Event Blog

ESG and the Role of the Board

Part Two: Emerging Expectations for Boards in Environmental Issues 

By Ellen Pekilis
April 3, 2020

A group of more than 100 engaged corporate directors, executives and governance professionals gathered at a Women Get On Board (WGOB) Toronto event to consider emerging expectations for boards in respect of Environmental, Social and Governance (ESG) issues. This WGOB event on February 24, 2020 was hosted by Gowling WLG, a WGOB National Strategic Partner. The Gowling WLG panel included environmental law associate Liane Langstaff; environmental law partner Jennifer King; and business law partner Stephen Pike. The panel was moderated by Kathleen Ritchie, Co-Head of Gowling WLG’s Toronto Business Law Department. You can read more about Stephen Pike’s presentation on governance to address modern slavery concerns in our recent Blog below.

Broadening range of stakeholders

Recent amendments to the Canada Business Corporations Act (CBCA) codify as a matter of law that Canadian boards can consider a wider list of stakeholders beyond shareholders in making strategic business decisions. The list of interests specifically includes both the environment and the long-term interests of the corporation itself. The courts will give broad deference to board decisions within the reasonable range of business alternatives that also take into account environmental and other stakeholder positions as listed.

This development actually puts Canada ahead of the US in terms of the freedom of boards to address other stakeholder interests in addition to shareholders’ interests. In the US, the Business Roundtable issued a statement signed by 151 CEO’s stating that it was time to move beyond strict shareholder primacy.

Key members of the investment community such as BlackRock’s Larry Fink have taken public stands that they will start holding boards accountable for providing enhanced environmental and sustainability reporting in making voting decisions.

“American investors and CEOs are pushing to advance corporate governance in the US to a point where Canada has been for 12 years,” said Stephen Pike, noting that the amendment to the CBCA largely codifies a Supreme Court decision from 2006.

Climate change and proactive risk management

Boards should have climate change on their agenda. Climate change is an urgent global issue and is different from other ESG risks as it presents as a risk multiplier on existing environmental issues that a company may already be managing, such as water inputs. In acting in the best interests of the company, boards have a duty to be proactive and critically evaluate and address the material risks and opportunities associated with climate change.

The panel provided examples of climate change risk, framed more familiarly as transition, litigation, and physical risks.

“We’re going to have major transitions in the energy sector, in transportation, in infrastructure, in cities – anything and everything that affects Canadian business,” said Liane Langstaff.

Regulatory change

Key transition risks include responding to regulatory policies requiring businesses to shift to lower emissions, while accounting for uncertain or changing regulations like carbon pricing. Changing law, market risks, and reputational risk are also impacting major project approvals. The panel pointed to Teck

Resources’ announcement, the day before the Toronto event, that it was withdrawing its Frontier oil sands project application. Teck claimed that its withdrawal was in part because they had become a flashpoint for a broader discussion of climate change.

“”The tone [of the Teck withdrawal] shows how mainstream ESG has become. In its withdrawal letter, Teck pointed to rapidly changing global capital markets and stated that investors and customers are increasingly looking for jurisdictions to have a framework in place that reconciles resource development and climate change in order to produce the cleanest possible products,” noted Jennifer King. “Teck claimed that Canada does not have such a framework.”
“Opportunity is risk flipped on its head. As a good board you should be thinking about what opportunities the risks of climate change open up. Use your power as women and the fact that you can think out of the box and stop groupthink among boards to consider how you can access new markets and find opportunities to really reduce your resource use and reap cost benefits,” suggested Langstaff.

Resources for boards

Resources for boards include the Canadian Climate Governance Experts program of the Canada Climate Law Initiative, which helps directors and their boards think about strategic direction with respect to climate risks. Also, the Task Force on Climate Related Financial Disclosures has created a framework that companies can consider. It has been taken up by Canada’s five largest banks and six of the eight largest pension funds.

“There is a growing investor focus on these issues,” said Jennifer King. “Just because information available on long-term climate related financial risk is not precise, that’s not a bar to directors and officers acting now with a view to the best interest of the corporation. The duty of care requires directors and officers to address specific risks as well as new opportunities posed by climate change. Boards should ensure that their companies quantify and verify greenhouse gas emissions, monitor changes in performance and keep diligent records. Those steps would allow you to take advantage of new regulatory opportunities as well as meeting obligations that might be imposed in the future.”

Five climate change governance questions for boards

The panel suggested that boards should ask the following five key questions:

1. Does the company have a climate plan?
2. Does the board have effective governance of the climate strategy, including identification of climate-related risks?
3. Has the board embedded climate opportunities in its strategic planning, performance objectives, budgets, policies and enterprise risk management process?
4. Who in the company is responsible for climate-related risk and accountable for implementing the company’s strategy?
5. Is the board approving disclosure of the company’s efforts to manage climate change to investors and stakeholders, including integrating the disclosure in financial reporting?

The message is clear. Boards can and should consider broader ESG issues, including climate change going forward.

Canada Climate Law Initiative

Jennifer King and Liane Langstaff are Canadian Climate Governance Experts with the Canada Climate Law Initiative, an initiative directed by Dr. Janis Sarra (University of British Columbia Law) and Professor Cynthia Williams (Osgoode Hall Law). The Canadian Climate Governance Experts program offers free sessions on effective corporate governance to address climate-related financial risks and opportunities to corporate boards of directors and Canadian pension fund boards. The Experts include lawyers, accountants, economists, capital markets experts, company executives, and governance experts. They are committed to giving boards the most helpful facts regarding how the current state of climate science relates to their sector, and the duties of directors, officers and pension fiduciaries in Canada.

To learn more about the Climate Change Law Initiative generally, or to book a session with another Climate Governance Expert, please contact program manager Joanne Forbes [email protected].

 

COVID-19: Governance, Risk Implications, and the Role of the Board
Webinar: hosted by Governance Professionals of Canada

By Donna Price, Program Advisor – Women Get On Board
March 20, 2020

A panel of governance and risk experts united to deliver well-timed insights and thought leadership on key questions and concerns encountered by businesses and their Boards as a result of the continuing COVID-19 situation. The speakers for this webinar were M.E. (Peggy) Gilmour – Chair, Institute of Internal Auditors, Andrew MacDougall – Partner, Osler, Hoskin & Harcourt LLP, Stephen J. Mallory – President, Directors Global Risk Consulting Inc., Shona McGlashan – Vice-President Governance of Vancity and Andrew Poprawa – Former President and CEO, Deposit Insurance Corporation of Ontario.

The panel provided practical insights and guidance for governance and risk professionals, executives and corporate directors. For length and clarity, the comments below blend together the views expressed by the panel.

How is the current situation different from other crisis situations?

Moderator Stephen Mallory opened the conversation by reflecting on the parallels between wartime situations and the COVID-19 situation. Participants were urged to read An Open Letter from Business Leaders on Limiting Coronavirus’ Spread.  The panel distinguished the COVID-19 situation from wartime in terms of global impact and accelerated advancement as well as the absence of at-fault provocations and speculated whether war room tactics could effectively respond to COVID-19 given the impact on every individual.  The panel concurred that COVID-19 set in motion extraordinary challenges requiring extraordinary decision-making by all levels of business and society.

Are enterprise risk management (ERM) plans helpful in addressing the COVID-19 situation?

The panel noted that, while enterprise risk and crisis management plans are unquestionably advantageous as an initial point of reference in addressing the COVID-19 situation, plans might fall short in terms of addressing a pandemic.  Participants were referred to pandemic plans adopted by many provincial governments as well as the federal government following the SARS outbreak (see https://www.canada.ca/en/public-health/services/flu-influenza/pandemic-plans.html)

The panel observed that the COVID-19 situation requires a multifaceted planning approach from which leadership roles and responsibilities must be defined and experts identified to support business leadership. Importantly, the plan must invoke regular communication protocols between management, who is assessing and executing the plan, and the Board.

The panel distinguished a Canadian ‘stakeholder’ primacy regime from a US ‘shareholder’ primacy regime and suggested that companies undertake a stakeholder analysis and design communication protocols accordingly to address the issues for different stakeholder groups.

How should Boards react?

Due to the unprecedented and far-reaching impact of COVID-19, in order to effectively assist management in assessing the evolving risk profile and executing critical decision-making, Boards must offer support and generously contribute to the evolving situation in terms of availability and being fully apprised of impact issues. The panel noted the dual demands faced by directors who serve on multiple boards as well as outside executive roles and the importance of utilizing technology as a communication enabler for interactions between Boards and management teams.

Questions the Board should be asking.

The panel concurred that the health and safety of employees remains a paramount consideration and Boards must query and seek assurances from management that COVID-19 protocols have been invoked to protect the workforce.

Boards must remain appropriately inquisitive about on-going enterprise risks such as cyber and terrorism and ensure the veracity of preparedness for these and other risks notwithstanding COVID-19.

The panel noted that, from a practical perspective, the Board and company leadership must balance the necessity and immediacy of tactical responses to COVID-19 against other risks and triage issues and resources, questioning and responses accordingly to ensure that essential work is done.

Board agendas have shifted to address issues that are critical to management and non-essential items deferred during the COVID-19 situation.

When does the Board reassess its goals? What process should be followed? What happens to incentive payments?

The Board must be the “voice of calm” and seek assurances that all aspects of risk are considered and that actions, which contribute to the long-term viability of the enterprise, are executed while others are put on hold. Importantly, from a Board duty perspective, “the Board must expend the right amount of time on the right issues” during COVID-19.

From a process standpoint, Boards and management should review business continuity plans to assess whether the spread of identified risks and the envisioned responses are sufficient in the COVID-19 situation and exercise ingenuity where appropriate.

Across the globe, COVID-19 has adversely impacted stock prices and since the stock price serves as a key measure upon which goals and incentive plans are established, Boards and management must communicate assurances to the workforce that goals and incentive plans will be re-examined and, importantly, adjusted accordingly as the COVID-19 situation evolves.

Liquidity concerns – is COVID-19 a Black Swan?

The panel acknowledged that liquidity concerns represent an immense risk for individuals and referred to the emergency liquidity arrangements made available by the government of Canada; OSFI’s lowering of domestic stability buffers required by commercial banks (to reinforce commercial banks ability to supply credit to the economy), and the Bank of Canada rate cut as collective proactive counter measures to the economic impacts of COVID-19.

The panel noted that both lenders and borrowers are examining debt facilities as a result of COVID-19.  Companies were urged to review debt facilities to determine whether support is required or whether funds can be drawn down quickly if necessary.  Additionally, debt covenants are a key issue for the capital markets and it will be very challenging to raise funds and accordingly companies may need to explore cost cutting measures.

Boards and management should utilize internal audit teams for support in assessing and addressing the financial impacts of COVID-19.  The panel noted that most audit plans would be put on hold during COVID-19.  The panel suggested that a key component of the internal audit team is diligence and that the COVID-19 situation presents an opportunity to utilize the expertise of internal audit teams to assess and mitigate risks associated with COVID-19.

The panel provided insights on whether climate change risks could be leveraged in the COVID-19 situation.  By way of examples, it was noted that while remote work directives and curtailed travel might address climate change risks; climate change risks are expected to endure beyond COVID-19.  The panel briefly reflected on the idea of societal changes and the opportunity for societal improvements or for doing things differently as potential positive outcomes of COVID-19.

The role of the governance professional and how it is affected by COVID-19?

The panel noted that governance professionals support Boards and Board Chairs by facilitating Board level decision-making.  Additionally, governance professionals could relax process rigour and exert robust communication practices by distilling information about the different COVID-19 planning elements undertaken by management in order to leverage the Boards contribution and exercise of Board duties in response to the COVID-19 situation. To this end, governance professionals may also serve as a conduit for questions posed or information requested by the Board.

Further, the panel noted the need for agile and astute monitoring skills that could be performed by governance professionals to ensure that, as the monitor of company culture, that Boards are apprised of the impacts of COVID-19 on company culture.  The panel also suggested that risk management activities will evolve and stressed the importance of planning for multiple events occurring at the same time.

Consider the supply chain and third party contract risks

The significance of supply chain risks and business inter-dependency was strongly emphasized by the panel.  The panel recommended a detailed review of the supply chain network (a mapping of supply chain suppliers and suppliers to suppliers) to be undertaken and alternatives sources of supply identified if necessary.  In this context, the panel stressed the importance of third party risk management activities to determine the risk exposure in light of COVID-19.

The panel recognized that the health care industry in particular is under extreme pressure and noted the additional risks for businesses to the extent of their reliance on supply links to China.

The risk management process and the Board during COVID-19

The panel noted in general terms that risk management frameworks are based on likelihood and impact.  COVID-19 is no longer a likely risk and governments and business leaders are showing impressive responses to the risks triggered by COVID-19.  The panel suggested that the questions around resiliency is key as opposed to scenario planning particularly since COVID-19 triggered double and triple threats making scenario planning more complex.

The panel stressed the vitality of timing of risk responses during COVID-19 – what is done in a week, a month or a year as the situation triggered by COVID-19 evolves.  The Board must be apprised of the risk and the strategic responses to the risks.  The panel acknowledged the importance of succession planning.

While the Board Chair serves a vital role during the COVID-19 situation and is a primary conduit between the Board and management and a sounding board for the CEO in particular, additional resources must be utilized to the fullest extent possible.  To that end, under the direction of the Chair, businesses can utilize the skills of individual directors.  The Chair may also serve as a conduit between the Board risk committee and management. The panel stressed the importance of agility as management cycled a variety of issues through the Board

Reputational risk and legal issues arising from COVID-19

The panel recommended that it was important that businesses not lose sight of the long term impacts of decisions and suggested that the current situation presents and opportunity to do the right things that will enhance reputation over the longer term.  Notably, if a business focuses on financial gains during COVID-19 it is likely to suffer reputational harm.

A variety of legal issues were triggered by the COVID-19 situation.  The initial legal concerns focused on privacy and employee matters and quickly evolved to an analysis of force majeure clauses within commercial contracts.  In terms of mergers and acquisitions transactions, businesses are seeking a legal determination of the meaning of ‘material adverse change’ to guide the course of business transactions and decisions. The panel noted that the law could hinder or support adjusted strategies to address COVID-19.

The panel stated that a number of regulatory changes invoked during COVID-19 in terms of government and government agencies acquiring broader powers to regulate will dramatically impact business and strategies.

If you are interested in the recordings from this webinar-refer to GPC’s On-Demand Learning:

https://gpcanada.org/Sys/Store/Products/39832

ESG and the Role of the Board

Part One: The Board’s Role in Countering Modern Slavery

By Ellen Pekilis
March 22, 2020

A group of more than 100 engaged corporate directors, executives and governance professionals gathered at a Women Get On Board (WGOB) Toronto event to hear a riveting presentation by Gowling WLG business partner Stephen Pike focusing on evolving governance approaches to preventing modern slavery in corporate supply chains. The presentation was part of WGOB’s February 24, 2020 panel on Environmental, Social and Governance (ESG), hosted by Gowling WLG, a WGOB National Strategic Partner. Other panelists at the event included Gowling WLG’s environmental associate Liane Langstaff and environmental law partner Jennifer King, who presented on emerging best practices in governance regarding climate change.

Modern slavery is an umbrella term that refers to a group of exploitative and cruel labour practices, including forced labour, child labour, human trafficking, and debt bondage.

“Modern slavery is squarely within the purview of the board’s affirmative obligation of risk oversight,” said Pike. “That’s an obligation that includes a duty to identify business and liability risks that could impact the corporation’s ability to deliver sustainable long-term growth and value.”

Regulatory and compliance risk

Although Canada does not have any legal restrictions on importing goods made with slave labour, many of our key trading partners such as the US do. Note that Canada does have legal restrictions on the import of goods made by prison labour that were produced for commercial purposes. A public bill was introduced in the Canadian Senate in February 2020 addressing modern slavery. If enacted, it would require companies to publicly report on measures taken to prevent and reduce the risk that forced or child labour is used in any step in the supply chain in the production or import of goods.

For companies that do business in the US or other countries that do regulate the issue, boards should be of the ensuring that management has an adequate system in place to meet compliance and reporting requirements, as board members may have to sign the report and be personally accountable in some jurisdictions.

Supply chain risk

Discovering human slavery in your supply chain can lead to a complete and disruptive overhaul of your supply chain and related processes. Apple had to completely revamp their supply chain in response to allegations that child labour was used in the cobalt that was mined for ultimate use in iPhone batteries.

Aside from baseline ethical and legal concerns, the continuing allegations posed a reputational risk that Apple needed to manage. Boards should determine if their company has an adequate supply chain compliance and audit program, as well as a reputational risk response plan.

Evolving legal landscape

Marketing materials touting corporate commitments to ethical sourcing may serve as the basis for legal claims if found to be inaccurate. In January, a $550 million class action claim was filed against Hershey Canada. The claim alleges that Hershey failed to disclose the use of child labour in the farming of cocoa beans used in its products, despite public statements to the effect that it opposes child labour and uses socially and ethically responsible sourcing practices.

A recent UK case found directors personally liable for the exploitative labour practices of the corporation in relation to farm workers. While the law in the UK is different, the court focused on the fact that they had breached their fiduciary duties to the company (as opposed to the maltreated farmworkers directly), since they knew that the labour practices were illegal.

On the positive side, many companies such as Patagonia outperform their competitors in part by managing risk with proactive supply chain management techniques. For instance, blockchain technology can be used to track the provenance of commodities.

Shareholder Activism

Institutional investors such as the Canada Pension Plan Investment Board have designated human rights as a key focus area for engagement. Similarly, BlackRock’s CEO Larry Fink wrote an open letter to CEO’s seeking public disclosure that exceeds mere statutory requirements under corporate or securities law.

“The biggest push that we see is that sophisticated investors want more information. They want companies to disclose what they’re doing in terms of not only modern slavery but the environment as well,” said Pike. “Younger cohorts of consumers have different perspectives on these issues and are less likely to defer to what larger corporations have done for years and accept the status quo.”

Audit Committee Effectiveness

By Ellen Pekilis
December 11, 2019

An engaged community of governance professionals gathered to discuss audit committee best practices with Women Get On Board (WGOB). The event delivered in partnership with KPMG, National Strategic Partner of WGOB, on November 5 featured insights from panelists Trish Volker, experienced corporate director, and Toronto Hydro’s CFO, Aida Cipolla. Moderated by Silvia Montefiore, Canadian Managing Partner, Business Enablement and Operations with KPMG, the panel provided tremendous insight into a wide range of issues affecting audit committees.

1. Optimizing Audit Committee Composition

As a committee of the board, the first task is to optimize the overall board membership by developing a skills matrix. Look at the skills needed to deliver on the overall mandate of the board, and then separately for each committee.

For publicly traded companies, the audit committee composition must comply with a range of regulatory requirements. These include ensuring that the audit committee is composed of independent members who are financially literate.

Then consider the broader mandate of the audit committee beyond its regulatory mandate and ensure that you have identified members with the appropriate skills to ensure the committee can deliver on its Audit Committee mandate.

2. Critical areas for the Audit Committee mandate

Every board committee should have a written mandate. For publicly traded companies, the audit committee’s fundamental responsibilities are discharging regulatory compliance requirements. These include oversight of financial reporting, internal controls, disclosures and filing requirements (this is typically a board decision). Other key components include oversight of relevant policies and whistleblower reporting systems, and both internal and external auditors.

“It’s really about looking at the relationship of management and the auditors to ensure there is independence from management; appropriate selection criteria and work quality,” said Cipolla.

There is considerable variance around risk management as part of the audit committee mandate. Organizational risk profile will vary considerably between sectors. Some companies assign a broad risk oversight mandate to the audit committee, while others split specific risks up between relevant board committees.

“Every company does things a little bit differently,” said Volker. “At Ornge, we set up the board to have a committee structure that paralleled every C-suite office. Every committee has risk on its agenda, and it all gets rolled up through the audit committee.”

As the audit committee has such weighty statutory compliance duties, it may be overwhelmed by a broad risk mandate. Some organizations give their corporate governance and nominating committee the mandate to review the mandates of all board committees and ensure that all key risks are appropriately assigned across the committee structure.

“One committee can’t do it all on its own,” added Cipolla. “Risk is pervasive throughout all organizations. You have to make sure you can manage it and share the load across various teams.”

3. Oversight of Emerging Issues

The panelists agreed that key emerging issues include Environmental and Social Governance (ESG), Corporate Social Responsibility (CSR), social media oversight; and white-collar crime and behaviour as reflected in corporate scandals and the #MeToo movement.

Board members need to proactively educate themselves on emerging issues by attending continuing educational sessions and seminars, reading, and actively participating in professional/industry associations.

4. Oversight of Corporate Culture

Tactics for board oversight of corporate culture include regular review of policies and the selection criteria for the CEO and executive.

“At the end of the day, the CEO is responsible for ensuring an appropriate corporate culture in the organization,” noted Cipolla. “I think what’s important is that the board and the committees are monitoring. Are the actual objectives of the organization for that year being measured in a manner consistent with the culture that you’re looking to instill in the organization?”

5. Optimal relations between the company and the Audit Committee

The audit committee has a broad mandate with limited time. Open communications, advance preparation, and avoiding surprises at the committee are key to building trust between management and the audit committee. An experienced committee chair will mentor the CFO to help them understand priorities and think strategically about putting together a committee agenda to get the win.

“Whichever executive is responsible for the audit committee has to figure out, ‘what do I tell them, and what don’t I tell them,’” noted Volker. “It’s usually the ‘what don’t I tell them’ that is more interesting.”

“Do audit committee members know everything about the operation? No, but nor should you,” added Cipolla from the perspective of the CFO. “You have to feel comfortable with your executive member at the table that they’re informing you and educating you in those appropriate areas. Ask those good questions so that you get a good sense that they are providing you the information that you need to do your job.”

A lively question and answer period followed the presentation. What I found especially helpful and unique about this session was that the panel included a board member, a CFO and an external audit partner, each representing a different key perspective on how best to approach the core issues facing audit committees. Ultimately, all agreed that open, transparent and timely communications between these three roles will create the trust necessary for the audit committee to effectively fulfill its mandate.

 

Evaluating Financing Solutions in the Boardroom

By Nicole Rashotte, Marketing Communication Coordinator, Women Get On Board
October 25, 2019

During our sold out Women Get On Board Toronto event that BMO Bank of Montreal our National Strategic Partner hosted, an attentive audience listened to the engaging discussions on the topic of Evaluating Financing Solutions in the Boardroom.

Panelists at this event included Steven Jensen, Head, Sales Enablement, BMO Canadian Commercial Bank, Hesham Abourahma, Regional Vice President, Real Estate Finance, Ontario and Julia Davidson, Managing Director, BMO Sponsor Finance.

From board member responsibilities and financial risk consideration to capital structure, debt definition and company life cycles, the panelists provided an insightful discussion on the many ways the board can evaluate strategic financing solutions to make informed decisions.

1. Overview of Board Responsibilities and Financial Risk Consideration

Steven Jensen opened his discussion on this topic by first mentioning that he knows what strategies tend to work in the boardroom because he has been privy to seeing what happens to a company when its board members do not properly deal with their oversight role on financing solutions.

“One of the observations (from) dealing with these different boards (is that) one of the things I frequently see breakdown is people not questioning what’s put in front of them,” Jensen noted.

In order to mitigate this problem, Jensen said that Board of Directors need to provide leadership, direction and a clear-cut vision that will trickle down to the company or organization, as well as its employees. Jensen revealed that he can walk into a boardroom and within 10 minutes know if it’s operating from a healthy environment or not. Because of this, it is important that board members keep up their fiduciary duties – to act honestly, in a diligent manner, in good faith and in the best interests of the corporation. By doing this, boards, companies and organizations will be creating good governance practices.

Following that point, Jensen said that the second most common thing he sees go wrong in the boardroom is that people sometimes treat serving on a board as a vanity project – they are present for personal gain and do not always have the greater good of the board (and in turn the company or organization) at heart.

Finally, Jensen discussed financial risk in the boardroom, stressing the importance of being able to say no to situations where financial risk seems to outweigh the potential reward. “I think it’s important to question it in that uncomfortable way – why are we doing this and what is it taking away from the mandate of the company?”

2. Capital Structure, Debt Definitions and Company Life Cycle

Shifting to structure and debt, there are two main types of debt within the capital structure. The first is senior debt, which, as Hesham Abourahma noted, is the cheapest form of debt that you can get as a company (typically around 5 %). This type of debt is the cheapest because, “the lenders have first charge on the assets.” Abourahma also stated that senior debt is the safest choice within the capital structure. The second type of debt is subordinate debt. Abourahma describes this as sitting between senior debt and equity and revealed, “This form of debt is a little higher on the risk curve.” Interest rate on this type of debt is typically around 12 percent and is a good solution to have if you don’t want to dilute your equity.

Speaking of equity, it is important to acknowledge that it is a key component to the capital structure, although it generally come with the most risk. However,

Abourahma also revealed that it tends to expose higher reward and that equity should encompass approximately 30-40 % of a company or organization’s capital structure. “The fundamental principle is that, are you sharing in the risk with your lenders? Do you have skin in the game?”

Moving on, Abourahma broke down the three different growth phases that boards can expect to see within any company stages of growth. The first stage is the initial growth phase, where any profits generated are typically reinvested into the company in order to solidify its position and help fund continued growth.

During this growth phase, it is important for the board to understand and implement both debt and equity solutions in order to see a company make it to the second stage, which is the mature growth phase.

In the mature growth phase, revenues grow quickly, and the organization may expand to new markets and are likely making a profit. During this time, it is pertinent to evaluate different types of financing, such as public vs private debt markets or asset-based lending vs cash flow lending etc.

Finally, the last growth phase is the stabilization phase. During this time, a company should be at its peak earning years and while growth may slow, earnings are strong. In addition to organic growth, organizations may start to look at acquiring, expanding or selling part or all of the company.

3. Credit and Other Considerations

To end the session, Julia Davidson addressed credit considerations and how credit transactions are structured to reflect a sound business premise and an appropriate capital structure. Davidson noted that combined with supportable business performance, the elements of a “safe-and-sound” loan structure should clearly support a borrower’s capacity to repay over a reasonable period.

According to Davidson, “safe” for banks means that they assess the underlying collateral of a company or organization, as well as the enterprise value of a business. This is done in order to gauge what type of loan they could provide while simultaneously protecting the bank.

In terms of “sound”, Davidson noted that this refers to the business and industry analysis that banks do to understand where the company stands and what different types of capital structures it has. For example, some companies in particular industries are more susceptible to cyclical swings in the market, causing them to have very different capital structures than other companies or organizations.

At this point, Davidson pointed out that it is pertinent that both the company and the lender be on the same page in terms of capital structure and which type of loan would work best for both parties. “Any of you that (serve) on boards today, what I would encourage you to do is, don’t just look at today and what your financing needs are (think about) what are you going to need six months from now, or nine months, 12 months? It’s often easier to have that discussion upfront and provide some flexibility for the future.”

In the end, the best financing solutions are made with the board’s participation.

It is important for board members to understand capital structure considerations. An engaged board should ask tough questions by determining what the company needs to grow and ensure that management has a good relationship with their lender.

Women Get On Board is a leading member-based company that connects, promotes and empowers women to corporate boards. We do this through an engaged community of women and men in Canada committed to advancing gender diversity in the boardroom. Find out more about becoming a member of Women Get On Board.

BMO for women recognizes the power of women and their contributions to the economy and their communities. Supporting causes important to women, developing tools and resources to help them succeed, understanding their unique needs and adjusting how we work to help them to realize their financial goals are critical to being the bank that ‘gets it right’ with women.

 

 

Board Diversity: Are you an Agent of Change?

By Nicole Rashotte, Membership and Social Media Coordinator, Women Get On Board
July 2, 2019

On an evening that saw Toronto flush with rain and Raptor’s pride, the Governance Professionals of Canada (GPC) partnered with Women Get On Board (WGOB) for engaging conversations on Board Diversity – Are You an Agent of Change?

WGOB’s Founder & CEO Deborah Rosati moderated the conversation with panelists George Horhota, Co-founder, The Brockton and Director, Community Trust Company; Ekta Mendhi, Senior Director, Corporate Strategy, CIBC and Co-Chair of the Canadian Gender and Good Governance Alliance and Marian Walsh, Chair, Governance and Human Resources Committee, Board of Medavie.

From defining diversity to championing its necessity, the panelists provided an insightful discussion on the many ways business leaders can advance their board diversity mandate.

1. What does board diversity mean to your company/organization in terms of commitment and needs?

According to the Canadian Gender and Good Governance Alliance’s ‘Director’s Playbook’ (an organization which Mendhi co-chairs), “several studies demonstrate that organizations experience the greatest benefits of diversity when they have between 40% and 60% female representation at all levels.”

The panelists addressed what is currently lacking in the board renewal process and detailed what has been done or should be done to find practical solutions to increase diversity on boards. In terms of a present board ‘need,’ Horhota stated, “I think the board should reflect the diversity of the customer and their employees, regardless of what industry they are in.” He added that this school of thought is not currently in practice for boards across Canada and beyond, despite being a necessity for both customers and employees to feel like they are adequately represented.”

Both Mendhi and Walsh shared his sentiment, with Mendhi adding that it then becomes a talent pool issue. If those decision-makers in charge of identifying board talent continue to allow the same small group of individuals to serve on a board, then companies and organizations will be challenged to advance board diversity.

Shifting the focus to what board diversity commitments are being made by the companies/organizations that the panelists belong to, Walsh noted that Medavie is committed to having a diverse company with a multitude of skill sets and recognizes that those skill sets come from individuals with different gender, geographic location, age, ethnicity and culture.

2. What board renewal mechanisms do you have in place or that you would advocate for change? (eg. age limits, term limits?)

Walsh stated that introducing term limits was one way her company was able to implement change, calling it a “matter of strategic importance.” To keep a board that is fresh and represents the majority versus the minority, Medavie recognized that turnover of the board is a good governance practice and critical to the foundation of their overall business model.

The panelists agreed on the importance of setting age limits, as it opens board seats to add younger cohorts, which often results in new or fresh ways of approaching how a company or organization is run.

3. Describe how you or your company/organization are an Agent of Change (give examples) in advancing board diversity?

When it comes to being an agent of change, companies/organizations need to embrace board diversity as part of their culture. The panelists agreed that significant importance needs to be placed on how companies and organizations go about finding board candidates.

Mendhi suggested using peers, networking organizations and executive search firms as a source of finding diverse board candidates and expanding the potential talent pool.

Walsh revealed that every time a board seat becomes vacant at Medavie, the company requires that its board competency matrix is met by searching for candidates that represent diversity from gender, geographic, age, ethnicity and culture.

It is not enough to discuss how a company or organization can be an agent of change – there needs to be champions within to make it happen. Whether this is a Chief Diversity & Inclusion leader or senior business leaders that champion the company’s goals to catalyze change.

4. Are there other companies/organizations or countries that you think are good examples that are advancing the board diversity mandate?

The panelists agreed that it is essential that other companies, organizations and even countries get involved.

Mendhi was quick to acknowledge the Canadian Gender and Good Governance Alliance, in particular, the Canadian Coalition for Good Governance (CCGG), which defines itself as “the preeminent corporate governance organization in Canada uniquely positioned to effect change as the voice of institutional shareholders that invest in Canadian public equities.” The CCGG advocates for business leaders to commit to diversifying their boards.

Horhota pointed out that many institutional investors are also becoming agents of change as they take steps to vet potential board candidates to make sure there are diverse board candidates on the slate.

Walsh noted that as new board members are on-boarded, it is essential that they become advocates for advancing the board diversity mandate. All panelists agreed; this is a vital step to ensure diversity is incorporated into the board culture.

Women Get On Board is a leading member-based company that connects, promotes and empowers women to corporate boards. We do this through an engaged community of women and men in Canada committed to advancing gender diversity in the boardroom. Find out more about becoming a member of Women Get On Board.

 

Ilana Hechter – Partner, Mercer Consulting

Hot Topics in D & O Risk and Insurance:  Climate Change, Respectful Workplace, Cannabis and Blockchain & Cryptocurrency

By Ellen Pekilis
May 8, 2019

A panel of four experts provided information on top trending risks to a sell-out crowd in Toronto on April 10th. “Hot Topics in D & O Risk and Insurance Climate Change, Respectful Workplace (#MeToo), Cannabis and Blockchain & Cryptocurrency” hosted by our National Strategic partners, Marsh Canada.

1. Climate change presented by Karen Lockridge – Principal, Responsible Investment, Mercer Consulting

Directors’ climate liability exposure may increase substantially due to a wide disparity between boards and the expectations of key stakeholders regarding climate risk. Failure to proactively manage environmental risks is becoming increasingly newsworthy.

The 2019 World Economic Global Risk Report found that climate change and related environmental concerns are perceived as dominating the risk landscape.

This is reflected in increased investor engagement on these topics. The Report is an annual survey of broad stakeholder groups including business, academia, investors and civil society.

By contrast, the 2018 Global Network of Director Institutes found that only 17% of responding directors viewed climate change as very relevant to their corporation or role as director, while 30% thought it was not at all relevant.

Karen Lockridge, a Principal with Mercer’s Responsible Investment team in Toronto, suggested that boards follow the road-map provided by the Task Force on Climate-related Financial Disclosures.

Described as the most significant development since the Paris Agreement, the Taskforce was established when Mark Carney and a group of 20 other Finance Ministers and central bankers realized that there was insufficient data to assess the risk that climate change poses to the global economy. Led by Michael Bloomberg and 32 members from a broad range of multi-nationals including Mercer, Tata, Unilever and Bank of America, the Taskforce represented recognized names across the whole value chain in terms of corporate reporting. Their recommendations were summarized as follows:

  • Are our strategies and operations at risk, given expected climate changes and the drive to a low carbon economy?
  • Is the organization’s governance of climate-related risks and opportunities robust and effective?
  • Does the organization’s strategy and financial planning accurately assess and reflect the actual and potential impacts of climate-related risks and opportunities?
  • Does the organization have a process in place to identify, assess, quantify, and manage climate-relate risks?
  • Is the organization using metrics and targets to assess and manage relevant climate-related risks and opportunities?

2. Respectful Workplace (#MeToo) presented by Ilana Hechter – Partner, Mercer Consulting

There is a similar gap in beliefs as to whether workplace bullying and harassment is a material risk. But building a respectful workplace is about more than checking a box on diversity, said Hechter. According to Statistics Canada, 60% of employees report having experienced harassment and bullying at work. By contrast, the Gandalf Group’s C-Suite survey found that nine out of ten senior executives in Canada do not believe that sexual harassment is a problem. Hechter pointed out that this kind of disparity t can drive a #MeToo risk.

Additionally, this gap between executive and worker perceptions can exacerbate employee attraction and retention risks, particularly if the company requires a pipeline of highly skilled millennials. Focusing on diversity and inclusion as a part of organizational culture has an economic impact on performance. As Hechter stated, “diversity is being asked to the dance; inclusion is being asked to dance”, a small but impactful difference. The trend moving from a more traditional engagement contract to a “thrive” contract focuses on how to ensure your employees perform the best for the short period of time they are likely to stay. Providing them with a sense of purpose is critical as money is not the key driver. Employees value working where they feel respected and included.

Hechter encouraged board members to ask:

  • Does the organization have a diversity and inclusion policy?
  • Is there a reporting process?
  • Are expectations clearly articulated to permit insistence between locations and business lines?
  • Are leaders – especially middle managers who manage teams – invented to implement and achieve diversity and inclusion goals?

3. Blockchain & Cryptocurrency presented by Jennifer Hustwitt – Senior Vice President, Marsh & McLennan Companies

A global patchwork of crypto-asset regulatory requirements is developing, which creates uncertainty in terms of the international flow of business. Board members should monitor efforts to achieve alignment and consistency in international regulation necessary to support an international trading infrastructure.

Understanding these changes and the regulations that are starting to unfold as a result of regulatory oversight of key fin-tech players is critical for boards. To help boards and senior executive come up to speed, Marsh launched Crypto-Assets and Blockchain Technology: On the Brink of Legitimacy? at the 2019 Davos World Economic Forum.

Tokenization of cryptocurrencies is now allowing individuals to own fractions of assets. The future of the user experience in a seamless payment experience is ever evolving in Silicon Valley. The development of seamless app-based payment technologies has given boards the opportunity to review whether digitization of financial assets should be viewed by their organization as a strategic differentiator.

A key risk factor is the global shortage of blockchain-specific software and network security experts. Regulators are signaling that reliance on current cyber-security resources and techniques may be insufficient to manage risks such as anti-money laundering/know your client in the crypto-currency space. With compliance officers moving into cryptocurrency boards we are seeing positive indicators that further regulations and formalization in the industry is coming—and that the industry as a whole is here to stay.

Scandals and increased regulatory scrutiny are driving an enhanced focus on licenses. Organizations are advised to undertake a rigorous evaluation of licensing requirements in each relevant jurisdiction, including at the state and provincial level.

4. Cannabis presented by Dianne Morrison – Senior Vice President, FINPRO, Marsh Canada Limited

Legal in Canada since the early 2000’s (medically) and now legal nationwide recreationally, the cannabis industry is a disruptive force. It is a new and rapidly evolving industry that has the potential to take market share from numerous fields including alcohol, pain remedies, sleep aids, sports aids and wellness products. Dianne Morrison advised that boards need to ensure that their organization has considered whether cannabis will disrupt their organizational strategy and developed appropriate mitigating tactics.

Boards should also monitor the risks that arise from the inconsistent regulatory frameworks for cannabis. While Canada regulates cannabis as a pharmaceutical product, there is inconsistency in approach between the 33 American states where cannabis is legal.

Cannabis, of course, remains illegal in the US at the federal level. Publicly traded companies with cannabis businesses need to divest their US assets at the current time or risk being delisted.

Where there is exposure to cannabis-related risks, board members should ensure that the company has appropriate Directors & Officers (D&O) insurance. US based insurers or their Canadian subsidiaries cannot operate in this space at this time. Insurance companies want to see how claims develop before fully defining D&O insurance, so for now terms and conditions may be more restrictive and premiums higher, but insurance products are now available.

Women Get On Board is a leading member-based company that connects, promotes and empowers women to corporate boards. We do this through an engaged community of women and men in Canada committed to advancing gender diversity in the boardroom. Find out more about becoming a member of Women Get On Board.

 

The Role of the Board in M&A transactions: Creating Value and Minimizing Risk

By Susan Rabkin, Corporate Director, and Karen Pugliese, Country Leader, Canada, CommScope
February 11, 2019

Background

On an icy February morning, in Toronto over 75 people turned out at the Women Get On Board breakfast event hosted by Gowling WLG for a panel discussion on the board’s role in creating value and minimizing risk in M&A transactions. Norma Beauchamp moderated the panel, board member and panelists included Kathleen Ritchie, Partner, Gowling WLG and Steven Latinovich, Managing Director, Corporate Finance BMO Financial Group. From metals, mining and energy to the latest trend of international expansion of cannabis, both the number of Canadian registered deals and their value, have increased exponentially in the last couple of years. The board’s role in M&A is more important than ever.

The event panelists, all experts in various aspects of M&A, provided insights in response to thoughtful questions posed by the WGOB team. What follows are some of those insights.

1. Is the board M&A ready? Are there processes in place to evaluate an M&A deal?

A key to being “ready” is for the board to “know” the company and space within which it operates. It means not only seeing M&A opportunities but also understanding the competitive landscape and its threats. In addition to acquisitions the company may want to pursue, the board should consider whether the company itself might be a target, which could happen unexpectedly if the board doesn’t know the company well enough! How do you do this?

The panelists agreed that the board should have a formal process in place for regular M&A discussions (perhaps quarterly or annually). This includes regular management reports to the board on M&A opportunities, both buy-side and sell-side, especially for firms operating in industries impacted by rapid consolidation. According to Steven Latinovich, buy-side considerations would include determining what industries, verticals, and the purchase price would be accretive or strategically intelligent. On the sell-side, attention should be given to the strategic changes, divestitures, geographical re-alignments, and management succession plans that may be required, and within what timeframe, to make the firm most attractive to a potential buyer.

In addition to obtaining management’s perspective, the board should have generative discussions of their own regarding M&A. This may reveal opportunities that would not otherwise percolate up to the board from management, due to differing views on strategy, conflicts of interest, or concerns about job security. Involving advisors early and regularly, including leveraging free advice, will help put you ahead of the “readiness” curve, and may also increase the amount of M&A opportunities that merit board consideration.

Panelist Kathleen Ritchie emphasized that to be “ready,” the board must have mechanisms in place to reach one another quickly and have key advisors lined up in advance. Moving fast is critical when offers, letters of intent, or exclusivity issues arise. Boards must immediately assess the market and determine whether the offer is mere trolling or is legitimate. Moreover, many emerging companies are disorganized and would be hard-pressed to assemble a data room on short notice, thus getting access to the right information to make quick decisions can be challenging. Managing the cost of third-party experts can also be challenging, but having their guidance can make the difference between success and failure.

2. How do you determine whether a special committee should be formed and whether or not external advice should be sought?

Kathleen explained that efficiency is one of the main reasons for the establishment of a special committee of independent directors in the context of M&A. A special committee of the board can help narrow the focus of M&A strategy using a board and third-party experts in a smaller group setting to do the “heavy lifting” required when assessing an M&A transaction.

The special committee brings independence and objectivity. It was noted that the only legal requirement for establishing a special committee is to protect public company minority shareholders in the event of an insider bid. Nonetheless, all panelists agreed that having a committee or, at the minimum, a sub-committee, updating the broader board on M&A is prudent. The special committee may also be directly involved in M&A negotiations if management is too close to be impartial.

3. What are some of the critical M&A processes you need to set up and what is the right M&A leadership that needs to be in place?

When it comes to M&A, sometimes CFOs are lazy, and CEOs too aggressive, or sometimes they’re simply too stretched to give adequate consideration to M&A. According to the panelists, boards must have “boots on the ground” to really understand the psychology behind M&A, and to understand potential conflicts of interest within management. Boards must ensure their values reflect those of shareholders, and that they’re representing the best interests of the company.

What are some practical ways to do this? According to Kathleen Ritchie, before transactions arise, make sure contracts are centralized, clean up records, including minute books, etc. Don’t be shy about calling in advisors, as discussed earlier. If you’re on a public company board, make sure information is “locked-down,” and that only a small group is involved in the transaction. This will help avoid potential leaks, trading blackouts and regulatory investigations after the transaction is complete.

Strategic board leadership requires an honest assessment of corporate cultures and understanding whether distinct cultures can be aligned, knowing how to achieve meaningful synergies, understanding the transaction’s value proposition, and selecting the best financing options. Only by asking the right strategic questions and getting satisfactory answers is the board is well-positioned to provide the necessary leadership.

4. What are ways to review the proposed deal in the context of the company’s strategy and challenge the value creation potential of the transaction?

As noted above, seeing a path to either changing or invigorating the corporate culture of an organization in an M&A transaction is a critical determinant of its success or failure. According to Latinovich, if you can’t see such a path, “… it will be a drag on management resources and the acquisition will not be accretive”. In his words, “Culture Kills Strategy.”

He also noted that synergies lower acquisition multiples so the M&A team must be expert at extracting value from synergies and have confidence in their prowess at business integration. Also, as companies grow in size and scale, they may attract higher valuations and access to new markets and customers. He noted some methods to review a proposed deal both from the buy-side and sell-side and pointed out that the board’s judicious use of financing options can help a company grow more rapidly. Asking the right strategic questions, understanding your valuation and the motivations of strategic vs. financial buyers will have different implications on the legacy of the business you’ve built as a board.

5. What are some of the critical aspects of due diligence that should be in place before approving the transaction?

The panelists agreed that knowing what you’re trying to buy is the starting point for making sure you get what you want from your due diligence process. Moreover, as Ms. Beauchamp noted, finding the “skeletons in the closet,” i.e. what you don’t want to buy, is equally important. Therefore, due diligence spans not only legal, but also financial, tax, geographical access, IP, specific industries, employment matters, and many other aspects. Most M&A law firms have checklists that assist in conducting thorough due diligence, but the amount and depth of inquiry depend very much on the deal that is desired.

When a public company is involved and a deal announced, the parties must move quickly. Having the fewest conditions possible to be able to close the deal is critical. It is essential to identify items such as change of control provisions in contracts that can impact the deal’s value (e.g. debt acceleration or employment contract payouts) and to know what consents or regulatory approvals are required to complete the transaction. Share deals require reciprocal due diligence. Public searches, including on the various forms of security should be conducted to find hidden issues. The board should ask its M&A lawyers to provide an overview of the transaction and raise any “red flags” to focus the due diligence effort.

Having good bankers and sound financial advice can be pivotal for successful M&A. Due diligence conducted by these experts will help ensure that financial statements, growth trajectories, tax implications, and other qualitative aspects of a transaction are validated, and help determine the appropriate structure of a transaction.

6. What are ways to examine the post-merger integration plan in details and tracking performance against the plan?

The panelists stressed that having a post-merger plan in place is essential for several reasons. The performance of post-merger integration is tied to being able to effectively communicate the path forward, the culture, and treatment of employees. The plan will provide targets for cost savings and revenue and earnings growth, to which management can be held accountable as part of a successful integration of the businesses. The plan will also help identify strong players that will help take the organization into the future. As a result, both the pre-plan and post-plan require a focus on the people.

In this regard, having an effective communication plan for employees is paramount, or good talent may be lost. Employees must be seen as, and treated as, the most critical assets of the organization. The first step is to “lock in” the best talent and find an exit strategy for those that don’t fit. Ensure that you have adequately compensated those who are critical to the success of the acquisition – and think of success at multiple levels of the organization, not just the C-suite.

Analysis of the financial impact of the post-merger transaction involves a careful deep dive into the quality of earnings and whether they have materialized, identifying any surprises that weren’t uncovered in due diligence, determining whether appropriate cash flows are realized, whether the financing options chosen were correct, and whether there are any impediments to future investments, etc.

Shareholder perception of the integration of the businesses will be carefully scrutinized, especially when the post-merger first quarter financial results are available. Post –merger results will be the test of whether the transaction delivered the goals stated when the deal was announced.

Finally, an important caution raised by the panel. It is critical to avoid “gun jumping.” Gun jumping is the integration of the businesses before the transaction has closed. The excitement around a deal within the organization may lead to improper integration activities, with serious repercussions. Board leaders, with the help of external advisors, must ensure this does not happen.

Women Get On Board is a leading member-based company that connects, promotes and empowers women to corporate boards. We do this through an engaged community of women and men in Canada committed to advancing gender diversity in the boardroom. Find out more about becoming a member of Women Get On Board.

 

Disruption and Transformation – The Board’s Role in Overseeing Opportunities and Risk

By Ellen Pekilis
November 23, 2018

Innovation and disruption are top of mind for every board.  Women Get On Board recently held a panel discussion to provide expert insight on the board’s role in guiding transformational change and learning to embrace risk. Hosted by KPMG, the panel was moderated by Lori O’Neill, board member and independent governance consultant.  Panelists included Craig O’Neill, CEO of VersaPay and Leslie Luk, audit partner in KPMG’s technology, media and telecommunications practice.

Building Trust

Boards are necessarily focused on risk management and compliance, particularly in a public company context.  Encouraging the board to consider risking truly transformational change requires the CEO to take deliberate steps to build trust between the board and management.

Craig O’Neill took VersaPay through a transformational change which involved selling their main revenue-generating asset to create the bandwidth to focus on new directions.  Getting board approval for such a dramatic divestiture required focused trust-building.

“When you can build that trust and that healthy tension, it’s kind of magical,” said O’Neill. “You can be very productive as a board if you have it.  If you don’t have it, it can be very unproductive and very, very divisive.”

Key tactics included putting a premium on transparency.  O’Neill used a “skip level” approach by which he put key board members in direct touch with his direct senior reports including the CFO, keeping a close eye on roles and responsibilities to counter the tendency of board members to meddle in operations if they get too close to management.

“I wanted them to know that what I tell them is straight up the truth. It’s not varnished, it’s not filtered. You’re going to hear the good, the bad and the ugly. If there is any bad and ugly–and there is always bad and ugly–you can trust what I’m telling you,” said O’Neill.

Leslie Luk advised that establishing mutual understanding with the board about the type and frequency of information flow is key to establishing board trust.  She suggested that pre-meetings with the Audit Chair could also go a long way to help.

Let Sub-committees Take a Deep Dive

The panel recommended establishing sub-committees for the really big transformational decisions.  Sub-committees permit a small number of board members to set aside the time for a focused deep dive in the issues.  While the ultimate decisions remain with the board, the fact that some board members are recommending the change from an informed position may encourage a higher trust level by the rest of the board members in terms of embracing transformational risk.

Sub-committees should be established with a specific purpose and with the same rigour that a Board would put into establishing the audit committee.  Be purposeful about identifying the special skill-sets required from sub-committee members to get the best governance oversight.

Implementing Implementation

Many strategies die on the shelf.  Tone from the top is key to encouraging management to actually operationalize the strategy once it has been approved. Adopting an innovation culture can also help de-risk a project.

“Fail quick and fail small,” advised Leslie Luk.  “Try things on a smaller scale.  Having the board with that mindset will help incentivize management to actually try things.”

It is critical that management establishes appropriate indicators and consistently reports on them as a standing item on each quarterly board meeting agenda.

“The board has to ask management, ‘what are the signs of success?’,” stated Craig O’Neill.  “Lead indicators.  Not lagging indicators.  What do we watch to see if we are on the road to success, not lagging indicators that will let us know that we have already succeeded in the past.  We use a report card on both leading and lagging indicators, but the lead indicators are way more important.”

Women Get On Board is a leading member-based company that connects, promotes and empowers women to corporate boards. We do this through an engaged community of women and men in Canada committed to advancing gender diversity in the boardroom. Find out more about becoming a member of Women Get On Board.

 

Cyber for the C-Suite – A New Reality

By Ellen Pekilis
May 3, 2018

Cyber risk is expanding in scale, scope, severity and source, landing near the top of most boards’ risk profiles. Catherine Evans, National Cyber Practice Leader, led a recent Women Get On Board session exploring the new realities of cyber risk for board members. Key learnings include:

1. The Internet of Things

The astronomical rise in connectivity will fundamentally change the nature of cyber risk. By 2020, there will be an estimated 50 billion connected devices. That means 50 billion ways in. Centralized system controls can no longer provide the same degree of assurance that they have traditionally delivered.

2. The Rise of Nation States as Threat Actors

2017 saw a rise in the sophistication of cyber attacks, stemming from military-grade techniques developed by nation states. Russia, North Korea and China are most commonly cited as applying the full force of government funded technology with extreme capability far beyond the wildest imagining of the teen hacker in the basement who used to haunt boards’ nightmares. New tools and responses will be required to meet this degree of threat.

3. Cybercrime Motives and Goals Are Evolving

Cybercrime typically had a simple driver: money. Key breaches focused on monetizing sensitive personal information such as credit card numbers, social insurance/security numbers and health data. No more. The market is now so flooded with easy access to stolen personal information such as credit card numbers that the price has dropped. While the market for illicit personal information is still there, it’s not as lucrative. The focus of cybercrime has broadened to include intellectual property theft and causing operational disruption to extort a ransom. Nation states are also focused on causing actual damage to physical infrastructure, for example, attacks on power grids in the Ukraine & the US.

4. With Evolving Goals Comes New Targets

As the motives for cybercrime change, so do the targets. Organizations with deep holdings of personal information have typically been the focus of cybercrime. Manufacturing – particularly in a pure business to business environment – has so far escaped the brunt of cybercrime, but this is changing. As the focus shifts towards IP theft, operational disruption, and physical plant damage, manufacturing companies need to move cybercrime higher on their risk management agenda.

5. The Regulatory Landscape is Changing

A raft of new compliance requirements are coming into play. In Canada, the Digital Privacy Act 2018 will come into force in November, 2018. It includes mandatory breach notification of both affected individuals and regulatory authorities. The notification requirements are subject to a variety of triggers including the sensitivity of the information involved and the risk of harm. The EU General Data Protection Regulation comes into effect this month and also include mandatory breach notification requirements as well as the right for EU residents to receive their information and have it permanently deleted from all sources.

In the US, the SEC has issued Guidance on breach disclosures. The Guidance stresses the importance of establishing proactive policies and procedures before there is a breach. The SEC focuses on the importance of board oversight and establishes expectations that the Board understands the company’s relevant policies and procedures. The SEC has also expanded the financial disclosure certification to include board certification that the company’s cyber-security and response plan are adequate for the risks.

6. Governance Needs to Develop With the Same Intensity As the Risk

In a recent Marsh study, most organizations appropriately identify cybercrime as a top 5 key risk. However, most advise that they can’t effectively measure or evaluate the risk. 34% have no way to measure cyber-risk and a further 46% have only qualitative measures that may be insufficiently robust. Most view governance as functional, not strategic, with 65.9% of respondents saying that cyber risk is a technical matter owned by IT, not an organizational risk owned by all key risk owners/managers. In reality, IT may control the mechanisms, but the broader organizational exposures are way beyond IT’s capacity. 45% of senior executives say they provide cyber-risk information to the Board, but only 18% of Directors say they receive such information. This disconnect is particularly sobering given the staggering rise in the scope of the risk, coupled with the SEC guidance (for US reporting issuers) that the Board certify the adequacy of the company’s cyber-security and response plan.

Women Get On Board is a leading member-based company that connects, promotes and empowers women to corporate boards. We do this through an engaged community of women and men in Canada committed to advancing gender diversity in the boardroom. Find out more about becoming a member of Women Get On Board.