Skip to main content
Nov 03, 2023

The week in GRC: Advisers say new DoJ policy reinforces need for M&A due diligence and Biden issues executive order on AI

This week’s governance, compliance and risk-management stories from around the web

Reuters (paywall) reported that Unilever said its board had decided to freeze CEO Hein Schumacher’s fixed pay for the next two years. The initial pay package for Unilever’s directors, including Schumacher, was rejected at its AGM in May with a near-60 percent majority. The board, which includes activist investor Nelson Peltz, had proposed a deal for Schumacher that includes a base salary of €1.85 mn ($1.96 mn), a 20 percent increase on his predecessor Alan Jope’s pay.

Following the AGM, Unilever held a total of 37 meetings with 24 of its top shareholders to discuss the vote, deciding on the pay freeze based on feedback, it said. ‘While the majority of shareholders agreed that the fixed pay level for the new CEO appropriately reflected the size and complexity of the role, there was a preference that alignment with the market could have been achieved gradually, rather than in one step on appointment,’ the company said in a statement.

– President Joe Biden issued a new executive order on artificial intelligence (AI) – the US government’s first such action – requiring new safety assessments, equity and civil rights guidance and research on AI’s impact on the labor market, CNBC reported. Law enforcement agencies have warned they can apply existing law to abuses of AI and Congress has tried to learn more about the technology to draft new laws, but the executive order could have a more immediate impact.

The White House breaks the key components of the executive order into eight parts, including creating new safety and security standards for AI such as by requiring some AI companies to share safety test results with the federal government, and creating guidelines that agencies can use to evaluate privacy techniques used in AI.

– According to The Wall Street Journal (paywall), financial services firms are facing a growing problem over how to capture staff communications as required by regulators while the ways their employees talk to each other keep changing. The SEC has been clamping down on off-channel communications, where employees use personal devices and banned apps to send business-related messages that rules say must be recorded. But the ways people communicate have changed since the regulations were enacted, with texting becoming ubiquitous.

The SEC since December 2021 has filed charges against 40 firms and imposed more than $1.5 bn in fines for failing to maintain and preserve electronic communications, said Gurbir Grewal, the SEC’s enforcement division chief, last week. Without clear additional guidance on what constitutes business communications today, off-channel communications remain an area fraught with risk for financial firms and their employees, compliance advisers said.

CNBC reported that the SEC alleged information technology firm SolarWinds, which was hit by a Russian-backed hacking group in one of the worst cyber-espionage incidents in US history, committed fraud and failed to maintain adequate internal controls for years before the hack. The agency’s suit also names SolarWinds’ chief information security officer (CISO) Tim Brown and alleges that the company overstated its cyber-security practices and understated known vulnerabilities in the company’s systems.

‘We allege that, for years, SolarWinds and Brown ignored repeated red flags about SolarWinds’ cyber-risks, which were well known throughout the company,’ said Grewal in a press release. It appears to be one of the first times the SEC has alleged a company misled and defrauded investors over cyber-security risks. The suit comes as major companies prepare for a new cyber-disclosure rule.

In a statement, the company said it believed the SEC was pursuing ‘a misguided and improper enforcement action against us.’ In a filing, SolarWinds CEO Sudhakar Ramakrishna said: ‘The truth of the matter is that SolarWinds maintained appropriate cyber-security controls prior to [the hack] and has led the way ever since in continuously improving enterprise software security based on evolving industry standards.’

A SolarWinds spokesperson said the SEC’s charges are unfounded and that it will contest them in court. The company said it has been engaging with the SEC for three years and emphasized that it is fully supporting Brown, who will continue to serve as SolarWinds’ CISO. Brown’s attorney said: ‘Mr Brown has worked tirelessly and responsibly to continuously improve the company’s cyber-security posture throughout his time at SolarWinds, and we look forward to defending his reputation and correcting the inaccuracies in the SEC’s complaint.’

– BP’s interim CEO Murray Auchincloss dismissed speculation the company could become a takeover target amid consolidation in the oil and gas sector as he defended the company’s performance, the Financial Times (paywall) reported. Auchincloss said BP was focused on its strategy and not concerned that recent multibillion-dollar acquisitions by ExxonMobil and Chevron could encourage a rival to make a bid for BP.

– According to the WSJ, corporate advisers say a US Department of Justice (DoJ) policy shift around the disclosure of possible wrongdoing uncovered in M&A reinforces the need for buyers to thoroughly check a target’s compliance efforts, both before and after a deal closes. Under a new policy announced in October, an acquiring company that discloses potential wrongdoing at a company being acquired within six months of either side of the deal closing date – and fully co-operates and fixes the underlying problems within a year of closing – can presume it won’t be prosecuted by the DoJ. The safe harbor provision is expected to encourage acquirers to increase both the amount and speed of deal due diligence.

‘Time kills deals. And you don’t get the chance necessarily, particularly in a competitive process, to drill down as much as you might otherwise like,’ said Tim FitzSimons, a partner with King & Spalding. ‘You might risk losing the deal. So it will put pressure on diligence.’

– According to the FT, a BlackRock study of the MSCI World index has found that companies with more gender-balanced workforces outperformed their least-balanced peers by as much as 2 percentage points each year between 2013 and 2022. The higher return on assets held true within countries and sectors and was particularly marked for companies where gender parity was greatest in revenue producing, engineering and top-paying jobs, researchers said.

Companies in the middle quintile for gender balance reported an average annual return on assets of 7.7 percent, compared with 5.6 percent for those with the highest share of men in their workforce and 6.1 percent for those with the highest share of women, the study found. ‘Human capital is very important to investment performance,’ said Sandra Lawson, the BlackRock managing director who led the work. ‘It’s a pretty powerful correlation.’

The study will underpin the case of investment firms that argue it is part of their fiduciary duty to consider gender representation and other social factors in the investment process.

CNBC reported that the Federal Deposit Insurance Corporation (FDIC) is investigating potential misconduct by executives and board members of First Republic Bank. The FDIC is probing whether First Republic executives and board members broke rules that require them to act in the bank’s best interests. Under federal law, the agency can ban former directors and officers from the industry and impose fines for breaching their fiduciary duty and for unsafe or unsound practices that involve dishonesty or ‘willful or continuing disregard’ for a bank’s wellbeing.

Former First Republic CEO and president Michael Roffler and former executive chair James Herbert could not immediately be reached for comment. Attorneys representing the bank’s independent board members did not immediately return a request for comment. Roffler told lawmakers in May that regulators never expressed any concern about the bank’s strategy, liquidity or management and that it had been ‘contaminated overnight’ by the depositor panic from Silicon Valley Bank and Signature Bank.

Reuters reported that Uber and Lyft will pay a combined $328 mn to settle claims by New York Attorney General Letitia James that the companies systematically cheated drivers out of pay and benefits. James said Uber will pay $290 mn and Lyft will pay $38 mn to resolve her office’s investigation. Drivers will also be guaranteed minimum hourly rates and paid sick leave. In addition, they will be given notices and in-app chat support to address questions about earnings and other working conditions.

Uber and Lyft denied wrongdoing and called their settlements a ‘win’ for drivers. Tony West, Uber’s chief legal officer, in a statement said Uber’s settlement ‘helps put to rest’ the driver-classification issue and will be a model for other states. Lyft said in a separate statement it believes it has always properly classified drivers as independent contractors. Both companies have said many of their drivers prefer working as independent contractors.

– According to the FT, shareholders in Australian airline Qantas have voted against the company’s executive pay and bonus scheme, with 83 percent of investors rejecting the advisory remuneration report. ‘It is clear there’s been a substantial loss of trust in the national carrier and we understand why,’ outgoing chair Richard Goyder told shareholders at the company’s AGM after what he called an ‘overwhelming’ vote against the pay policy.

The Qantas board highlighted that it had cut executive bonuses and incentive payments for the year. It amended the bonus policy for future years to demand higher levels of customer satisfaction in order for incentives to pay out. All other resolutions passed at the AGM. Two new directors were approved, including former US Airways CEO Doug Parker, as part of an overhaul of the airline’s governance and management.

Ben Maiden

Ben Maiden is the editor-at-large of Governance Intelligence, an IR Media publication, having joined the company in December 2016. He is based in New York. Ben was previously managing editor of Compliance Reporter, covering regulatory and compliance...