concerns.

Board Oversight of "Innovation Ventures"

The increasing interest of health systems in pursuing innovative technology-based ventures to fulfill their research and education functions prompts a need for increased board engagement and oversight of these initiatives.

Innovation ventures are often focused on investing in, and accelerating the development and commercialization of, biomedical, digital health and health care technology discoveries. As such, they are particularly attractive to academic medical centers and their affiliated universities; integrated delivery systems; leading pediatric and specialty hospitals; medical research foundations and charitable foundations committed to funding the acceleration of improved treatments for disease states. However, the intended charitable and scientific benefits of emerging innovation ventures neither relieve, nor insulate, board members from their fiduciary obligations to exercise appropriate levels of diligence in their decision-making and oversight with respect to such ventures. Indeed, innovation ventures often involve an unusual degree of complexity in terms of corporate structure, range of investment (and of investors) and potential risk (e.g., regulatory, financial, conflict of interest), and thus require enhanced engagement from the disinterested members of the governing board.

In that regard, board oversight is often focused on a variety of issues, throughout the venture's life cycle on a variety of core issues, including venture compatibility with the organizational mission; whether the organization's board possesses the competencies necessary to support effective venture oversight; familiarity with the venture structure and its component parts; the financial feasibility of the venture and its implications for organizational stewardship; the often unique legal and regulatory risks; and the potential for conflicts at multiple levels of venture formation and operation. Accordingly, the organization's GC can be of exceptional value in advising the board on the fiduciary issues arising from investment in innovation ventures.

The Continued Risks of Overboarding

A recent The Wall Street Journal story underscores new stakeholder concerns with the governance risks of "overboarding" by corporate directors. Addressing overboarding concerns is an increasingly important responsibility of the board's governance and nominating committee.

The specific concern is that individual directors may be limited or distracted in the exercise of their fiduciary responsibilities by similar responsibilities arising from other board memberships. It is an issue that has its roots in the corporate responsibility environment in the wake of Sarbanes Oxley, and reflects concerns that such key duties such as oversight of management, monitoring of operations and financial performance and evaluation of legal compliance matters will suffer when individuals serve on multiple boards. In this regard, it is consistent with regulatory and constituent interest in broader demonstration of director engagement. Most recently, pressure against overboarding practices has come in the form of public opposition by institutional investors and proxy advisory firms, and newly published governance surveys.

While there is no "best practice" on this subject, survey results suggest that an increasing percentage of public companies are imposing their own limitations on board members' outside directorships. In some instances, where concerns regarding the distraction of key directors arise, it may be fair to ask those directors to resign from other boards in order to concentrate their fiduciary efforts on a particular corporation.

The issue of overboarding is particularly acute with respect to nonprofit health systems, which have historically drawn the core of their board membership from prominent civic leaders who take great pride in supporting through board service on many community- or regional-based charitable boards. The GC can be helpful in advising the governance and nominating committee on discussing overboarding issues and, where appropriate, on recommending a related policy to the full board for approval.

Over the Horizon

The board's executive committee may benefit from a GC-led briefing on a series of recent developments that could possibly affect the governance of large hospitals and health systems in the not-too-distant future.

First is the continuing emergence of "sustainability" as a board agenda item, for corporations across industry (and nationality) sectors. The concept of "sustainability" in the governance context refers to an expectation that boards will give consideration to environmental and social issues, and their potential to threaten both business models and financial performance. A recently released report, "Lead from the Top: Building Sustainability Competence on Corporate Boards," addresses the concept in greater detail.

Second is an increased interest in corporate governance from governmental entities and regulators that have not historically involved themselves with boardroom matters. A leading example of this is the activity of the New York City pension funds and the New York City comptroller to improve the diversity of corporate boards. This activity includes meetings with companies to discuss their policies regarding board composition and refreshment, and to encourage those companies to consult with the NYC funds and other stakeholders with respect to possible board nominations. This initiative is part of a broader "Boardroom Accountability Project 2.0" campaign in which the NYC funds seek to be a credible agent for governance change, especially with respect to director nomination, and refreshment tools.

Third is the potential long-term impact on US corporate governance of recently proposed governance changes for UK corporations. Notable among these are mandatory reporting of the ratio of CEO compensation to the average compensation of the corporation's workforce; and a proposed change to the national Governance Code requirement that companies adopt (or explain why they have not adopted) one of three mechanisms for enhancing the voice of the workforce in corporate governance. These reforms continue a UK emphasis on direct board engagement with its primary stakeholders. While the relevance to US companies in general (and health care systems in particular) may seem far-fetched, it is not difficult to imagine how certain interest groups (e.g., labor unions) could reference these UK reforms when advocating for change in US governance practices.

Fourth is the potential for broad cross industry implications from rulemaking proposed by the Federal Reserve that, if adopted, would change the expectations for corporate governance at bank and savings and loan holding companies. The principal focus of the change would be to enhance clarity on the supervisory expectations for boards of directors from those of senior management by detailing five specific attributes of effective boards. In addition, the proposal would also shift oversight responsibility for certain day-to-day business issues to senior management, in order to allow boards to better focus on their key oversight responsibilities. Should these proposals be ultimately enacted, the challenge will be to make sure they are understood in context (i.e., as technical responses to the governance challenges of a specific industry, as opposed to broadly applicable guidelines for corporate governance).

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.