Boards and Cyber

Is there anything new that Boards of Directors of companies, large and small, have not already heard? There has been two years of information bombardment: protect only high value assets as you cannot protect everything; what is our largest risk; use multi-factor authentication; do we have a cyber plan and do we test it; does the board question management on all the above and inquire if resources are adequately deployed?

The answer, per an expert panel convened yesterday by the National Association of Corporate Directors–New England, is– yeah, there’s lots of new stuff directors need to worry about. Examples below:

COVID froze budgets; is it time to review the numerous over-lapping protections that were added, ad hoc, over time, to make sure you have correct coverage?

Early stage tech companies have valuable secrets and weakest cyber defenses; early plans for start-ups must include cyber.

While you can do business with China (Cyber is not an IT matter, it is a risk matter so just calibrate), remember that by law the Chinese government has the right to access anything on demand and without process.

In M&A, as soon as there is an announcement of an acquisition of a smaller entity, hackers attack the target, usually with weaker defenses, to plant a Trojan Horse in that entity; upon acquisition, the Horse is used to infiltrate the usually more secure acquirer. Acquirers should address defenses.

Smart buildings are a huge risk to tenants. Google ICS-CERT to learn about defense to “unguarded back doors.” Apparently your company is at risk of being hacked through a water valve (?).

Again: Directors have noses in, but fingers out, of management; these are issues about which to inquire of the C-Suite. And, third party experts abound and the panel, impressive folks but in that business of third party cyber security, recommend it.

The Future of Business Travel

Last week, several Northeastern chapters of the National Association of Corporate Directors presented a disturbing webinar concerning the future of business travel and conventions. The composition of the panel is important to note as panelists were not mere talking heads but senior executives in their respective organizations, each with access to deep data: heads of the relevant New York and Massachusetts state agencies, Amtrak and the second largest business convention travel organizer in the world.

The key take-away: large gatherings of all sorts are kaput for at least 3-5 years and indeed to some degree quite possibly permanently. Gathering will not involve a thousand people, or large industry gatherings at indoor venues; business meetings will involve at most 50-100 people.

I note: this is a future prediction, always prone to material error; this is a prediction based on wide data but all gathered in the depths of the pandemic and thus perhaps biased to the bleakest conclusions; it is not clear how the benefits of gatherings of a thousand people, or the vast benefits of industry conventions with exhibits and programs and networking and keynotes, can be achieved by remote means.

But to the extent the takeaway is accurate, the new normal will not track old normal, which is disquieting.

Other interesting points: current softness in travel has allowed huge speed-ups in maintenance and repair of infrastructure; infrastructure in the USA remains deficient and will demand huge investment over the next decade and more to safely support even a reduced travel expectation; many CEOs will build in economic efficiencies in electronics and business travel will be permanently and materially reduced; although office use, and thus office space, will decline, certain human factors will drive the need for some continued office usage (human sociability; need for direct collaboration to process innovation; inability to onboard and integrate new talent without direct contact). Also noted: the possible use of government funding to solve the dual goals of societal solvency through work and infrastructure rehabilitation.

Finally, I cannot resist some fascinating factoids: Amtrak lacks studies of airflows in trains, although there is much work for airplane airflows; rail travel during the pandemic was 10% business-related, down from 40%; rail travel for the current fiscal year is projected at 16% and in fiscal ’22 at 27%: New York road use dropped at 50% during the pandemic, and today is at 85%; polled attendees at the webinar were ready to travel in the following percentages: today 7%, in 3 months 32%, in six months 46%; of polled attendees, over half saw travel returning only to 50% or less; Logan airport sees aviation recovery taking 3-5 years; the CEO of the travel booking agency sees rebound in 5-6 years; Amtrak saw a 90% total overall ridership drop, now ridership is 22%, and in fourth fiscal quarter (ending next September 30) they project mid-30% range of usage; Amtrak still running almost 50% of the number of trains per day notwithstanding less usage, in order to stay viable.

Baseball Perspectives

It has been a long time since I posted about America’s Game, although the art work at the top of my blog site is split between a court house and a baseball scene. COVID and the decline of the Red Sox both have been contributors to this hiatus. But as Major League baseball is cranking up for a full season notwithstanding the experience of football, basketball and hockey, thoughts turn to the diamond even though today it is covered with snow.

Television has taught us during COVID that sports can thrive at one level with cardboard fans sitting in the stands. And hopefully the pandemic curve will slowly allow the admission of live patrons. With this backdrop, I turn to the seemingly hapless Red Sox.

Quick summary: the organization is filthy rich and has ancillary businesses and seats are absurdly expensive and they have chosen to not spend money on players so as to build a farm system for the future, admitting between the lines they will not be competitive at a high level in 2021 (hmm: and with some of my loge seats at $160 each…) . While Billy Beane was able to build great teams at low cost, it ain’t easy. Seems to me the successful teams these days spend money: Dodgers, Yankees.

Fans view their team as a public trust, owners look to ROI. That makes fans feel like they are being used and exploited; at least it leads this fan to that conclusion.

I have shared with friends that my nostalgic view of baseball growing up was that the players lived in the neighborhood (Brooklyn), were middle class folks with a skill that was fun to watch; I would go to Ebbets Field for 25 cents and ten ice cream wrappers as the cost of admission, and I would go to the local park to play ball with my friends, carrying a wooden Louisville Slugger bat too heavy for me to swing, chewing gum like it was a tobacco chaw and looking forward to a YooHoo chocolate drink with my friends at the corner soda fountain after we ran around bases made out of parts of cardboard boxes.

Somehow, baseball as a Red Sox fan in the age of COVID doesn’t quite capture my love of the game. My only hope this year is that, when I turn on the TV, I will see in the Red Sox uniform at least a few people whose name I recognize.

And today– farewell to Andrew Benintendi– Andy, we hardly knew ye.

Future of American Health

Today’s webinar presented by the National Association of Corporate Directors (jointly by National and the New England chapter) and moderated by Boston-area director Ellen Zane (former CEO of Tufts Medical Center) explored the coming face of US healthcare delivery post-COVID. Although nominally focused on what corporate directors should be thinking when it comes to health care, the take-aways really were global in import. Key take-aways follow:

It is now news that is a couple of years old that the model for hospitals and care-giving organizations is moving from “fee for service” to a value care model where institutions are rated and paid based upon efficacy in creating a healthy constituency at lowest cost.

However, the expert panel held that increased reliance on technology is one of the keys to better health, and that technology comes with high up-front costs. Complaining that drug and device companies charge too much may miss the point that they enable ultimate better health at lesser per person cost.

Aside from new drugs and devices, efficiency can be delivered by remote medicine and use of AI; while these are not startling predictions at this point, there seemed to be consensus that visibly radical changes in health care delivery have begun and will accelerate. Hospitals in ten years will look very different. Health care will be delivered first on line, then at remote facilities, and to teaching hospitals only as a last resort.

Emphasis will be on better life styles and practices, keeping people away from needing care in the first instance. (I have noticed, btw, an increase in communications by email and snail mail from my own health care insurers urging regular care during COVID and inviting me to exercise, eat better and stay in touch with care providers.)

Focus for care providers must be to remove fear from the “ribbon of care”– the stream of experiences a patient has from complaint to cure — by creating predictability and efficiency; COVID is a prime experience in demonstrating the ill effects of inefficiencies in this experience.

For directors of health care provider entities, be prepared for PTSD staff impact and predicted future MD and nurse shortages affecting staffing; this is another reason to push to keep people out of care delivery in the first place. For directors of companies where their staff are patients and not care providers, directors must be involved in a total management focus on worker well-being, including ramifications of post-COVID work patterns at home which can increase depression and tension and negatively affect health.

SPACs: the New IPO

A review of last year’s SPAC activity is startling proof that SPACs are here to stay. There were 248 SPACs registered in 2020, compared with 59 the prior year, and the average raise was a robust $336Million.

(For those not familiar, a SPAC is a public US company with cash and no business, and its role is to acquire a privately held business and thus make that private company public; it replaces the IPO process for a private company obtaining operating cash by sale of shares.)

With thanks to KPMG for an excellent webinar today, here are some highlights:

SPACs are becoming popular with institutional and wealth management investors because the are a liquid short-term play with an option for future growth. When investors buy SPAC shares they are SEC-registered and can be sold at any time, or sold or redeemed once a target acquisition is identified if the investors do not like the deal, or at any time after the acquisition closes.

In fact, SPACs are so attractive that sponsors these days are often themselves institutional investors including PE and hedge funds.

During 2020, target companies often were very robust and successful private enterprises in a wide variety of industries. Owners of these acquired companies receive shares of the SPAC which are saleable and can also receive cash in the deal. To be acquired in this fashion, a private company needs to have financial audits and take other steps required to become public by an IPO process.

SPACs can hold investor cash for two years but if they fail to make an acquisition in that time they must refund the investments made in the SPAC. Over the last seven years, fully 95% of all SPACs have been successful in completing a deal within the two years.

NASDAQ Addresses Board Diversity

On December 1, NASDAQ asked the SEC to approve disclosure standards of Board diversity for listed companies. The proposals are not harsh and rest on the concept of disclosure and not requirements; interestingly, NASDAQ had attempted to have the SEC initiate some board diversity requirements for all trading platforms but the current Commission not surprisingly declined.

Stripped of some complexities for foreign issuers and some relief for a “smaller reporting company (small float/annual revenue tests),” an issuer will be required to report as to whether it has one female and one (different) minority/LGBTQ+ member, or to explain publicly why it does not; and to optionally disclose in grid the actual board composition demographics.

The proposal would not permit delisting unless a company both failed to meet the test and failed to make public disclosure. This standard should be viewed in light of the laws of several states also addressing mandatory board diversity in various ways.

Those of us working with boards, both for-profit and not-for-profit, have noted intense attention being paid to achieving diversity for a variety of reasons, ranging from studies finding that diverse boards are better at profit and governance to desire to have “representation” of cohorts important to the business or charitable mission of the entity. And surely the new awareness fostered by BLM and current writings demanding pro-active response to prejudice cannot be discounted. Further, I would be remiss to not mention that fundamental justice also informs one’s response to the issue.

SEC: Corporate “Hygiene”

This week, the SEC’s Director of Corporate Finance spoke to a professional meeting dealing with corporate governance and, at the end of some rambling remarks of self-praise for the Commission, fired a couple of warning shots across the bow of public boards.

The first related to Rule 10b5-1 plans; here, an officer or director sets up a trading program to deal in shares of his own company on an allegedly fixed schedule so that there can be no suspicion that trades were made while material information was not public. By operation of these plans, therefore, trading could occur while there was in fact non-public information, in that the trader was not acting in unfair reliance upon it; however, sometimes the selling executive stepped in to stop a trade that perhaps would not have been economically advantageous.

The hints or warnings (take your pick): the company itself should have the power to abort transactions when the company knows that in fact there is material non-public information, particularly in the gap time before an announcement can be made by filing SEC Form 8-K; good plans should build in waiting periods before allowing trades, or later allowing derailing trades.

The second related to board action to grant ISOs (tax-favored options) during periods where there is material non-public information. To obtain best tax treatment it is necessary to grant options at or above fair market value, and boards often peg exercise price to the stock price at the time of grant. But what if there is material nonpublic positive news– the real fair market value of the stock is higher than what the Street is trading at. The grant should be priced after an announcement, or at a higher price in anticipation of a price bump upon a future announcement.

While these suggestions clearly have strong policy bases, I simply note that once again the SEC is trying to make third parties the enforcer of SEC views, including some (such as here) not at all clear under extant formal SEC rules. Lawyers and CPAs are used to being SEC gatekeepers; directors also, I guess. And since boards are the guardians of corporate “hygiene,” perhaps rightly so.

Update: Finder Relief

In early October, I posted that the SEC had proposed break-through action to create guidance under which finders in securities financings could proceed safely, under Federal law, without registering as broker-dealers. A proposal decades in the making, the matter was thrown open for public comment.

Today is a meeting of the SEC’s Small Business Capital Formation Advisory Committee, where there will be discussion of the proposal (open for comment through this Thursday). The Committee is asked to discuss comments to date, the most important of which is that the proposed SEC pronouncement might be ineffective unless it also expressly negated State laws which also require broker registration for finders in most instances. This was a problem flagged in our earlier post.

Whether the SEC, which is proceeding in informal fashion here, would be able to in fact preempt State regulations without going through a formal Rule-making process is not clear to me, and how the election results might impact the entire project given two negative votes originally cast by the Democratic Commissioners, is confusing the process.

Other comments to date have centered around whether the exemption should apply also to secondary offerings, and whether the exemption, framed as applying only to individuals, should also apply to firms.

The Committee, per its name, is only Advisory. What the Commission will, or can, do before year-end will be interesting to see. If any startling recommendations come from today’s meeting I will report.

Litigating COVID

Our law firm keeps an index of litigation involving COVID. Today it is 306 pages long. I calculate that each business day since the start of the pandemic there are filed in the United States about 128 separate lawsuits.

The variety of lawsuit claims is as stunning as the number of them; some claims are expectable, some bordering on frivolity (perhaps not to the plaintiffs), some rooted in great pain or in our Constitution.

Forgive this over-long post. Below is a list of some of the lawsuits filed just in the last two weeks:

Suits claiming: defective hand sanitizers, gloves, breathalizers, wipes; illegal sales taxation of masks; disabled people with greater vulnerabilities to COVID suffered website discrimination impeding access to safety products; cruise ships failed to provide COVID testing; among very many employee suits, that people were fired or mistreated because they insisted on personal safety accommodations or, in one case, on safety accommodations to prisoners; failure to provide time off under the Family Medical Leave Act; failure to make reasonable workplace accommodations for disability; failure to accommodate attacks of panic breathlessness triggered by COVID anxiety; failure to refund monies paid for a whole season of access to amusement parks or colleges where attendance was cancelled due to COVID.

The Civil Liberties Union (ACLU) sued the Federal Bureau of Prisons for failure to release COVID statistics. The US Chamber of Commerce sued Homeland Security for using COVID as a pretense to completely change the existing law on admitting highly skilled immigrants to the US, imperiling the economy. Parents sued a Board of Education for ordering children to attend school during the pandemic.

Many tenants sued for wrongful eviction and many owners sued for wrongful foreclosure in violation of local or State laws barring same. Many theaters and houses of worship sued to permit group attendance. One person sued based on curfews being unconstitutional.

Seems that many plaintiffs believe that wearing masks is itself a health hazard, denying breathers access to oxygen. Some suits claim masks are unconstitutional as they deprive people of free speech that can be understood.

A public service organization sued the United States seeking details of the expenditrue of two billion dollars for R&D for fighting COVID and for ordering millions of doses of as-yet-unapproved vaccines.

All that said, I must confess that my favorite suit of the last two weeks was brought by the owners of an adult entertainment venue, denied the right to hold out-of-doors strip shows and lap dances. I have no comments to make on this last-mentioned law-suit, except to say that in America I guess everything is worthy of being litigated in the name of freedom.

Finders: Details

First time in the seven or so years of blogging I have posted on the same matter twice in one day but SEC commissioners have commented (expectedly) on the proposals and the Commission itself has issued a detailed press release.

The proposal first: Two tiers of exemption. Tier One: Once a year a pure finder can turn over one name to one company. Finder has no contact with investor. Purist possible model. No other rules or things to say or do. Presumably finder can be compensated. Tier Two: no finder registration. Need written agreement with company. Finder must tell investors about his deal and compensation. Can offer only to accredited investors. Company must be privately held (not reporting). Here the finder can identify and screen investors, distribute offering materials, discuss same, and can arrange and sit in on issuer-investor meetings. Finder cannot: structure or negotiate the terms of the offering (not sure why that is; typically comes up); handle the money; prepare sales materials; perform independent deal analysis or do diligence; arrange investor financing; advise as to valuation or advisability to invest.

The actions allowed the finder are quite broad, but the conceptual limitation in preparing the offering materials, for example, seems strange. Indeed, many finders have justified their function in part by serving as consultants to help structure the deal and package the disclosure. The SEC seems to draw a line between facilitation of discussion and advocacy.

Reaction: not surprisingly the pro-regulation two-person Democratic SEC members opposed the new regulation as too broad and dangerous in a market-place which is opaque, risky and prone to unsubstantiated valuation assumptions. Since accredited investors are allowed to process these issues when they are offerees in Regulation D transactions, why the introduction of an intermediary would make investment risk less apparent to an accredited investor is hard to fathom.

Warnings: first, there will be a 30 day comment after publication in the Federal Register that is sure to raise very many issues, and at best take time for the SEC to process; second, while a majority of the Commission now is in favor of this proposal, they can change their mind; third, this is not a total carte blanche as finders cannot generally solicit interest; fourth, as mentioned previously at this time the proposal does not negate typically stringent State regulation under State laws which typically parallel the ’34 Act.

A great first step for capital formation and logic, but it’s still a long row to hoe.