Category: Leadership

Director Liability And Protection. Developments, Strategies, Trends.

by Pepper Hamilton LLP

Directors and officers are exposed to potential liability from suits by the company, shareholders, and debt holders, among others. There are, however, a number of protections available to protect the assets of directors and officers.

Published in the December 2017 issue of INSIGHTS (Volume 31, Number 12). INSIGHTS is published monthly by Wolters Kluwer, 76 Ninth Avenue, New York, NY 10011. For article reprints, contact Wrights Media at 1.877.652.5295. Reprinted here with permission.

Being a corporate director or officer can be risky business, especially for those involved with public companies. Directors and officers (Ds&Os) are exposed to lawsuits by the company, corporate successors, shareholders, debt holders, employees, bankruptcy trustees and governments. The building blocks of asset protection for Ds&Os are outlined in this article, as well as basic securities and fiduciary liability principles, updates on relevant government enforcement policies under the Trump Administration, and implications for D&O liability insurance coverage.

As discussed here, private securities claims and derivative suits against public company directors and officers are on a powerful upswing, with an unprecedented number of new lawsuits filed in 2017. Meanwhile, under the Trump administration, there are signs of a possible easing of government enforcement actions as the Department of Justice and SEC review prior policies governing corporate cooperation credit and the pursuit of individuals responsible for corporate wrongdoing. In these changing and challenging times, it is important for directors, officers and companies to review their corporate articles, bylaws, contracts and insurance to assure that corporate commitments and policies for protecting Ds&Os fit the needs of the company for balance sheet protection, flexibility and the exercise of discretion, and also satisfy the needs of Ds&Os for reliable and adequate sources of indemnity and advancement.

Asset Protection Overview

Lawsuits and demands against Ds&Os often materialize as claims for alleged violations of securities laws or breaches of fiduciary duties owed to the company or its stockholders. Directors and officers have several potential layers of protection for out-of-pocket expenses and losses, including legal costs, settlements and even judgments.

Statutory Corporate Indemnity and Advancement

State corporations laws permit or require companies to indemnify directors, officers, and employees who are forced to incur costs to defend or protect themselves in lawsuits or proceedings involving their work. Delaware and California law require indemnification of directors and officers who succeed in defending themselves—in Delaware “on the merits or otherwise” and in California “on the merits.”1

Delaware and California law also permit (but do not require) indemnification for defense costs, judgments, fines and settlements incurred by directors, officers and employees who acted “in good faith and in a manner reasonably believed to be in and or not opposed to the best interests of the corporation” or, in a criminal matter, “had no reasonable cause to believe the conduct was unlawful.”2

These are known as the “minimum standards of conduct” for permissive corporate indemnification. A corporation is not legally permitted to indemnify an individual for expenses resulting from conduct that fails to meet these standards. Nor may a corporation indemnify an individual for a judgment of monetary liability to the corporation itself.

Rather than face a potential non-indemnifiable liability, cases against Ds&Os generally settle, if they are not dismissed on pre-trial motions. Corporate laws permit a corporation to advance legal expenses prior to any final determination of whether an individual met the minimum standards of conduct for indemnification. In Delaware and California, corporations may advance defense costs if the individual promises to repay the money if he or she is later found not to have met the minimum standards of conduct for indemnification.3

In order to attract high quality Ds&Os to serve, many companies commit to indemnification and advancement of their Ds&Os in the articles of incorporation or bylaws “to the greatest extent permitted by law.” This language effectively makes permissive indemnification and advancement mandatory.

Contractual Indemnity and Advancement

Directors and officers can strengthen their rights to corporate indemnity and advancement by requiring, as a condition of employment, that the company enter into a private contract stating the terms of its obligation to indemnify and advance.4 Then, if later changes in the articles, bylaws, ownership, key decision-makers or policies are disadvantageous to a director or officer, the company is bound by its contractual agreements to them. These private agreements usually contain presumptions, burdens of proof, timetables and other terms that favor individuals and generally continue in force after the employment relationship or directorship ends.

Exculpation

Many states also permit companies to limit the personal liability of directors (but not of officers) to the corporation and its stockholders with an “exculpation” provision in the articles of incorporation. These provisions excuse directors from personal monetary liability to the company and its shareholders for breach of the fiduciary duty of care. Corporate laws do not permit exculpation, however, for breach of the fiduciary duty of loyalty, bad faith, intentional misconduct, knowing violations of law, transactions resulting in an improper personal benefit, or improper payment of corporate dividends.5

Third-Party Insurance

The final layer of asset protection is D&O liability insurance purchased by the company to protect corporate assets and provide coverage for Ds&Os when the company cannot or will not indemnify them. D&O liability insurance is designed to pay losses (including legal fees) for defending against allegations of “wrongful acts,” such as violations of securities laws or breaches of fiduciary duty, that result in damages to the company, its stockholders or investors.

Most D&O liability policies contain multiple products in a single policy. A traditional “ABC” policy covers personal asset protection and corporate balance sheet protection. Side A covers directors and officers when the corporation cannot or will not indemnify them—such as when it is insolvent, chooses to withhold indemnity, or concludes that an individual failed to meet the minimum standards of conduct. Side B reimburses the corporation for indemnification paid to directors and officers. Side C covers the corporation when it is named in a securities action. Finally, excess Side A DIC (difference in conditions) coverage is dedicated coverage for directors and officers that is not “shared” with the corporation. Side A DIC provides coverage in excess of a tower of primary and excess policies and, among other attributes, “drops down” to replace an underlying insurer if it becomes insolvent.

Although D&O policies provide coverage for claims alleging “wrongful acts,” they exclude coverage for willful or intentional misconduct, which is uninsurable as a matter of law and public policy. That said, insurance can provide coverage for conduct that would not be indemnifiable by the corporation, such as non-exculpable failure of oversight or forms of “bad faith” that do not rise to the level of intentional misconduct. Corporate laws generally allow companies to buy D&O insurance for nonindemnifiable claims.6

Liability Standards—Securities Laws

Corporate directors and officers have potential exposure under both state and federal laws for securities law violations, which commonly are based on allegedly misleading disclosures to investors or illegal sales of securities. Liability for securities violations ranges from mere negligence to intentional wrongdoing. Federal law preempts state law in securities fraud class actions.7

Section 10(b) of the Securities Exchange Act of 1934 (Exchange Act) is the work horse most often invoked against directors and officers in private securities litigation. Federal courts have exclusive jurisdiction over Section 10(b) cases, and most federal circuit courts have concluded that “recklessness” satisfies the mental state required to prove liability—although the U.S. Supreme Court has never determined whether “reckless” conduct is sufficient.8

Federal securities fraud class action filings hit a record pace in 2017, with the most new case filings since enactment of the Private Securities Litigation Reform Act of 1995 (PSLRA). The PSLRA set up legal hurdles and protections for companies, directors and officers, designed to weed out meritless claims at the pleading stage, often filed on little more than accusations of prior disclosure fraud when disappointing news results in a stock price decline.9

Sections 11 and 12 of the Securities Act of 1933 (Securities Act) are invoked against Ds&Os less frequently than Section 10(b) because they apply in narrower circumstances.10 Section 11 is designed to redress material misstatements in a registration statement, and most often invoked following a public offering, when stockholders can trace their purchases to a particular registration statement. Section 12 is designed to redress the illegal sale of unregistered securities and material misstatements in prospectuses and other offering materials. Ds&Os can defend themselves against misrepresentation claims under Sections 11 and 12 by demonstrating their due diligence and that they “had no reasonable ground to believe and did not believe” that the challenged statements were untrue when made.11

In 2017, the United States Supreme Court took up an important issue in Cyan Inc. v. Beaver County Employees Retirement Fund,12 about whether state courts have jurisdiction over claims filed under the Securities Act. From the mid-1990’s until recently, plaintiffs brought Section 11 and Section 12 claims in federal court, where many of the PSLRA’s protections operate through the federal rules of civil procedure.13 However, federal courts in California parted company with other jurisdictions by holding that state courts retain jurisdiction over 1933 Act claims. If the Supreme Court agrees, then public companies—especially new companies following an IPO—will face the prospect of securities class actions in state courts that lack familiarity with the federal securities laws and are not obliged to enforce some of the procedural protections contemplated by the PSLRA—thus, increasing D&O liability risk.

Liability Standards—State Fiduciary Duties

The liability of directors and officers for breach of fiduciary duties owed to the corporation or its stockholders is governed by state law—usually the state of incorporation.14 In Delaware, gross negligence violates the fiduciary duty of care.15 In California, directors and officers are held to a standard of ordinary negligence, except that directors, unlike officers, have no liability if they act in good faith and in reasonable reliance on others.16

Duty of Care: The Business Judgment Rule

The first line of defense in a breach of fiduciary duty case is the business judgment rule (BJR). By statute or common law, depending on the state, the BJR immunizes directors for decisions made in good faith and on an informed business basis, even if those decisions result in losses to the company or its stockholders. In Delaware, it is unsettled whether the BJR protects both directors and officers; in California, it protects only directors.17

Many states, including Delaware and California, recognize a presumption that disinterested directors acted in good faith and on an informed basis, and put the burden on plaintiffs to rebut the presumption that the BJR applies to a given board decision.

Where the BJR applies, courts are expected to defer to a board’s decision about managing corporate affairs.18 Even if a board’s business judgment is “substantively wrong, or degrees of wrong extending through ‘stupid’ to ‘egregious’ or ‘irrational,’ ” no court should second-guess it and no director should have liability for it as long as “the process employed was either rational or employed in a good faith effort to advance corporate interests.”19

Business judgments that result in waste of corporate assets, however, are not recognized as valid and could expose directors to personal liability. However, “waste” is a transaction “so one-sided that no business person of ordinary, sound judgment could conclude that the corporation has received adequate consideration.”20

Duty of Loyalty and Good Faith

Directors are not entitled to corporate indemnification—nor exculpated from personal liability—for breaches of the duty of loyalty or bad faith. “Bad faith” and the absence of good faith are “two sides of the same coin.”21 Bad faith in its “most extreme form” involves “the conscious doing of a wrong because of [a] dishonest purpose,” or “intentionally fail[ing] to act in the face of a known duty to act, demonstrating a conscious disregard for [his or her] duties.”22 In order to win a money judgment against directors, plaintiffs must allege and prove a non-exculpable breach of the duty of loyalty or bad faith. Accordingly, plaintiffs often allege that directors “consciously disregarded” a duty to intervene in events that are harmful to the company or its stockholders, or that they approved or engaged in transactions for self-interested reasons, knowing that their actions were not in the best interests of the company or its stockholders.

A transaction is self-interested when a director stands on both sides of it or is influenced by someone whose interests are across the table from the corporation’s interests. It is important to note that Ds&Os engage in business transactions with their companies not infrequently. These transactions are not inherently wrongful. Rather, the transaction will be subject to heightened judicial scrutiny, and the burden rests on the self-interested director to prove that the transaction was “entirely fair” to the corporation.23 This heightened scrutiny and burden expose the director to the risk of a finding that the director obtained a personal benefit that he or she knew was opposed to the best interests of the corporation or its shareholders—i.e., non-exculpable, non-indemnifiable conduct.

Liability for Failure of Oversight Under Caremark

Directors also face non-exculpable, non-indemnifiable liability exposure for a failure of corporate oversight that amounts to breach of loyalty. Under the Delaware Court of Chancery’s Caremark decision, directors face liability for breach of loyalty when “a loss eventuates not from a [business] decision but, from unconsidered inaction.”24 Directors may be liable if they knew or should have known that violations of law were occurring within the corporation and yet failed to take steps to prevent or remedy the situation. Directors must assure themselves that “information and reporting systems” exist that are reasonably designed to provide timely and accurate information sufficient to allow them to make informed judgments “concerning both the corporation’s compliance with law and its business performance.”25 “[A] sustained or systematic failure of the board to exercise oversight—such as an utter failure to attempt to assure a reasonable information and reporting system exists—will establish the lack of good faith that is a necessary condition to liability.”26

Because liability under Caremark is based on bad faith amounting to breach of the duty of loyalty, the company cannot indemnify a culpable director or officer. This narrows the potential source of indemnity to D&O insurance. A company may indemnify and advance legal fees and settlement costs, however, before a final determination of liability—which naturally tends to drive failure of oversight cases to settlement.

Government Investigations Focusing on Individual Wrongdoing

The federal titans of securities law enforcement—the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC)—have policies that encourage aggressive pursuit of individuals, both as sources of information and targets of enforcement action. These policies have negative implications for D&O defense.

The DOJ Policy

In a September 2015 memorandum by then-Deputy Attorney General Sally Yates, the DOJ announced a policy to more aggressively pursue individuals.27 This announcement followed an uptick in the number of individuals charged under the Foreign Corrupt Practices Act (FCPA) and the False Claims Act. Statements out of the DOJ under the new administration have raised some uncertainty about whether the policy will continue in full force.

The Yates Memo gave federal prosecutors and investigators guidance on “key steps” to strengthen pursuit of individuals for corporate misconduct. In order to gain “any” credit for cooperation, companies must turn over “all relevant facts” relating to conduct of individuals responsible for corporate misconduct. Both civil and criminal enforcement attorneys are to focus on individuals at the inception of an investigation and share information with each other. Enforcement attorneys may not agree to a settlement that protects individuals or resolves a corporate case without a clear plan to resolve individual cases. Finally, civil attorneys must consider actions for monetary recovery against culpable individuals regardless of ability to pay.

While the impact of the Yates Memo is still playing out, some commentators have noted a counterintuitive drop in FCPA enforcement actions against individuals.28 In a speech at New York University Law School in October 2017, Deputy Attorney General Rosenstein stated that while the Yates Memo is “under review” and subject to change, the policy of focusing on individual accountability for corporation wrongdoing will continue under the current administration.29 On the other hand, in a November 17, 2017 press release, Attorney General Sessions may have been alluding to the Yates Memo in declaring an end to the DOJ “practice” of blurring regulations and “guidance,” stating that the DOJ “will proactively work to rescind existing guidance documents that go too far.”30

The Yates Memo policies of targeting individuals responsible for corporate wrongdoing presents challenges to the protective use of corporate indemnity and third-party insurance. The criteria for obtaining cooperation credit pit companies against directors and officers in positions of oversight. Those potentially in harm’s way will want separate legal counsel early in any internal or government investigation, for which they will look to the company for immediate advancement. Third-party insurance may not be available to defray the cost because coverage generally is triggered by a claim for money and often provides only limited coverage, if any, to cover an investigation.

This dynamic increases the importance of careful consideration of potential conflicts that may require separate counsel for various corporate actors, which can spiral into a full-employment-act for lawyers unless carefully managed. At the same time, companies seeking to curry favor with the government may wish to maximize flexibility to refuse advancement to individuals perceived by the DOJ as potential wrongdoers. Of course, there may be legal limitations on a corporation’s ability to refuse advancement.

The impact of the DOJ’s cooperation program tends to make government investigations more complex, extend over a longer period of time, and foster more tension between and among Ds&Os who are under scrutiny and boards of directors or committees that are leading internal investigations. If an investigation leads to self-reporting of a violation of law, or an enforcement action based on, for example, information provided by a whistleblower, it may take longer for companies to settle while individual culpability remains under consideration. To assess the adequacy of D&O defense and protection, companies should reevaluate their indemnification and advancement bylaws, as well as insurance coverage, retention limits, excess coverage, policy language and exclusions, and Side A coverage for individuals.

SEC Policy

The SEC’s policies of pursuing individuals responsible for corporate securities violations have been endorsed under the Trump administration and raise many of the same challenges discussed above. A more recent SEC policy of requiring companies and individuals to admit wrongdoing in some cases as a condition of settlement further negatively impacts the D&O safety nets of indemnity and insurance.

Pursuit of individuals. SEC initiatives launched in 2010 and 2011 encourage individuals to cooperate and report corporate wrongdoing. The 2010 “Enforcement Cooperation Initiative” offers deferred prosecution agreements and non-prosecution agreements in exchange for cooperation,31 while the 2011 Whistleblower Program, implemented pursuant to the Dodd Frank Wall Street Reform and Consumer Protection Act, provides life-changing bounty awards for tips leading to successful enforcement actions, including against compliance officers and other gatekeepers.32

These programs operate in tandem with the SEC’s longstanding policy of encouraging corporate cooperation with SEC enforcement through self-reporting, self-remediation, and punishing and turning over individuals responsible for corporate wrongdoing. The 2001 Seaboard Guidelines, published in an SEC report of investigation, articulate the framework by which the SEC evaluates corporate cooperation, including factors considered in determining whether, and to what extent, the SEC will grant leniency for cooperating.33

These programs appear to be here to stay under the Trump administration, although details may be tweaked. The Whistleblower Program has continued to generate large rewards. An October 2017 SEC report announced that the total awards under the program have reached $162 million to 47 whistleblowers.34 A co-director of the SEC’s Division of Enforcement recently confirmed that the Seaboard Guidelines also will remain in effect, while acknowledging that the SEC should be more specific about the exact benefits of cooperation and provide greater transparency about why cooperation credit is granted or denied.35

Admissions of wrongdoing. In June 2013, then-SEC Chair Mary Jo White announced a shift in policy to seek more admissions of wrongdoing in settlements—a departure from the SEC’s longstanding practice of permitting settling parties to “neither admit nor deny” wrongdoing. According to a March 2015 article in The New York Times, the SEC had generated admissions of culpability in at least 18 different cases involving 19 companies and 10 individuals. In 2017, however, a co-director of the SEC Enforcement Division stated that, while the SEC supports having companies and individuals that admit wrongdoing to other agencies make similar admissions to the SEC, the “harder piece” is deciding whether to continue a policy of departing from the SEC’s “neither admit nor deny” practice.

The SEC’s policies of pursuing individual wrongdoers and seeking corporate cooperation raise the same issues discussed above regarding the DOJ policies of targeting individuals—i.e., more requests for separate counsel, advancement and indemnification, longer investigations, heightened tension between internal investigators and the subjects of investigation, and greater importance of Side A D&O insurance coverage.

Further, an admission of wrongdoing in an SEC settlement limits the ability of a settling director or officer to access corporate indemnity if the admission is deemed to establish non-indemnifiable conduct. Insurance may not be available to fill the gap because coverage for SEC investigations (as opposed to money damages claims) often is not covered or is limited, and there is no coverage for intentional wrongdoing. Ds&Os who admit liability also risk inability to access corporate or insurance funds for defense in parallel or follow on securities litigation, derivative suits and criminal proceedings.

Corporate D&O Litigation

M&A Lawsuits

Until 2016, whenever a public company was sold, the selling company’s board invariably found itself on the receiving end of a class action lawsuit for breach of fiduciary duty to the selling stockholders. So-called “merger objection” lawsuits typically were filed by stockholders of the selling company claiming that the directors and officers breached their fiduciary duties in negotiating the merger price and terms, agreeing to a price that was too low, and approving deficient proxy disclosures. As of the end of 2014, a leading research firm reported that more than 90 percent of merger and acquisition (M&A) transactions above $100 million had ended up in litigation since 2009.36

Historically, most M&A cases were resolved by settlement before the merger closed based on the defendants’ agreement to make additional disclosures or minor adjustments in the deal terms, along with a negotiated fee to the plaintiff ’s attorneys, in exchange for a broad release of D&O liability. Those settlements, until recently, were routinely approved.37 In these early settlements, directors never face a real prospect of out-of-pocket liability exposure.

Recently, however, more M&A cases are being litigated as traditional class actions for money damages after the merger closes.38 This trend has serious liability implications for directors. In order to obtain a judgment for money damages, plaintiffs must prove non-exculpable conduct. This requires proof of self-dealing, bad faith or breach of the duty of loyalty—all of which expose directors to out-of-pocket, non-indemnifiable loss, leaving directors to rely on Side A insurance to fill a potential corporate indemnity gap. It is often unclear exactly what degree of wrongful conduct, however, may be insured.

Two factors are driving the trend toward post-closing merger class actions. First, the Delaware Court of Chancery has taken a stand against broad releases in exchange for “a peppercorn and a fee,” refusing to approve pre-closing nonmonetary settlements. In January 2016, the Court of Chancery embraced the mounting criticism of these settlements and rejected a disclosure-only settlement in In re Trulia Inc. Securities Litigation.39Trulia echoed the analysis in Acevedo v. Aerofl ex Holding Corp., where the Court of Chancery harshly criticized “disclosure-only” settlements stating that they “do not provide any identifiable much less quantifiable benefit to stockholders” and that “ubiquitous merger litigation is simply a deadweight loss.”40 The Court in Aeroflex gave the plaintiffs three choices: (1) declare the claims moot based on the enhanced disclosures and seek attorneys’ fees; (2) propose a settlement limiting release of the directors to Delaware fiduciary duty claims; or (3) litigate the case.41 None of those choices would provide the defendants with broad releases from personal liability.

Second, the trend toward post-closing merger class action cases is fueled by the high potential dollar recovery. Plaintiffs now are filing many of these cases in federal court (to avoid Delaware).42 Although the cases are subject to a high dismissal rate, the rewards of surviving a motion to dismiss are potentially considerable. But again, in order to win a judgment against corporate directors, plaintiffs must establish non-exculpable liability—such as breach of loyalty—which is not indemnifiable by the company. Individual defendants, who usually have parted ways with the company under new ownership, are highly motivated to encourage a class-wide settlement with insurance dollars rather than face risk of personal liability at trial, even on weak or patently unmeritorious claims.

Derivative Suits

Derivative suits against corporate officers and directors historically have presented a low risk of liability for Ds&Os and low returns for plaintiff’s firms. Generally, cases are filed in the wake of securities class actions and settled for minor prophylactic measures, such as corporate governance improvements, and a relatively small fee award. Recently, however, derivative suits have gained traction after high-profile cases resulted in large settlements, including $275 million for Activision Blizzard (2014), $139 million for News Corp. (2013), $137.5 million for Freeport-McMoRan (2015), and $62.5 million for Bank of America Merrill Lynch (2012), among others.43

Stockholders seeking to sue on behalf of a company must establish their standing to assert the company’s claims, which normally are controlled by the board. Stockholders must first make a demand on the board to bring the desired action, or else establish that demand would be futile because a majority of the directors are too conflicted to exercise valid business judgment on a demand.44 In response to a demand, the board must investigate and make a business decision about whether it is in the best interest of the company to take the action demanded. If the demand is refused, courts should defer to the board’s business judgment and dismiss the case without considering the underlying merits of the claims.45

While the odds that plaintiffs will get past the pleading stage in a derivative suit are low, the potential payoff is high, as the settlements cited above suggest. As in the merger litigation context, plaintiffs must prove that defendant directors engaged in nonexculpable wrongdoing (bad faith, breach of loyalty), which generally cannot be indemnified by the company. Further, companies cannot indemnify directors and officers for a judgment of monetary liability in favor of the company, regardless of the theory. Thus, defendants face theoretical out-of-pocket liability in derivative suits. The primary defense strategy is to obtain dismissal based on plaintiffs’ lack of standing, regardless of the underlying merits of the claim. All equal, a settlement funded by D&O insurance is preferable to trial.

Plaintiffs have gained leverage in derivative suits based on recent Delaware decisions that allow more expansive pre-suit stockholder access to “books and records,” enabling plaintiffs to investigate D&O wrongdoing and file better complaints.46 Delaware courts have long encouraged stockholders to use Section 220 of the Delaware General Corporate Law to obtain nonpublic books and records before bringing derivative actions.47 To obtain corporate records, a would-be stockholder plaintiff need only show a “credible basis from which fiduciary misconduct could be inferred.”48

In 2014, the Delaware Supreme Court upheld a Court of Chancery decision enforcing a “books and records” demand by Wal-Mart stockholders to investigate an ongoing Wal-Mart internal investigation of alleged FCPA violations in Mexico. The court required Wal-Mart to comply with demands to search back-up tapes and to produce lower-level officer documents that were never seen by the board and certain privileged attorney-client communications.49 With such extensive information, plaintiffs in theory are better able to craft derivative complaints that stand a chance of survival at the pleading stage.

Coverage and Indemnity Implications

D&O coverage typically is triggered by a demand for money—not by a demand for corporate “books and records” or a demand that a board of directors investigate and bring suit on behalf of a company. Yet, these demands are serious precursors to derivative litigation against D&O defendants. Some D&O policies provide limited coverage to defray corporate costs of the board’s investigation in response to a demand. But this is only part of the cost. Individual Ds&Os who are questioned in the board investigation may seek separate counsel and request corporate advancement and indemnification. If the derivative suit were to result in a judgment in favor of the company, the culpable Ds&Os could not look to the company to defray the cost, and would need to call upon Side A insurance coverage.

Conclusion

If you are a director or officer of a public company, or considering a board position with a public company, it is a good idea to invest in a legal checkup on the company’s indemnification and advancement articles, bylaws, policies and agreements, and a review of its D&O liability coverage.

Endnotes

1 Del. Gen. Corp. Law § 145(c) (emphasis added); Cal. Corp. Code § 317(d) (emphasis added); Cal. Lab. Code § 2802 (mandating indemnification of employees for expenses incurred in the discharge of lawful duties).

2 Del. Gen. Corp. Law §§ 145(a) and (b); Cal. Corp. Code § 317(b).

3 Del. Gen. Corp. Law § 145(e); Cal. Corp. Code § 317(f).

4 Del. Gen. Corp. Law § 145(f); Cal. Corp. Code §§ 317(g) and (i).

5 Del. Gen. Corp. Law § 102(b)(7); Cal. Corp. Code § 204.

6 Del. Gen. Corp. Law § 145(g); Cal. Corp. Code 317(i).

7 The 1995 Private Securities Litigation Reform Act preempted state securities laws in class actions alleging securities fraud. 15 U.S.C. § 78u-4.

8 Tellabs, Inc. v. Makor Issues & Rights, Ltd., 551 U.S. 308 (2007).

9 Cornerstone Research, Securities Class Action Filings, 2017 Midyear Assessment, available at https://www.cornerstone.com.

10 Section 11, 15 U.S.C. § 77k; Section 12, 15 U.S.C. § 77l.

11 Section 11(b)(1); 15 U.S.C. § 77k(b)(1); Section 12(a)(2), 15 U.S.C. § 77l(a)(2).

12 Cyan, Inc. v. Beaver County Employees Retirement Fund, Case No. 15-1439.

13 The Securities Litigation Uniform Standards Act of 1998, Pub. L. No. 105-353, 112 Stat. 3227, was designed to preempt state jurisdiction over securities fraud class actions, and was widely understood to apply to claims under the Securities Act of 1933, superseding federal law conferring concurrent state and federal jurisdiction. Compare 15 U.S.C. § 77v with 15 U.S.C. §77(p) (SLUSA).

14 Under the “internal affairs doctrine,” the law of the state of incorporation governs the rights and duties among corporate constituencies. Edgar v. MITE Corp., 457 U.S. 624, 645 (1982). By statute, California law regulates director conduct and other internal affairs of companies that merely do business in the state. Cal. Corp. Code § 2115.

15 Gantler v. Stevens, 965 A.2d 695, 708-09 (Del. 2009).

16 Cal. Corp. Code § 309 (the standard of care is ordinary negligence – action “with such care, including reasonable inquiry, as an ordinarily prudent person in a like position would use under similar circumstances.”). Directors, however, are immune from liability if they act in good faith and in reasonable reliance on others, which is tantamount to a gross negligence standard. Katz v. Chevron Corp., 22 Cal. App. 4th 1352, 1366 (1994).

17 FDIC v. Perry, No. CV 11-5561 ODW (MRWx) (C.D. Cal. Dec. 13, 2011); Gaillard v. Naomasa Co., 208 Cal. App.3d 1250, 1264 (1989).

18 Cal. Corp. Code § 309; Lee v. Insurance Exch., 50 Cal. App. 4th 694 (1996); Aronson v. Lewis, 473 A.2d 805, 812 (Del. 1984).

19 In re Caremark Int’l Deriv. Litig., 698 A.2d 959, 967 (Del. Ch. 1996) (emphasis in original).

20 In re Walt Disney Co. Deriv. Litig., 906 A.2d 27, 74 (Del. 2006); see also In re Walt Disney Co. Derivative Litigation, 907 A.2d 693, 749 (Del. Ch. 2005) (“waste is very rarely found in Delaware courts … . committing waste is an act of bad faith”).

21 In re Dole Food Co. Stockholder Litig., 2015 Del. Ch. LEXIS 223, at *129 (Aug. 27, 2015).

22 Id. at *129-30 (quoting McGowan v. Ferro, 859 A.2d 1012, 1036 (Del. Ch. 2004)).

23 See Guth v. Loft, 5 A.2d 503, 510 (Del. Ch. 1939).

24 In re Caremark Int’l Inc. Deriv. Litig., 698 A.2d 959, 967-968 (Del. Ch. 1996); see also Stone v. Ritter, 911 A.2d 362, 365 (Del. 2006) (confirming that “Caremark articulates the necessary conditions for assessing director oversight liability”).

25 Caremark, 698 A.2d at 970.

26 Id. at 971.

27 Sally Quillian Yates, Individual Accountability for Corporate Wrongdoing, Dep’t of Justice, available at http://www.justice.gov/dag/file/769036/download.

28 Sharon Oded, “Yates Memo – Time for Reassessment?,” Compliance and Enforcement, available at https://wp.nyu.edu/compliance_enforcement/2017/04/20/yates-memo-time-for-reassessment/#_edn4.

29 Kevin LaCroix, “Deputy AG Emphasizes Continued Individual Accountability for Corporate Misconduct,” D&O Diary blog, October 31, 2017 available at https://www.dandodiary.com/2017/10/articles/director-andofficer-liability/deputy-ag-emphasizes-continuedindividual-accountability-corporate-misconduct/.

30 Attorney General Jeff Sessions Ends the Department’s Practice of Regulation by Guidance, press release (Nov. 17, 2017), available at https://www.justice.gov.

31 SEC Spotlight, “Enforcement Cooperation Program,” available at https://www.sec.gov/spotlight/enforcementcooperation-initiative.shtml.

32 The SEC’s website announces huge awards. https://www.sec.gov/spotlight/whistleblower-awards. See https://www.sec.gov/spotlight/dodd-frank/whistleblower.shtml (background of the Whistleblower program).

33 Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934 and Commission Statement on the Relationship of Cooperation to Agency Enforcement Decisions, https://www.sec.gov/litigation/investreport/34-4969.htm.

34 SEC Press Release, October 12, 2017, available at https://www.sec.gov/news/press-release/2017-195.

35 Andrew Ramonas, “SEC Should Clarify Path to Cooperation Perks in Cases: Official,” Bloomberg BNA, Oct. 26, 2017, available at https://www.bna.com/sec-clarify-path-n73014471401/.

36 Cornerstone Research, Shareholder Litigation Involving Acquisitions of Public Companies, Review of 2014 M&A Litigation, at 1, available at https://www.cornerstone.com [“2014 M&A Litigation”].

37 Acevedo v. Aeroflex Holding Corp., C.A. No. 7930-VCL, transcript of settlement hearing at 63-65, July 8, 2015 (Laster, V.C.) (quoting Solomon v. Pathé Communications Corp., 1995 Del. Ch. LEXIS 46, C.A. No. 12,563 (Del. Ch. Apr. 21, 1995) (Allen, C.)).

38 2014 M&A Litigation, supra note 37, at 1.

39 In re Truvia Inc. Sec. Lit., 129 A.3d 884 (2016).

40 Acevedo v. Aeroflex Holding Corp., No. 7930-CVL, at 63-65 (transcript of settlement hearing).

41 Id. at 74-76.

42 Cornerstone Research, Securities Class Action Filings, 2016 Year in Review, at 11-12, available at https://www.cornerstone.com.

43 See Kevin LaCroix, Largest Derivative Lawsuit Settlements, D&O Diary blog, Dec. 5, 2014, available at http://www.dandodiary.com/2014/12/articles/shareholdersderivative-litigation/largest-derivative-lawsuitsettlements.

44 See Aronson v. Lewis, 473 A.2d 805, 818 (Del. 1984) (holding that a stockholder may pursue a derivative suit in the absence of a pre-suit demand on the corporation’s board of directors only if the stockholder’s complaint contains allegations of fact sufficient to create a reasonable doubt (1) that the directors are disinterested and independent or (2) that the challenged transaction was otherwise the product of valid business judgment).

45 See, e.g., Cuker v. Mikalauskas, 692 A.2d 1042, 1045 (Pa. 1997) (the BJR permits the board of directors of a Pennsylvania corporation to reject a demand or terminate a derivative suit brought by the corporation’s stockholders); Zapata Corp. v. Maldonado, 430 A.2d 779, 788 (Del. 1981) (describing standard and proceedings in Delaware for dismissal of derivative claims based on the business judgment of an independent committee).

46 For example, the court in King v. VeriFone Holdings, Inc., 12 A.3d 1140 (Del. 2011), enforced an inspection demand under Delaware General Corporate Law section 220 in order to enable stockholders to take discovery and file a better derivative complaint after the first was dismissed for failure to plead that a pre-suit demand on the board would have been futile.

47 VeriFone Holdings, 12 A.3d at 1150 n.64 (citing cases).

48 Polygon Global Opportunities Master Fund v. W. Corp., 2006 Del. Ch. LEXIS 179 (Oct. 12, 2006).

49 Walmart v. IBEW, No. 13-614 (Del. July 23, 2014).

Corporate Governance and Change

Corporate Governance and Change

A Quick Review Of Basics

By: Saul Winsten,General Counsel
The Winsten Group.Trusted Counsel LLC.
A national Legal, Business, and Corporate Affairs firm
thewinstengroup.com

What is “Governance”?

Governance has been defined in different ways. For our purposes, corporate governance may be understood to mean the system, processes and relationships by which a corporation is controlled and directed. Boards of Directors are responsible ultimately for governance, the control and direction of the corporation they serve.
For brevity our discussion will focus on this topic as applied to closely-held and family-owned business corporations.

What has changed?

With ever increasing market competition, and pace and magnitude of technological change, the challenges encountered by closely-held and family-owned businesses and their Boards have grown. The traditional or legacy structures for governance, or legacy leadership may no longer be appropriate. New governance structure, processes, and leaders may be called for.

Questions concerning governance often include questions concerning the role and responsibilities of the Board, and how governance may be evolving in response to change. Below is a quick review of basic principles, and of some increasingly common business adaptations to change.

Basic Principles:

The Role and Responsibilities of Boards

Board responsibilities are separate from those of management. Boards are not to manage the business; executive management has that responsibility. The Board’s role and its responsibilities include:

1.To advise and consult with management on corporate strategy, operational performance & effectiveness, key performance metrics, executive performance and compensation, risk management, and growth and change matters
2.To provide oversight of and approve corporate strategy and strategic plans, major
acquisitions and divestitures, management and business performance, strategic matters,
company resource planning and needs, legal compliance, protection of assets, budget and
significant financing, mergers, and corporate reorganizations
3.To plan for executive and Board succession, select new executives, and
recommend new Board members

Board Requirements

Boards and Board members must act solely in and for the interest of the corporation. Board members should be qualified to carry out Board responsibilities, be informed and knowledgeable of matters that may come before the Board, exercise prudent business judgement, and act free from conflicts of interest that compromise such action and judgement.

Fiduciary Duties

Boards of Directors and individual Board Members have “Fiduciary Duties”, to act prudently, in and for the interest of the business and shareholders, with care, honesty, prudence, and in good faith.

The primary fiduciary duties have been referred to as “Duty of Care”, and “Duty of Loyalty”. Some courts and securities regulation also refer to a “Duty of Candor” or “Duty of Disclosure”. Various courts have identified and discussed specific aspects of these duties.

The “Duty of Care” requires Board members act with knowledge of the pertinent facts and circumstances, with care, after due consideration of all relevant information.

The “Duty of Loyalty” requires Board members act in the best interests of the corporation and shareholders, and to ensure that actions are taken in good faith.

“Good Faith” has been defined by Black’s Law Dictionary as requiring Board members act with “(1) honesty in belief or purpose, (2) faithfulness to one’s duty or obligation, (3) observance of reasonable commercial standards of fair dealing in a given trade or business, (4) absence of intent to defraud or to seek unconscionable advantage”.

Liability for Breach of Fiduciary Duties

Boards and individual Directors have been found liable for breach of their fiduciary duties.

Defense to Claim of Breach of Fiduciary Duties

A defense to an action against a Board for Board action is sometimes called “the business judgement rule”. Under that rule, a court generally will not “second guess” a Board decision if the Board: (i) followed a reasonable and informed process; (ii) took into account all relevant facts and circumstances; and (iii) made its decision” in good faith”.

Adaptations to Change
These include but are not limited to:

Enhanced Board “on-boarding” and education

To properly prepare new Board members for joining the Board and carrying out Board responsibilities, businesses and organizations are paying increasing attention to proper orientation, introduction and education of Board members. The need for such action increases with the size of the organization, complexity of the organization and its activities, demands of shareholders and stakeholders, and the nature and complexity of risks to which the organization is subject.

Use of Board Committees:

As the quantity and complexity of matters that Boards are to act upon have increased, the use of committees and the need for enhanced committee and Board expertise has increased.

Some matters, particularly complex matters requiring special expertise, are increasingly delegated to committees of the Board, which in turn make recommendations for Board deliberation and action. Committees such as Compensation, Audit, Governance, and Nominating, among others, are common.
Many Boards have an Executive Committee of corporate officers, who are tasked with developing recommendations on policy and other matters for Board action.

Matters requiring special expertise may be delegated to a committee which includes members with that special expertise.

An example of a committee tasked with matters requiring special expertise is the Audit Committee. This committee is charged with developing recommendations concerning matters concerning accounting policies, financial reporting, and other audit related matters. It is responsible for oversight of the independent auditor, internal financial control policies, financial risk management policies, and the performance of the internal audit function.

Another example is the Nominating and/or Governance Committee where identification of desired qualified candidates for Board service, selection of nominees for Board positions, governance standards and processes, Board and CEO evaluation may be discussed and recommendations made.

Other committees requiring specialized knowledge may be used by a business’ Board. These include Cybersecurity, Technology, Legal, Finance, Strategic Planning, M&A, HR, Ethics/Corporate Responsibility, and Environmental Committees, for example.

Addition of Independent and Specially Qualified Directors:

Another response increasingly used by Boards of closely held businesses, including family-owned or managed businesses, is the addition “Independent Directors” to their Boards. These Independent Directors assist the Board in carrying out its responsibilities by bringing independent thought, needed specialized expertise, and special perspective to those Boards. Examples of the knowledge and expertise sought and retained for Independent Directors include proven industry and outside business leadership, legal, finance, technology, cybersecurity, and other specialized expertise.
Some courts, notably Delaware, have addressed the issue of what makes a Board member “independent”.

Use of Board Counsel

Some larger businesses and organizations have retained special Board Counsel to provide independent advice and guidance on Board and governance matters of special concern. Board Counsel have been found especially useful where perspective, guidance, and advice independent of Board or executive leadership relationships, is desired.

Conclusion

Governance changes are driven by a number of factors. Growth, market competition, disruptive technology, regulatory requirements, and succession generated dynamics for example, may compel a company to change the way it does business, manages risk, and the way it is governed.
Businesses and organizations that will succeed are those prepared for change.

Heads Up: Board of Directors, Resignation from the Board, Duty of Loyalty.

When a venture capital fund invests in an emerging growth company, it typically seeks to protect its investment by obtaining the right to designate a member of the Board of Directors. While many of these individual designees are experts in their field and have vast networks of valuable relationships at their disposal, a newly designated director may be unfamiliar with the duties imposed on him should he want to resign. Paul Hastings Client Alert

March 2017 Follow @Paul_Hastings

Resigning From a Board of Directors:Considerations for VC Fund Designees
By Samuel A. Waxman, Jordan L. Goldman & Brooke Schachner

When a venture capital fund invests in an emerging growth company, it typically seeks to protect its investment by obtaining the right to designate a member of the Board of Directors. While many of these individual designees are experts in their field and have vast networks of valuable relationships at their disposal, a newly designated director may be unfamiliar with the duties imposed on him should he want to resign.

Delaware law generally gives the Board of Directors broad authority to manage the business affairs of a corporation. Although this level of discretion is generally extended to the ability to resign, there are various factors that should be considered when weighing the value of keeping a seat against the potential turmoil and liability associated with resignation. Designated directors often reflexively consider resignation when the company has run out of money or is heading into the so-called “zone of insolvency” out of fear of personal liability. Resigning at this point, however, may actually give rise to the very liability the director was seeking to avoid. As a result, it is important for a director to know when he can resign versus when he should resign.

I. The Benefits of Sitting on a Board: A Seat at the Table
The best way for a venture capital fund to remain informed and maintain influence on a company’s decision-making is to hold a seat on the Board. Directors have the power to vote on matters mandated by Delaware law, the certificate of incorporation, or the investment documents that affect material aspects of the business and its stakeholders. For example, Board approval may be necessary for: amendments to the certificate of incorporation and bylaws; equity grants or transfers (whether stock, options, or warrants); distributions to stockholders; borrowing or lending money; adopting an annual budget; hiring or terminating members of senior management (or amending their terms of employment); adopting employee benefit plans; a sale of material assets of the company; adissolution of the company; and/or entering into agreements and transactions of material importance to the company (intellectual property licenses, mergers, or IPOs).

This remains true even if the investment has gone sour. Directors will continue to have say over bridge financings, the direction of DIP loan packages, and other key decisions that need to be made by a company in distress.

II. Should I Stay or Should I Go?
Under Delaware law, a director generally may resign at any time, unless the certificate of incorporation or bylaws require otherwise. Notably, however, a director may not resign when doing so would constitute a breach of the duty of loyalty.

A. Duty of Loyalty
Directors have a duty to act in the best interests of the shareholders—personal benefit is secondary, even if management is making questionable choices. For example, simply resigning upon discovery of flagrant crimes committed by corporate insiders, without attempting to rectify the issue, may constitute a breach of the duty of loyalty. In In re Puda Coal Shareholders’ Litigation, a CEO was accused of theft through unauthorized transfers which went unnoticed for 18 months. A third party brought the suspected criminality to the attention of the independent directors, but the directors were “stonewalled” by management when they attempted to bring suit. So, the independent directors resigned from the Board. The Delaware court was critical of the directors’ decision to resign rather than cause the company to join a related derivative suit, stating that simply resigning at that point (while the company was in hot water) might be a breach of the duty of loyalty.

Similarly, in Rich v. Chong, another Delaware case, the court determined that ignoring numerous red flags and resigning from the Board may have constituted an abdication of the directors’ duties. In this case, the company completed its public offering in 2009. In 2010, it revealed discrepancies in its financial statements, and in 2011, auditors discovered a $130 million cash transfer to third parties in China. A 2010 stockholder suit urged the company’s audit committee to investigate, but the investigation was abandoned in 2012 due to management’s failure to pay the fees incurred by the audit company’s advisors. The company also failed to hold an annual stockholder meeting for several years despite a 2012 court order to do so. The independent directors subsequently resigned. Chiding the directors, the court stated that “the conscious failure to act, in the face of a known duty, is a breach of the duty of loyalty.”

Directors of companies with foreign operations, moreover, are subject to a heightened fiduciary duty. Delaware Supreme Court Chief Justice Strine’s view on local companies with foreign operations is that a director’s required engagement is even more strenuous (e.g., traveling to that foreign country, having language skills, and knowing the culture).

B. Reasons for Resignation
A director may want to resign from his position on the Board for several reasons. If the company breaks the law or materially breaches its bylaws or shareholder agreements, without immediate rectification, a director may consider resignation. In addition, a director may deem it necessary to resign over disagreements among the Board members. Deadlocks and discord can severely impede progress—a particular concern for growth companies. While discussion and debate is healthy for an effective Board, intractable differences of opinion about the company’s future can stall innovation and stifle success. Similarly, a fundamental opposition to some of the company’s major practices could be reason enough to step away.

Designees are often selected for board seats because of their expertise in a particular field and their vast network of connections. However, a conflict of interest may arise as a result. If conflicts of interest persist and become irreconcilable, a director’s exit might be best for all parties involved. Still, a director’s fiduciary duties to the corporation and its shareholders must be at the forefront of one’s concerns, and if an exit may constitute a breach of the duty of loyalty, directors must think twice
2
about resignation. In addition, while the director himself may not have a personal conflict, a designated director might wish to resign if the fund they represent is going to engage in certain debt financing transactions with the company.

Additionally, a director may want to resign if he is unable to obtain adequate protection against personal liability. A director should ensure that the company has a sufficient director and officer (“D&O”) insurance policy and an indemnification agreement in place that protects individual directors. It is important to make sure D&O policies have a proper tail so that directors are still covered even after they leave the Board. A director is often best served staying on the Board as long as possible to make sure that the D&O insurance is kept in place at the expected levels and/or to best negotiate a tail on his exit. Without appropriate D&O insurance, directors may face liability for certain claims against the corporation. Notably, a recently enacted California law includes directors in the group of individuals that may be held personally liable for unpaid final wages. While a director may be covered by insurance or indemnification in this instance, it is important to be aware of state laws that may subject corporate agents to additional liability.
Finally, evidence that management is not acting in the best interests of the shareholders may be cause for a director’s resignation. But again, a director has to be sure that his exit does not unduly harm the company or breach a fiduciary duty owed to the shareholders.

III. Practice Tips for the Director Pondering Resignation
When considering resignation, a director must act in the best interests of the company. Current or potential directors should research whether there are any unusual restrictions on resignation in the certificate of incorporation or bylaws or unusual internal procedures and policies.

Moreover, a director should take specific steps upon the discovery of illegality or malfeasance, namely:
1. A director’s first duty is to take reasonable steps to stop any ongoing legal or ethical violations.
2. If met with stonewalling, the director should seek independent legal counsel.
3. A director who decides to resign may want to submit a written statement to the chairman for circulation to the Board and possibly to the shareholders.
Following these general steps will ensure that a director can leave a Board while guarding against potential liability. The decision to resign from a Board must not be made flippantly. Facts and circumstances will rule the day; regardless, a director must always mind his fiduciary duties to the company and its shareholders.


Heads Up: Boards, Businesses, Leaders- CyberSecurity, Risks and Responsibility, Heightened Requirements.

Dickinson Wright

Corporate boards recognize that cybersecurity is and will remain a high priority because of the attendant risks on so many levels. And two recent matters – one a case and the other a high profile internal investigation – portend that an imminent frontier in corporate monitoring will be cybersecurity.

Cybersecurity is “hot” and will stay “hot” for corporations, executives, regulators, law enforcement and legislators. Rarely is there a corporate compliance discussion in 2017 where cyber isn’t “the” topic or a material part of the discussion. Corporate boards recognize that cybersecurity is and will remain a high priority because of the attendant risks on so many levels. And two recent matters – one a case and the other a high profile internal investigation – portend that an imminent frontier in corporate monitoring will be cybersecurity.

Recent governmental attention to corporate cybersecurity programs suggests strongly that cyber oversight will be the next priority area for corporate compliance monitoring. The Securities and Exchange Commission (SEC), for example, announced in January 2017 that cybersecurity compliance procedures would be a key focus for its Office of Compliance Inspections and Examinations (OCIE) this year.i OCIE previously announced cybersecurity as a priority for its 2016 examination program,ii tracking its September 2015 cybersecurity examinations initiative.iii Considering prior enforcement actions by the SEC against investment advisors and broker-dealers to address allegedly inadequate cybersecurity policies that enabled data breaches, the SEC’s announcement is no surprise. Similarly, the Federal Trade Commission (FTC) has been flexing its enforcement muscle through actions alleging that policy failures led to the exposure of confidential consumer information.iv These actions consistently result in settlements that impose cybersecurity enhancements designed to prevent similar future incidents. In the absence of an informed and sufficient monitoring program, however, it is difficult to assess effectively whether the corporations are implementing the negotiated settlements properly and, perhaps more importantly, as expected by the agency.

The SEC has a well-established track record for using independent corporate monitors across a broad range of cases. The FTC, on the other hand is in its infancy doing so, somewhat surprisingly. In a September 2016 settlement, the FTC jumped into the monitorship space by imposing a monitor to ensure compliance with a settlement that required a company to change fundamentally its compensation structure by rewarding actual sales rather than recruitment of new distributors. Although that FTC settlement did not present a cybersecurity issue, the FTC nevertheless set the stage to connect monitorships with the agency’s already active regulatory attention to cybersecurity matters. An example of such an opportunity presented on March 1, 2017 when Yahoo announced, in its Form 10-K filed with the SEC,v that as a result of an internal investigation associated with three cybersecurity incidents – including the theft of data from more than one billion accounts – the Company “took certain remedial action, notifying 26 specifically targeted users and consulting with law enforcement.” The 10-K describes the cyber-centric “other remedial actions” as follows:

The Board has directed the Company to implement or enhance a number of corrective actions, including revision of its technical and legal information security incident response protocols to help ensure: escalation of cybersecurity incidents to senior executives and the Board of Directors; rigorous investigation of cybersecurity incidents and engagement of forensic experts as appropriate; rigorous assessment of and documenting any legal reporting obligations and engagement of outside counsel as appropriate; comprehensive risk assessments with respect to cybersecurity events; effective cross-functional communication regarding cybersecurity events; appropriate and timely disclosure of material cybersecurity incidents; and enhanced training and oversight to help ensure processes are followed.

The 10-K also references 43 related class action lawsuits and the company’s cooperation with the SEC, the FTC, the United States Attorney’s Office for the Southern District of New York, and two State Attorneys General. Additionally, the General Counsel and Secretary resigned, receiving no severance payments. Moreover, the CEO gave up $12 million in stock and did not receive her 2016 cash bonus. It is easy to see where breaches and remediation as Yahoo disclosed could become the door-opener for a cybersecurity monitor.

Traditional corporate monitoring models allow for the implementation of an independent monitor to oversee an organization’s compliance with imposed obligations over a period of time. Independent monitors, by operation of the monitorship agreement, typically receive access to the subject company’s personnel, files, books, and records that fall within the scope of the settlement agreement and have authority to take necessary steps to become fully informed regarding the monitored company’s operations, within the parameters of the agreement. The independent monitors also are free to communicate with the regulatory body (or agency) regarding the monitored company’s corrective measures (or lack thereof). If the subject organization is found not to have complied with the terms of the settlement (i.e., not adhering to the compliance and other policies, procedures and steps designed to remediate and correct the conduct that gave rise to the settlement), then penalties can be assessed, including reinstitution of the criminal or regulatory action(s), and extension of the monitorship. And, particularly in the cybersecurity area, systems vulnerabilities easily can challenge the test of compliance with the settlement terms.

Cybersecurity-related regulatory actions, however, usually do not follow this model. Instead, many cybersecurity settlements and consent orders mandate only that independent third-party professionals periodically assess and report on the implementation of information privacy and cybersecurity safeguards. Because cybersecurity settlement agreements do not typically include an active independent monitor with the requisite background and experience to assess an organization’s remedial cybersecurity measures on a granular level, the benefits of an imbedded qualified professional to ensure true remediation are absent from the impacted company. Ideally, a cybersecurity monitor would and should have through knowledge, skill, training, experience, or education sufficient up-to-date technical expertise and a measurable level of experience – preferably a minimum of five years of demonstrable experience dealing with cybersecurity or incident responses – to act in a cyber-monitoring capacity. Also, the cybersecurity monitor should hold a minimum of one relevant technical certification. Instead, the present norm is the less beneficial periodic spot-checking undertaken by professionals who likely do not have the level of knowledge of the organization or an in-depth appreciation of the issues surrounding what gave rise to the settlement and need for remediation in the first place.

This seemingly minimalist approach to corporate cybersecurity monitoring is surprising because proper implementation of cybersecurity safeguards is, by design, meant to be tailored to a specific organization. It is not always clear, however, that proper implementation necessarily will satisfy regulators’ expectations. For example, many experts view the National Institute of Standards and Technology’s Framework for Improving Critical Infrastructure Cybersecurity (the “Cybersecurity Framework”) to be a benchmark for modern digital security implementation standards. In a seeming inherent contradiction, the FTC has opined that (1) the Cybersecurity Framework is not something with which an organization can “comply,” and (2) even if an organization follows the NIST Cybersecurity Framework (which the FTC describes as “a set of industry standards and best practices to help organizations identify, assess, and manage cybersecurity risks”), then that does not necessarily mean an organization’s cybersecurity policies will withstand regulatory scrutiny.vi Additionally, cybersecurity enforcement actions often are precipitated by incidents exposing sensitive third-party information, which in turn result in the near inevitable perceptions of an absence of cybersecurity buy-in from management teams and a failure to fully appreciate various cybersecurity risk vectors. Periodic spot-checks of corporate policies, and even implemented practices, can miss these issues; meanwhile, an independent and informed monitor with appropriate in-depth knowledge of a company’s remedial efforts undertaken pursuant to a settlement agreement would be well-positioned to identify and remediate corporate deficiencies while simultaneously satisfying regulators’ expectations.

Properly addressing modern and emerging corporate and regulatory cybersecurity concerns demands a new compliance prism and model as part of settlement agreements with government agencies. Rather than simply accepting periodic external assessments, matters involving cybersecurity should be addressed more effectively through the use of a cyber-knowledgeable independent corporate monitor. That monitor will be able to appreciate the technical cyber and substantive needs of the subject company, have intimate knowledge of that company, and understand the goals and objectives of the regulatory body with the cyber-compliance expectations. Equally important is that the monitor will be in a position to ensure – from an informed position – that the company implements proper cybersecurity practices, and the Board, management and staff receive appropriate cyber-training. Thus, the not-too-distant future is now for cybersecurity monitoring and monitors.

i U.S. Securities & Exchange Commission, SEC Announces 2017 Examination Priorities (Jan. 12, 2017), https://www.sec.gov/news/pressrelease/2017-7.html

ii U.S. Securities & Exchange Commission, SEC Announces 2016 Examination Priorities (Jan. 11, 2016), https://www.sec.gov/news/pressrelease/2016-4.html

iii U.S. Securities & Exchange Commission, OCIE’s 2015 Cybersecurity Examination Initiative (Sept. 15, 2015), https://www.sec.gov/ocie/announcement/ocie-2015-cybersecurity-examination-initiative.pdf

iv E.g., Federal Trade Commission v. Wyndham Worldwide Corporation, 799 F.3d 236 (3d Cir. 2015); Federal Trade Commission v. D-Link Corp., No. 3:17-cv-00039 ((N.D. Cal. Compl. filed Jan. 5, 2017))

v https://www.sec.gov/Archives/edgar/data/1011006/000119312517065791/d293630d10k.htm

vi See Andrea Arias, Fed. Trade Comm., The NIST Cybersecurity Framework and the FTC (Aug. 31, 2016), https://www.ftc.gov/news-events/blogs/business-blog/2016/08/nist-cybersecurity-framework-ftc

Boards and Business Executives Beware- Possible Liability For Data Breach

Publication By Michael Best
Albert Bianchi, Jr.Michelle L. Dama, Adrienne S. Ehrhardt
MARCH 3, 2017CLIENT ALERT

Executives and Board Members Could Face Liability for Data Breaches

Executives and Board Members Could Face Liability for Data Breaches
By now, most everyone is aware that Yahoo was hacked in both 2013 and 2014 and had names, passwords, and other account data of between 500 million and one billion of its users stolen. Following the breach, various class action lawsuits brought against Yahoo by consumers and small business users of Yahoo ensued. The stolen data and lawsuits also caused Verizon to reduce its offer to purchase Yahoo by $350 million. Unfortunately for Yahoo, its inability to protect private account data has led to additional negative consequences.
In late February 2017, a group of Yahoo shareholders, guided by the Oklahoma Firefighters Pension and Retirement System, sued Yahoo, as well as some of its executives and board members, including the chairman of its Board of Directors, co-founder, and current CEO, for breach of their fiduciary duty to the shareholders stemming from the stolen account data. Although the complaint is sealed (and thus unavailable to the public), the lawsuit, which appears to be the first of its kind, seems to assert that Yahoo and its executives breached their fiduciary duty to shareholders by failing to disclosure the data security breaches to Yahoo account holders.
This lawsuit will be one to keep an eye on to see whether a failure to properly handle a data breach, and possibly even the data breach itself, can be considered a breach of a fiduciary duty to shareholders. Although this case appears to be the first of its kind, if it continues moving forward, it will undoubtedly spur like cases for other similarly situated entities that have suffered a security breach.
Other businesses that have been hacked and had personal account data stolen may be next in line for similar shareholder lawsuits. As such, the shareholder suit against Yahoo and its executives is yet another warning of how important it is for business to approach the need to properly protect personal data seriously. Whether its employee or customer information, businesses need to be on their guard and prepared to prevent and handle data breaches.

Improving Family Owned Business Boards And Governance With Addition of Specially Qualified Independent Directors

This article originally appeared in The Family Business Boardroom quarterly newsletter.

Seven Steps to Recruiting Value Add Independent Directors
director_recruiting_final
© The Family Business Consulting Group
By Anne Hargrave

The Addition Of Specially Qualified Independent Directors To Family Owned Business Boards and Improved Governance Processes Is Increasingly Common, and Of Interest To Successful Family Owned Businesses.

Incorporating independent directors into a family firm’s board is considered one of the standards for family business success. The prospect of finding independent directors who can both challenge business leaders and represent ownership interests can be daunting. Following these seven steps will help identify directors who will add value to the family business enterprise.

1. Establish a Nominating Committee
Identify three to four people to manage the director search process and recommend candidates to the board, which is responsible for electing a new director. The nominating (or governance) committee can facilitate an inclusive process, incorporating stakeholder perspectives to identify candidates who will support the needs of the business and the shareholders.

2. Collect Stakeholder Opinions
Soliciting stakeholder opinions on the characteristics of a new director gives participants an opportunity to express their point of view and will make it easier to accept the ultimate conclusion of the board. It is helpful to:

Review strategic challenges and board member expertise – Consider how your industry is evolving and the degree to which the business is prepared. What parts of the strategic plan are new territories for management? What skills might a new director have to support management in executing the plan?
Assess the board’s culture and function – Clarify what you would like to maintain and what you would like to change. Consider the impact of near term retirements on the board’s culture and whether you are seeking a director who might become the chair in the future. What director characteristics are important to enhance the board’s functioning?
Consider family and shareholder dynamics – Independent directors who build relationships with shareholders, spouses and future shareholders can be valuable in creating alignment between the board and shareholders. What characteristics will be important for a new director to relate well with shareholders?
Explore potential added value for management – Ask management to identify specific skills in a new director that will be helpful to them. Taking into consideration the board’s view of management’s opportunities for growth, what attributes might a new director have to mentor to management?
3. Create a Board Prospectus
As a tool for recruiting new directors, the prospectus outlines important factors about the business and the expertise desired, including:

A summary of the business’ history, products, markets served, strategic focus and size
Rationale for seeking a new director
Board structure, including number of independents, committees, meeting frequency and board fees
Board responsibilities
Desired director experience, attributes and education
4. Solicit and Review Candidate Pool
The nominating committee manages a process of circulating the prospectus to colleagues, advisors and personal contacts requesting candidate referrals. They collect and review candidate resumes to establish a pool of candidates whose background aligns with the prospectus, at least on paper. Using a firm experienced in searching for family business directors can be helpful in expanding the candidate pool.

5. Conduct Interviews
The nominating committee then narrows the candidate field incrementally until a qualified director has been identified. It is helpful to break the interviewing process into the stages noted below to compare candidates and share thinking about the right fit for the board.

a) Provide candidates with the prospectus and confirm their interest.
b) Interview each candidate via telephone.
c) Review the interview outcomes and identify a small group of candidates for in-person interviews.
d) Invite candidates to meet in person with nominating committee members.
e) Review the in-person interview outcomes, determining whether you have the right candidates to choose amongst. If so, move forward.
f) Consider the value of additional interviews or a chemistry fit social gathering with key stakeholders for the final candidates.

6. Decide
When you have identified a board candidate whom you believe has the right skills, values and cultural fit, extend an invitation. At that time determine whether or not the candidate is interested in accepting, contingent upon reference checks.

7. Conduct Reference Checks
Conduct reference checks and any additional vetting to confirm the candidate’s value add to other boards, their level of expertise, and, if they have had family business experience, the manner in which they were helpful to the family and business system.

Boards Of Directors in 2017: 5 Trends To Be Aware Of.

Previously posted in Private Company Director Magazine

The Responsibilities Of Boards Continue To Increase, Demanding Increased Director Awareness and Understanding Of Developments Likely To Impact That Business.

2017 Board of Directors Predictions: 5 Trends to Watch
By Brian Stafford

“For board members and directors tasked with guiding their companies through these changes and the complexities that could arise in the aftermath of 2016, change is needed in the boardroom as well. From expanding skillsets to greater accountability for brand reputation and issues management, here are five of the top trends that will make the biggest impact on boards in 2017”.

2016 was a year marked by significant changes—stunning political upheavals via Brexit and our own controversial new President-elect; a growing number of big-ticket, multi billion dollar M&A deals amid massive enterprise court battles, particularly in the technology sector; evolving regulations and proposed governance standards; as well as persistent and increasingly destructive cyber security attacks, threatening everything from the outcome of the U.S. election to the sale of Yahoo to Verizon for $4.8 billion.

For board members and directors tasked with guiding their companies through these changes and the complexities that could arise in the aftermath of 2016, change is needed in the boardroom as well. From expanding skillsets to greater accountability for brand reputation and issues management, here are five of the top trends that will make the biggest impact on boards in 2017.

Prediction 1: Individual Accountability Becomes a Focus

Board members will be measured by more than just collective financial performance, but also for their personal effectiveness, diligence, ethical quotient (EQ) and contribution to the corporate brand. Thus, it will be imperative for board members to evaluate the security of their confidential digital communications (both personal and professional), and adopt modern best practices designed to protect the integrity of sensitive information, and ultimately, the brand’s reputation.

Prediction 2: Diverse Board Members Wanted (& Needed)

Boards have often been criticized for lacking the diversity and modern skillsets needed to compete in today’s fast-paced and technology-driven business world. However, in order to both solve complex challenges facing businesses today, as well as capitalize on market opportunity globally, more diverse views, experiences and skill-sets in the boardroom are needed.

This evolution will revolve around three key areas:

1. More women as directors
2. Board members with varied skill sets (such as technology and security)
3. Unwavering commitment to technological adoption in the boardroom, and across the enterprise.

Prediction 3: Greater Accountability Calls for Improved Collaboration

In 2017, board members must also have more transparency, authority and collaboration to advise and make key decisions in tandem with company decision makers.

As the level of accountability grows, there will need to be a redistributed line between the board and executive management. This new redistribution will also guide how the board interacts with activist investors, shareholders and each other.

Prediction 4: Cyber Security Becomes a Board Problem

In 2017, boards will need to strongly consider adding individuals with CIO/CISO experience. Cyber security is perhaps the single biggest risk to enterprises today, with breaches impacting corporations around the world daily, and many are not ready for battle.

To help better prepare, boards will need to make it a priority to enhance public-private partnerships and utilize third party providers to leverage the cumulative cyber-knowledge of its whole network. This will help solve fundamental problems like a lax security culture, knowing where data is located and how regulations will impact the company.

Prediction 5: Political Changes Enter the Boardroom

President-elect Donald Trump promises to bring about a variety of changes to foreign policy, domestic practices and corporate governance. With Trump in office, board members will need to keep an even closer eye on how corporate governance is set to change, including new requirements for board oversight as well as the evolving role of the corporate secretary. In fact, there’s already talk of potential changes to key legislations such as dismantling Dodd-Frank and swift immigration and labor changes.

2017 will undoubtedly be a transformative year for many enterprises and the boards that govern them. While time will tell how each of these trends will impact boards, I am willing to bet that those that continue to evolve and adhere to industry best practices will outperform those that stick with the status quo.
Brian Stafford is Chief Executive Officer of Diligent Corporation. Brian is responsible for all day-to-day operations, with a focus on accelerating global growth and incorporating scale into the business in order to seamlessly manage the growth. Brian previously served as a Partner at McKinsey & Company, where he founded and led their Software-as-a-Service Practice. Prior to his tenure at McKinsey, Brian was the Founder, President and CEO of CarOrder, a division of Trilogy Software based in Austin, Texas. Brian is also an active seed stage investor and start up advisor. His other passion lies in the arts, supporting the NYC community in his role as a BAM board member.

Business Leaders And Boards-Strategic Issues and Analytics In Business Planning and Competitive Action

Shared on LinkedIn.

The age of analytics: Competing in a data-driven world, suggests that the range of applications and opportunities has grown and will continue to expand. Given rapid technological advances, the question for companies now is how to integrate new capabilities into their operations and strategies—and position themselves in a world where analytics can upend entire industries.

Is big data all hype? To the contrary: earlier research may have given only a partial view of the ultimate impact. A new report from the McKinsey Global Institute (MGI), The age of analytics: Competing in a data-driven world, suggests that the range of applications and opportunities has grown and will continue to expand. Given rapid technological advances, the question for companies now is how to integrate new capabilities into their operations and strategies—and position themselves in a world where analytics can upend entire industries.

The age of analytics
Big data continues to grow; if anything, earlier estimates understated its potential.
A 2011 MGI report highlighted the transformational potential of big data. Five years later, we remain convinced that this potential has not been oversold. In fact, the convergence of several technology trends is accelerating progress. The volume of data continues to double every three years as information pours in from digital platforms, wireless sensors, virtual-reality applications, and billions of mobile phones. Data-storage capacity has increased, while its cost has plummeted. Data scientists now have unprecedented computing power at their disposal, and they are devising algorithms that are ever more sophisticated.

Earlier, we estimated the potential for big data and analytics to create value in five specific domains. Revisiting them today shows uneven progress and a great deal of that value still on the table (exhibit). The greatest advances have occurred in location-based services and in US retail, both areas with competitors that are digital natives. In contrast, manufacturing, the EU public sector, and healthcare have captured less than 30 percent of the potential value we highlighted five years ago. And new opportunities have arisen since 2011, further widening the gap between the leaders and laggards.

Progress in capturing value from data and analytics has been uneven.
Would you like to learn more about the McKinsey Global Institute?
Visit our Technology & Innovation page
Leading companies are using their capabilities not only to improve their core operations but also to launch entirely new business models. The network effects of digital platforms are creating a winner-take-most situation in some markets. The leading firms have remarkably deep analytical talent taking on various problems—and they are actively looking for ways to enter other industries. These companies can take advantage of their scale and data insights to add new business lines, and those expansions are increasingly blurring traditional sector boundaries.

Where digital natives were built for analytics, legacy companies have to do the hard work of overhauling or changing existing systems. Adapting to an era of data-driven decision making is not always a simple proposition. Some companies have invested heavily in technology but have not yet changed their organizations so they can make the most of these investments. Many are struggling to develop the talent, business processes, and organizational muscle to capture real value from analytics.

The first challenge is incorporating data and analytics into a core strategic vision. The next step is developing the right business processes and building capabilities, including both data infrastructure and talent. It is not enough simply to layer powerful technology systems on top of existing business operations. All these aspects of transformation need to come together to realize the full potential of data and analytics. The challenges incumbents face in pulling this off are precisely why much of the value we highlighted in 2011 is still unclaimed.

The urgency for incumbents is growing, since leaders are staking out large advantages, and hesitating increases the risk of being disrupted. Disruption is already happening, and it takes multiple forms. Introducing new types of data sets (“orthogonal data”) can confer a competitive advantage, for instance, while massive integration capabilities can break through organizational silos, enabling new insights and models. Hyperscale digital platforms can match buyers and sellers in real time, transforming inefficient markets. Granular data can be used to personalize products and services—including, most intriguingly, healthcare. New analytical techniques can fuel discovery and innovation. Above all, businesses no longer have to go on gut instinct; they can use data and analytics to make faster decisions and more accurate forecasts supported by a mountain of evidence.

The next generation of tools could unleash even bigger changes. New machine-learning and deep-learning capabilities have an enormous variety of applications that stretch into many sectors of the economy. Systems enabled by machine learning can provide customer service, manage logistics, analyze medical records, or even write news stories.

These technologies could generate productivity gains and an improved quality of life, but they carry the risk of causing job losses and dislocations. Previous MGI research found that 45 percent of work activities could be automated using current technologies; some 80 percent of that is attributable to existing machine-learning capabilities. Breakthroughs in natural-language processing could expand that impact.

Data and analytics are already shaking up multiple industries, and the effects will only become more pronounced as adoption reaches critical mass—and as machines gain unprecedented capabilities to solve problems and understand language. Organizations that can harness these capabilities effectively will be able to create significant value and differentiate themselves, while others will find themselves increasingly at a disadvantage.

About the author(s)

Jacques Bughin and James Manyika are directors of the McKinsey Global Institute, and Michael Chui is an MGI partner; Nicolaus Henke and Tamim Saleh are senior partners in McKinsey’s London office, Bill Wiseman is a senior partner in the Taipei office, and Guru Sethupathy is a consultant in the Washington, DC, office.
Article Actions

McKinsey on Disruptive Technology-Driven Change In The Automotive Industry.

McKinsey Dec 2016
Shared previously on LinkedIn:

“Technology-driven trends will revolutionize how industry players respond to changing consumer behavior, develop partnerships, and drive transformational change.”
You will note that some of the strategic issues raised, are similar to issues being faced by manufacturers of other complex products.The ability to recognize and effectively respond to these issues will be of increasing concern and value.

Today’s economies are dramatically changing, triggered by development in emerging markets, the accelerated rise of new technologies, sustainability policies, and changing consumer preferences around ownership. Digitization, increasing automation, and new business models have revolutionized other industries, and automotive will be no exception. These forces are giving rise to four disruptive technology-driven trends in the automotive sector: diverse mobility, autonomous driving, electrification, and connectivity.

Most industry players and experts agree that the four trends will reinforce and accelerate one another, and that the automotive industry is ripe for disruption. Given the widespread understanding that game-changing disruption is already on the horizon, there is still no integrated perspective on how the industry will look in 10 to 15 years as a result of these trends. To that end, our eight key perspectives on the “2030 automotive revolution” are aimed at providing scenarios concerning what kind of changes are coming and how they will affect traditional vehicle manufacturers and suppliers, potential new players, regulators, consumers, markets, and the automotive value chain.

This study aims to make the imminent changes more tangible. The forecasts should thus be interpreted as a projection of the most probable assumptions across all four trends, based on our current understanding. They are certainly not deterministic in nature but should help industry players better prepare for the uncertainty by discussing potential future states.

1. Driven by shared mobility, connectivity services, and feature upgrades, new business models could expand automotive revenue pools by about 30 percent, adding up to $1.5 trillion.

The automotive revenue pool will significantly increase and diversify toward on-demand mobility services and data-driven services. This could create up to $1.5 trillion—or 30 percent more—in additional revenue potential in 2030, compared with about $5.2 trillion from traditional car sales and aftermarket products/services, up by 50 percent from about $3.5 trillion in 2015 (Exhibit 1).

Connectivity, and later autonomous technology, will increasingly allow the car to become a platform for drivers and passengers to use their time in transit to consume novel forms of media and services or dedicate the freed-up time to other personal activities. The increasing speed of innovation, especially in software-based systems, will require cars to be upgradable. As shared mobility solutions with shorter life cycles will become more common, consumers will be constantly aware of technological advances, which will further increase demand for upgradability in privately used cars as well.

2. Despite a shift toward shared mobility, vehicle unit sales will continue to grow, but likely at a lower rate of about 2 percent per year.

Overall global car sales will continue to grow, but the annual growth rate is expected to drop from the 3.6 percent over the last five years to around 2 percent by 2030. This drop will be largely driven by macroeconomic factors and the rise of new mobility services such as car sharing and e-hailing.

A detailed analysis suggests that dense areas with a large, established vehicle base are fertile ground for these new mobility services, and many cities and suburbs of Europe and North America fit this profile. New mobility services may result in a decline of private-vehicle sales, but this decline is likely to be offset by increased sales in shared vehicles that need to be replaced more often due to higher utilization and related wear and tear.

The remaining driver of growth in global car sales is the overall positive macroeconomic development, including the rise of the global consumer middle class. With established markets slowing in growth, however, growth will continue to rely on emerging economies, particularly China, while product-mix differences will explain different development of revenues.

3. Consumer mobility behavior is changing, leading to up to one out of ten cars sold in 2030 potentially being a shared vehicle and the subsequent rise of a market for fit-for-purpose mobility solutions.

Changing consumer preferences, tightening regulation, and technological breakthroughs add up to a fundamental shift in individual mobility behavior. Individuals increasingly use multiple modes of transportation to complete their journey; goods and services are delivered to rather than fetched by consumers. As a result, the traditional business model of car sales will be complemented by a range of diverse, on-demand mobility solutions, especially in dense urban environments that proactively discourage private-car use.

Consumers today use their cars as all-purpose vehicles, whether they are commuting alone to work or taking the whole family to the beach. In the future, they may want the flexibility to choose the best solution for a specific purpose, on demand and via their smartphones. We already see early signs that the importance of private-car ownership is declining: in the United States, for example, the share of young people (16 to 24 years) who hold a driver’s license dropped from 76 percent in 2000 to 71 percent in 2013, while there has been over 30 percent annual growth in car-sharing members in North America and Germany over the last five years.

Consumers’ new habit of using tailored solutions for each purpose will lead to new segments of specialized vehicles designed for very specific needs. For example, the market for a car specifically built for e-hailing services—that is, a car designed for high utilization, robustness, additional mileage, and passenger comfort—would already be millions of units today, and this is just the beginning.

As a result of this shift to diverse mobility solutions, up to one out of ten new cars sold in 2030 may likely be a shared vehicle, which could reduce sales of private-use vehicles. This would mean that more than 30 percent of miles driven in new cars sold could be from shared mobility. On this trajectory, one out of three new cars sold could potentially be a shared vehicle as soon as 2050.

4. City type will replace country or region as the most relevant segmentation dimension that determines mobility behavior and, thus, the speed and scope of the automotive revolution.

Understanding where future business opportunities lie requires a more granular view of mobility markets than ever before. Specifically, it is necessary to segment these markets by city types based primarily on their population density, economic development, and prosperity. Across those segments, consumer preferences, policy and regulation, and the availability and price of new business models will strongly diverge. In megacities such as London, for example, car ownership is already becoming a burden for many, due to congestion fees, a lack of parking, traffic jams, et cetera. By contrast, in rural areas such as the state of Iowa in the United States, private-car usage will remain the preferred means of transport by far.

The type of city will thus become the key indicator for mobility behavior, replacing the traditional regional perspective on the mobility market. By 2030, the car market in New York will likely have much more in common with the market in Shanghai than with that of Kansas.

5. Once technological and regulatory issues have been resolved, up to 15 percent of new cars sold in 2030 could be fully autonomous.

Fully autonomous vehicles are unlikely to be commercially available before 2020. Meanwhile, advanced driver-assistance systems (ADAS) will play a crucial role in preparing regulators, consumers, and corporations for the medium-term reality of cars taking over control from drivers.

The market introduction of ADAS has shown that the primary challenges impeding faster market penetration are pricing, consumer understanding, and safety/security issues. Regarding technological readiness, tech players and start-ups will likely also play an important role in the development of autonomous vehicles. Regulation and consumer acceptance may represent additional hurdles for autonomous vehicles. However, once these challenges are addressed, autonomous vehicles will offer tremendous value for consumers (for example, the ability to work while commuting, or the convenience of using social media or watching movies while traveling).

A progressive scenario would see fully autonomous cars accounting for up to 15 percent of passenger vehicles sold worldwide in 2030 (Exhibit 2).

6. Electrified vehicles are becoming viable and competitive; however, the speed of their adoption will vary strongly at the local level.

Stricter emission regulations, lower battery costs, more widely available charging infrastructure, and increasing consumer acceptance will create new and strong momentum for penetration of electrified vehicles (hybrid, plug-in, battery electric, and fuel cell) in the coming years. The speed of adoption will be determined by the interaction of consumer pull (partially driven by total cost of ownership) and regulatory push, which will vary strongly at the regional and local level.

In 2030, the share of electrified vehicles could range from 10 percent to 50 percent of new-vehicle sales. Adoption rates will be highest in developed dense cities with strict emission regulations and consumer incentives (tax breaks, special parking and driving privileges, discounted electricity pricing, et cetera). Sales penetration will be slower in small towns and rural areas with lower levels of charging infrastructure and higher dependency on driving range.

Through continuous improvements in battery technology and cost, those local differences will become less pronounced, and electrified vehicles are expected to gain more and more market share from conventional vehicles. With battery costs potentially decreasing to $150 to $200 per kilowatt-hour over the next decade, electrified vehicles will achieve cost competitiveness with conventional vehicles, creating the most significant catalyst for market penetration. At the same time, it is important to note that electrified vehicles include a large portion of hybrid electrics, which means that even beyond 2030, the internal-combustion engine will remain very relevant.

7. Within a more complex and diversified mobility-industry landscape, incumbent players will be forced to compete simultaneously on multiple fronts and cooperate with competitors.

While other industries, such as telecommunications or mobile phones/handsets, have already been disrupted, the automotive industry has seen very little change and consolidation so far. For example, only two new players have appeared on the list of the top-15 automotive original-equipment manufacturers (OEMs) in the last 15 years, compared with ten new players in the handset industry.

A paradigm shift to mobility as a service, along with new entrants, will inevitably force traditional car manufacturers to compete on multiple fronts. Mobility providers (Uber, for example), tech giants (such as Apple, Google), and specialty OEMs (Tesla, for instance) increase the complexity of the competitive landscape. Traditional automotive players that are under continuous pressure to reduce costs, improve fuel efficiency, reduce emissions, and become more capital-efficient will feel the squeeze, likely leading to shifting market positions in the evolving automotive and mobility industries, potentially leading to consolidation or new forms of partnerships among incumbent players.

In another game-changing development, software competence is increasingly becoming one of the most important differentiating factors for the industry, for various domain areas, including ADAS/active safety, connectivity, and infotainment. Further on, as cars are increasingly integrated into the connected world, automakers will have no choice but to participate in the new mobility ecosystems that emerge as a result of technological and consumer trends.

Automotive & Assembly

Shared: “Lessons For Leadership” Insight from McKinsey

Shared on LinkedIn:

McKinsey: “Lessons for Leadership” contains insights concerning Performance, Collaboration, and Innovation. Read the interview Leadership and behavior: Mastering the mechanics of reason and emotion on mckinsey.com.

A CEO should be aware that whenever we make an important decision, we invoke rationality and emotion at the same time. For instance, when we are affected by empathy, we are more capable of recognizing things that are hidden from us than if we try to use pure rationality. And, of course, understanding the motives and the feelings of other parties is crucial to engaging effectively in strategic and interactive situations.”

Eyal Winter, Hebrew University professor, discussing how emotions play a key role in rational decision making.

Be sure to see the related material links included with the article.

McKinsey Quarterly is McKinsey & Company’s the flagship business publication, defining and informing the senior-management agenda since 1964.