Hot Topics for Boards and Committees

The following topics are likely to be on the agenda for public company boards and board committees in the coming year. While we have organized these topics into separate sections for the board and its audit, compensation and nominating and governance committees, the appropriate governing body for introducing these topics will vary from company to company depending on how oversight responsibilities are allocated by the board.

Board Agenda Topics

• Addressing the Use of Artificial Intelligence — Many boards are seeking to increase their directors’ understanding of AI, how management and their third-party service providers use or plan to use it, any compliance obligations and the potential related risks and opportunities. Some companies that rely on AI for material services or operations are, with board oversight, developing frameworks to govern their use of AI, including policies, guidelines and internal controls to ensure AI use complies with the company’s goals and legal, regulatory and ethical obligations. Some companies are also reviewing their disclosures and other public statements regarding the use of AI in light of the SEC’s announced focus on AI-related fraud, including “AI washing” (see, e.g., the SEC’s recent complaint against Joonko for securities fraud based on alleged misrepresentations regarding its use of AI, among other things).
• Overseeing Management Succession Planning — Consistently high rates of CEO turnover in recent years, as well as the potentially significant costs of a poorly managed transition and activist attention on succession issues, has led to greater focus by boards to demonstrate that they have robust CEO succession planning processes in place. Although there is no “one size fits all” approach to succession planning, institutional investors and proxy advisors generally expect these processes to include: (a) plans for both unexpected and expected departures; (b) formal delegation of planning oversight to a board committee or director working group, with regular board-level discussion; and (c) consideration of both internal and external candidates. Many boards have also expanded their succession planning efforts to include other c-suite positions, such as CFO (whose unplanned departure can disrupt or delay earnings announcements and financial reporting schedules).
• Monitoring the Company’s Compliance Culture — Effective board-level oversight of corporate compliance is more important than ever in the wake of increased regulatory requirements, more aggressive regulatory enforcement actions and a steady uptick in Caremark claims based on alleged oversight failures (and a seemingly higher standard applied by the Delaware courts for “regulated” companies). In recognition of the key roles that corporate culture and the “tone at the top” can play in supporting and promoting legal/regulatory compliance, ethical behavior and accountability throughout companies, some boards are beginning to expand the scope of their corporate compliance reviews to include assessments of their company’s culture. This may include periodically reviewing cultural and behavioral data from human resources and legal (e.g., employee surveys, turnover/absentee rates, exit interviews, whistleblower hotline data and summaries of recent misconduct investigations) and/or having a cultural audit conducted in order to understand the kinds of behaviors and attitudes that have developed throughout the organization. If any concerns are identified through these reviews, the board should consider whether a change in policy or enforcement may be appropriate.
• Improving Committee Coordination — Companies are facing increasingly complex economic, geopolitical and regulatory environments, which can present risks to multiple aspects of their businesses and operations. Because effective oversight of these issues may require input from multiple board committees, some boards are finding it necessary to develop more holistic approaches to oversight that encourage greater information sharing and coordination between committees with potentially interrelated responsibilities (e.g., ESG and human capital management; cybersecurity and regulatory compliance). Although the right balance will vary by company and issue, potential options for enhancing committee coordination on relevant issues may include: (a) establishing practices/procedures that promote a minimum amount of discussion or reporting between applicable committees; (b) maintaining overlapping committee memberships; (c) periodically conducting joint committee meetings on topics of significance to multiple committees; and/or (d) having committee chairs provide updates to each other between meetings. At the same time, in light of stockholders’ increased use of DGCL §220 books and records demands and Caremark lawsuits to challenge corporate oversight processes over the last few years, any relevant communications or decisions between or by committees should continue to be made in compliance with applicable board/committee procedures and kept to formal channels.
• Monitoring the Business Impact of Emerging Trends — Political, regulatory, economic and social conditions have continued to fluctuate over the last few years, making it important for boards to stay apprised of new developments that could materially impact their company’s strategic plans or operations. The first half of 2024 alone has seen active regulatory rulemaking and enforcement, increased polarization of “ESG” issues, continued antitrust scrutiny of M&A transactions and a number of important Delaware and federal court decisions that have impacted various aspects of corporate governance—all of which has created significant uncertainty for companies. Moreover, as the U.S. presidential election approaches, uncertain market and regulatory conditions have intensified even further. To address and manage risk in a rapidly changing environment, some boards are requesting more frequent updates from management on key developments. Some boards are also asking management to review and test the assumptions and sensitivities underlying their company’s strategic plans to take account of different potential scenarios.

Audit/Risk Committee Agenda Topics

• Reviewing Cyber Incident Response Plans and Disclosures — Corporate procedures for identifying and reporting cyber incidents and risks are under even greater scrutiny following the now-effective Form 8-K reporting requirements for material cybersecurity incidents as well as the SEC’s recent enforcement actions seeking to hold companies liable in the aftermath of cyber-attacks (see, e.g., the SEC’s settlement with R.R. Donnelley (alleging that the company failed to maintain adequate controls to prevent and enable a timely response to a 2021 ransomware attack) and ongoing action against SolarWinds (charging the company and its CISO with fraud and internal control violations for allegedly misleading investors about known cybersecurity weaknesses and risks)). While most of the SEC’s charges in SolarWinds were recently dismissed by the U.S. District Court for the Southern District of New York, including the SEC’s efforts to use its “internal accounting controls” authority to support an enforcement action based on non-financial/accounting cybersecurity controls, the court allowed the fraud claims involving an allegedly misleading website statement about the company’s cybersecurity practices to survive. These cases underscore the importance of understanding company processes and procedures for identifying and escalating potentially significant cybersecurity incidents and risks, for purposes of both ensuring timely disclosure and enabling the board to exercise appropriate oversight and governance of such matters. See S&C’s memos on the recent SolarWinds decision (available here) and the R.R. Donnelley settlement (available here) for more information.
• Considering Proposed NOCLAR Amendments — On June 6, 2023, the PCAOB proposed amendments to its auditing standards that would expand the scope of auditor responsibilities with respect to identifying, assessing and communicating a company’s noncompliance with laws and regulations (“NOCLAR”). The proposed amendments have received significant criticism, prompting the PCAOB to hold a virtual roundtable and reopen the comment period for the amendments earlier this year. However, the PCAOB has indicated that it still expects to adopt final NOCLAR amendments during 2024, although it is widely expected that any final amendments will be substantially revised. Audit committees should consider the potential impact of any final amendments on their company’s existing processes for monitoring legal and regulatory compliance.
• Determining Management’s Climate Preparedness — Institutional investors, proxy advisors, stockholders and other stakeholders have long requested that companies voluntarily provide climate-related data. However, the last few years have also seen a proliferation of federal, state and international rules and standards seeking to mandate and standardize disclosure of climate-related information, including the SEC’s climate disclosure rules, California’s climate reporting laws and the EU’s Corporate Sustainability Reporting Directive, among others. Because each of these regulations impose different disclosure obligations and deadlines, companies may want to work with counsel and consultants to determine which regulations will apply to them and develop a coordinated multi-jurisdictional compliance strategy. Some audit committees are also working with management to assess how prepared their companies are to comply with the applicable requirements (including the financial statement disclosure requirements under the SEC climate rules, if and when they take effect), including by discussing the processes, resources and controls that are (or need to be) in place for management to gather, organize, calculate, verify and report the necessary information. It is also important for companies to review their existing ESG-related disclosures and ensure appropriate support exists for any claims, particularly in light of the SEC’s recent greenwashing enforcement actions (see, e.g., the SEC’s settlement with Keurig). Additionally, companies that participate in, or are considering participating in, climate-related industry groups or similar initiatives to advance their ESG goals should be aware that collaborative ESG efforts may raise antitrust or other legal issues. For example, Republican state attorneys general and members of Congress have issued letters and investigative demands arguing that certain ESG initiatives, such as participation in the net zero alliance, may violate competition laws, and antitrust administrators under the Biden Administration have stated that there is no “ESG” exception to U.S. antitrust laws. Companies should make efforts to follow appropriate guardrails when exchanging ESG-related information, particularly with companies in the same sector.

Compensation Committee Agenda Topics

• Monitoring Developments Regarding the FTC’s Non-Compete Ban — On April 23, 2024, the FTC issued a final rule banning employers from entering into new—or enforcing existing—non-compete agreements with their employees. Although this rule was scheduled to go into effect on September 4, 2024, the U.S. District Court for the Northern District of Texas issued a ruling on August 20, 2024 that currently prevents the new rule from taking effect nationwide. However, the FTC has the option to appeal the decision and it can still seek to prohibit non-competes on a case-by-case basis (as it has done over the last few years). As a result, companies may maintain the status quo with respect to these agreements, adhering to the patchwork of state limitations on the use of restrictive covenants. However, compensation committees should continue to monitor future legal developments with respect to the FTC’s ban. See S&C’s memos on the FTC’s non-compete ban (available here) and the recent Texas decision (available here) for more information.
• Reviewing Potential Whistleblower Restrictions — The SEC has demonstrated an increased focus on protecting whistleblowers in recent years, including by bringing a record number of enforcement actions, with significant financial penalties, based on alleged violations of Rule 21F-17 (which prohibits employers from taking actions that could impede individuals from communicating potential securities violations to the SEC). Employment practices that the SEC has asserted may violate Rule 21F-17 include: (a) broad confidentiality covenants that do not have carve-outs for whistleblower activity; (b) requiring employees to waive a right to monetary recovery as a whistleblower; (c) requiring notice or preclearance with the company before or after communicating with a regulatory agency; and (d) requiring representations in employee releases that the former employee has not filed any complaints or charges against the company. The CFPB has also recently released guidance warning that the use of overly broad confidentiality agreements with employees may violate the Consumer Financial Protection Act. As the SEC and other regulators continue to take aggressive approaches to enforcing whistleblower protections, compensation committees may want to oversee a review of employment agreements, employee handbooks, separation agreements, and other confidentiality provisions to ensure compliance with the SEC’s broad interpretation of Rule 21F-17(a). See S&C’s blog post regarding the CFPB’s recent guidance and other related posts (available here) for more information.
• Reassessing Clawback Policies — After the NYSE and Nasdaq clawback rules requiring listed companies to mandate recoupment of performance-based executive compensation in the event of financial restatements went into effect last year, BlackRock, ISS and Glass Lewis each expressed their view that clawback policies should go further and permit recoupment in cases when there is evidence of problematic decisions or actions, such as material misconduct or operational failures. Compensation committees that are considering whether to expand their policies to include additional triggers may find it beneficial to review peer policies (including the level of specificity used and the amount of discretion given), the voting guidelines of key investors and stakeholders and any applicable state law restrictions. Compensation committees should also be aware of the recently re-proposed joint rule from the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, the Federal Housing Finance Agency and the National Credit Union Administration regarding incentive-based compensation arrangements at certain financial institutions with at least $1 billion in assets Among other things, the proposed rule would subject a covered executives’ incentive compensation to recovery for at least seven years after vesting if he/she engaged in misconduct that resulted in significant financial or reputational harm to the institution, fraud or other bad acts. However, because the proposed rule also requires approval from the Federal Reserve and the SEC, there is significant uncertainty as to whether this proposal will progress through the rulemaking process.
• Reviewing Insider Trading Policies — On April 5, 2024, a civil jury validated the SEC’s “shadow trading” theory of insider trading liability after finding an executive guilty of insider trading when he used material non-public information about one company to trade in the securities of another, unrelated peer company. In response to this case, some compensation committees are considering whether they should update their companies’ insider trading policies to include prohibitions on shadow trading, particularly in light of the SEC’s recent rule requiring companies to file their insider trading policies with their annual reports. In deciding whether to revise their policies, relevant factors compensation committees may want to consider include: (a) the nature of the company, including its size and industry; (b) how the company’s insider trading policy is currently drafted, including whether it applies to affiliates of directors, officers or employees; and (c) whether there are other policies—such as information barrier policies—that would restrict shadow insider trading.

Nominating and Governance Committee Agenda Topics

• Reviewing Nomination Requirements — Over the last year, plaintiffs’ firms have brought numerous legal challenges against companies based on their nomination-related governance policies, including advance notice bylaws, director qualification requirements and director resignation policies. However, such challenges may subside in the coming months following the Delaware Supreme Court’s recent decision in Kellner v. AIM ImmunoTech Inc., which generally confirmed the enforceability of advance notice requirements so long as they are: (a) adopted on a “clear day”; (b) facially valid (i.e., consistent with the certificate of incorporation, not prohibited by law and addressing a proper subject matter); (c) unambiguous; and (d) applied reasonably. In contrast, bylaws that are indecipherable or adopted and/or applied on a “cloudy day” (e.g., during a proxy contest) will be subject to “enhanced scrutiny” review. As a result, nominating and governance committees may still want to review their bylaws and nomination requirements to assess potential risks and consider potential opportunities to refine those policies on a “clear day” (as needed).
• Verifying Director Qualifications — In response to the heightened scrutiny of individual director qualifications following the adoption of the universal proxy rules and other recent developments, companies are increasingly using skills matrices to demonstrate that their directors have the necessary skills and qualifications to exercise effective oversight. However, some investors have criticized “over-checked” skills matrices in which directors are listed as having certain skills despite not having meaningful or recent experience in those areas. To address these concerns, some nominating and governance committees are conducting more rigorous reviews of self-identified qualifications to ensure that appropriate support exists for any listed skills (usually through questions contained in their company’s D&O questionnaire). In deciding which relevant skills to highlight, companies may also want to consider the possible use of AI by institutional investors and other governance stakeholders to analyze information from skills matrices for purposes of assessing director qualifications. Additionally, when reviewing director qualifications, nominating and governance committees should also be mindful of potential overboarding, conflict of interest and Clayton Act interlocking directorate considerations with respect to directors’ outside board memberships and other affiliations given heightened investor and regulatory scrutiny (particularly by the Department of Justice) of these matters.
• Assessing Board Education Opportunities — As board oversight responsibilities continue to expand to cover new and emerging issues, ensuring directors have sufficient knowledge to provide guidance and oversight is becoming more challenging. Although some nominating and governance committees are prioritizing the appointment of directors with specialized expertise to address potential skills gaps, others are focusing on alternative ways to provide the board with the necessary knowledge, including hiring external consultants, holding director education sessions (hosted by management or a third party) and/or establishing advisory councils. Different topics may warrant different approaches, and factors such as the topic’s complexity and significance to the company, whether it is the responsibility of the board or a committee and the current level of director knowledge on a particular topic should likely be considered in determining the most appropriate approach.