The week in GRC: Cyber-threats increase for companies over the past year and Supreme Court says CFPB funding structure is legal

– Cyber-security threats increased for companies over the past year, according to a survey of compliance professionals conducted by The Wall Street Journal (paywall). Nine out of 10 companies said cyber-security risks rose, with nearly half of respondents saying the risk increased substantially. Almost all mid-size companies – those with between $50 mn and $1 bn in revenue – said they felt cyber-threats had increased. Other major areas of concern among the compliance professionals surveyed included regulatory scrutiny and enforcement, cited by 78 percent of respondents, and the digitization of their business, cited by 71 percent.

US authorities have ratcheted up the pressure on companies to communicate cyber-attacks more promptly. New SEC rules require companies to disclose attacks to the agency no later than four business days after they determine the incident will have a material impact on operations. In addition, the US Cyber-security and Infrastructure Security Agency in March published draft rules on how critical-infrastructure companies would need to report significant cyber-attacks within 72 hours and ransom payments within 24 hours.

– CNBC reported that Squarespace announced it would go private in a $6.9 bn all-cash deal with private equity firm Permira. ‘We are thrilled to be partnering with Permira on this new leg of our journey,’ Squarespace founder and CEO Anthony Casalena said in a statement. Casalena and current investors Accel and General Atlantic control 90 percent of Squarespace’s voting shares. All three have approved the transaction and will continue to be investors after the Permira deal closes.

Squarespace’s move to go private is part of a trend by smaller technology companies over the last two years, some of which have been burned by the public markets or believe they could create more value being amalgamated with other private equity portfolio companies.

– Reuters (paywall) reported that shareholders at Equinor’s AGM rejected a proposal urging Norway’s top oil and gas producer to align its strategy and spending with global climate goals. The Norwegian government, which holds a 67 percent stake, voted against the resolution. The company’s board, which recommended to reject it, said Europe’s largest gas supplier was already doing enough. ‘We will become a broad energy company and we will cut emissions, but we also need to adapt to the market situation and be flexible,’ Equinor’s chair Jon Erik Reinhardsen told the AGM.

The proposal, filed by a group of investors led by UK-based Sarasin & Partners, called on the company to specify how any plans for new oil and gas reserve developments are consistent with the Paris Agreement goals. The resolution underlined Norway’s dual position as a major oil and gas exporter while also backing international cuts in global greenhouse gas emissions.

– The WSJ reported that the Public Company Accounting Oversight Board (PCAOB) will require audit firms to do more to ensure the quality of their work. The board voted 4-1 to approve a rule to bolster the controls that guide how audit firms perform their audits.

Under existing rules, audit firms must have policies and procedures to cover areas such as ethics, personnel management and audit-engagement performance as part of their quality controls. The PCAOB inspects audit firms’ approach to quality controls, among other things. Firms will now have to assess the risks associated with achieving effective quality controls and design procedures intended to address those risks. They will also report once a year to the PCAOB on how those policies and procedures are working.

– Glass Lewis recommended that Crown Castle investors elect two activist director candidates, including the wireless tower owner’s co-founder and former CEO Ted Miller, to the board, according to Reuters. Miller, who ran Crown Castle between 1996 and 2002 and now heads investment firm Boots Capital, is pushing for four board seats only months after the company, which is valued at $43 bn, reached an agreement with Elliott Investment Management and added new board members.

Glass Lewis said Miller’s expertise in the tower industry qualifies him for election and that shareholders should vote for him and another Boots candidate – Charles Green, former Crown Castle CFO – at next week’s AGM. Boots Capital has ‘put forth a credible slate of nominees, as well as reasonable suggestions for the company that we believe should earnestly warrant greater consideration by the board,’ the proxy adviser’s report said.

Crown Castle had no comment on the Glass Lewis report.

ISS backed all company directors and none of Boots Capital’s candidates, arguing there is no need for more change now after the company reacted quickly to criticisms in 2023.

– According to Reuters, BlackRock said only about 58 percent of advisory votes cast at its AGM supported the pay of its top executives. Support for such say-on-pay resolutions at S&P 500 companies averages around 90 percent, pay consultants say. At the meeting, BlackRock also said each of its 16 director nominees received well over a majority of votes cast. It said three shareholder resolutions, including a call for an independent board chair, won no more than 10 percent support.

Top proxy advisers had recommended votes against the pay of BlackRock’s top executives, including CEO Larry Fink, who received $27.6 mn last year. ISS said it had concerns about the process used to determine annual cash incentive awards.

Asked about the pay vote, BlackRock said in a statement that it looks forward to engaging with shareholders. ‘BlackRock has a long-standing pay-for-performance culture and our executive compensation program is based on the same metrics-driven approach that has received substantial shareholder support in prior years,’ the company said.

– The WSJ reported that Vanguard Group has picked a former BlackRock executive as its next leader, putting an outsider in charge of the asset manager for the first time in its roughly 50-year history. Salim Ramji, who led BlackRock’s ETF and index investing until earlier this year, will start as Vanguard’s CEO in July. Ramji left BlackRock in January after about a decade. He said at the time that he planned to ‘seek a new leadership or entrepreneurial opportunity outside the firm’.

– The US Supreme Court ruled that the funding structure of the Consumer Financial Protection Bureau (CFPB) is legal, CNBC reported. In a 7-2 decision, the court rejected an argument that the CFPB’s funding method violated the US Constitution’s Appropriations Clause because Congress had not annually authorized money for the agency. Instead, Congress authorized the CFPB to draw funding from the Federal Reserve system that the agency’s director deems necessary for its work.

The ruling protects the bureau from a potential death sentence, given the risk that Congress would not authorize annual appropriations for the agency in the manner that is traditional for other agencies. Conservative justices Samuel Alito and Neil Gorsuch dissented.

– According to Reuters, the UK government said it would decide in the second quarter of next year whether to endorse a global set of climate disclosures that would be mandatory for listed companies from January 2026. At present, companies listed in the UK must make climate-related disclosures using TCFD norms but they are expected to be replaced by more rigorous rules from the International Sustainability Standards Board (ISSB).

The government said it aims to make the UK-endorsed ISSB standards available in the first quarter of next year with a final decision on their formal adoption in the following quarter. ‘Subject to a positive endorsement decision by the UK government, and following a consultation process, the Financial Conduct Authority will be able to use the UK Sustainability Reporting Standards to introduce requirements for UK-listed companies to report sustainability-related information,’ the government said in a statement.