You are in-house general counsel to a public company. What are your greatest concerns? How do you feel about your “outside” lawyers? The November 7th segment of Practicing Law Institute’s annual securities law conference discussed these issues in its morning session in New York.
What do you expect from outside counsel? Inside lawyers want somebody to “get in the boat with me” and understand business risks, and not merely outline those risks but also make recommendations they will stand behind, quantifying that risk and explaining what risks cannot be mediated.
Have the say-on-pay rules changed corporate practice? The Dodd-Frank Act requires periodic non-binding shareholder votes on whether compensation programs of public companies are acceptable to the shareholders. Although statistics would suggest that this review is a non-event (only 1% of the Fortune 500 failed such votes), inside counsel see it differently. Behind the statistics, operational changes have been made in compensation programs and in proxy statements. Compensation programs now are specifically designed to meet the proxy advisor (ISS and Glass Lewis) mantra: pay must track performance. The key metric: are C-level executives being compensated based upon their success in obtaining total shareholder return? General counsel now have the job of orchestrating the proxy statement as the vehicle to explain the business and compensation strategy of the company and set the stage for a favorable “say-on-pay” vote.
What about the risk of cyber-attacks on your company? No company is safe, a task force which dry runs crisis scenarios is desirable, and high tech hacking should not cause a lack of focus on “low tech risk” (the lost laptop, the careless employee, the law firm or vendor whose computer system houses company trade secrets).
As a matter of corporate governance, general counsel should report with granularity to the board (someone mentioned “at every meeting” although I do not believe this is standard practice), or least to the risk committee, the nature of the risk and those parts of the computer system that by definition cannot be kept safe from intrusion. General counsel also noted there is an SEC obligation for risk disclosure in the cyber-attack area.
Government prosecutions of Foreign Corrupt Practices Act claims have declined for the last couple of years; is the FCPA problem solved? Not by a long shot. The Department of Justice has announced that Foreign Corrupt Practices Act enforcement has become a permanent part of its focus. The Resource Guide promulgated jointly by the SEC and the DOJ in November, 2012 gives guidelines for corporate compliance to avoid serious enforcement actions. A counterpoint: the Resource Guide trumpets early self-disclosure as a primary example of how companies can avoid government ire, but about 50% of recent FCPA enforcement cases involved situations which commenced with the very corporate self-disclosure which is trumpeted as a defense.