Skip to main content
Jul 02, 2021

The week in GRC: Record number of ESG proposals approved and SEC names top enforcer

This week’s governance, compliance and risk-management stories from around the web

The Wall Street Journal reported that Microsoft said hackers installed malicious information-stealing software on one of its systems and used information gathered there to attack its customers. The hackers compromised a computer used by a Microsoft customer support employee that could have provided access to different types of information, including ‘metadata’ of accounts and billing contact information for the organization, a company spokesperson said.

Microsoft is aware of three customers affected by the recent activity, the company said. ‘The actor used this information in some cases to launch highly targeted attacks as part of a broader campaign,’ the company said. ‘We responded quickly, removed the access and secured the device.’

CNN reported that Johnson & Johnson agreed to a $230 mn settlement with New York State to resolve complaints from New York Attorney General Letitia James over the pharmaceutical company’s role in the opioid epidemic. ‘Johnson & Johnson helped fuel this fire,’ James said in a statement. ‘While no amount of money will ever compensate for the thousands who lost their lives or became addicted to opioids across our state... these funds will be used to prevent any future devastation.’ The settlement money will go toward opioid education, prevention and treatment, James added.

In a statement, Johnson & Johnson said that ‘the settlement is not an admission of liability or wrongdoing,’ adding that it ‘remains committed to providing certainty for involved parties and critical assistance for communities in need.’ The settlement prevents Johnson & Johnson from manufacturing or selling opioids in the state or promoting opioids or opioid-related products. The company had already decided to discontinue the production and sale of pain medication in the US last year, a spokesperson said.

– Marco Gobbetti quit as CEO of Burberry after nearly five years in the role, according to The Guardian. The UK fashion brand said Gobbetti – who was charged with turning around the business when he took the reins in 2017 – was leaving to take a job in Italy that would allow him to be closer to his family. The Italian luxury goods group Salvatore Ferragamo announced it had appointed Gobbetti as its new CEO.

Burberry chair Gerry Murphy, who credited Gobbetti with leading the transformation of the brand and business, said: ‘The board and I are naturally disappointed by Marco’s decision but we understand and fully respect his desire to return to Italy after nearly 20 years abroad. With the execution of our strategy on track and our outlook unchanged, we are determined to build on Burberry’s strong foundations to accelerate growth and deliver further value for our shareholders.’

CNN reported that the Bank Policy Institute (BPI), the trade group behind JPMorgan Chase, Wells Fargo, Bank of America and dozens of other big banks, is outlining 30 best practices lenders can take to ease inequality in black communities. The institute’s report is the first time the industry has spelled out concrete ways to tackle these deep-seated challenges. The recommendations include publishing diversity and inclusion data, hiring more diverse wealth management personnel and exploring a ‘massive’ industry-wide philanthropic investment in a particular sector or fund.

Fabrice Emmanuel Coles, BPI’s vice president of government affairs, said some banks have already been conducting these best practices but others have not. He acknowledged it will take time and considerable effort to chip away at racial inequality.

– The SEC appointed Gurbir Grewal as director of the division of enforcement, effective July 26. Grewal is at present attorney general for the State of New Jersey, a role he has held since January 2018. ‘I’m honored and delighted to welcome Attorney General Grewal to the SEC,’ said Gary Gensler, chair of the financial regulator. ‘He has had a distinguished career as New Jersey’s chief law enforcement officer and as a prosecutor at both the local and federal levels. He has the ideal combination of experience, values and leadership ability to helm the enforcement division at this critical time.’

Before becoming attorney general, Grewal served as Bergen County prosecutor, the chief law enforcement office of New Jersey’s most populous county. Earlier in his career, he was an assistant US attorney in the criminal division of the US Attorney’s Office for the District of New Jersey, where he served as chief of the economic crimes unit from 2014 to 2016 and oversaw the investigation and prosecution of all major white-collar and cyber-crime in the District of New Jersey.

– A majority (62 percent) of US-based CFOs responding to a recent CNBC survey said Colonial Pipeline had ‘no choice but to pay the ransom’ to ransomware hackers. Many board-level conversations are taking place and presumably include discussion of the ransom decision. In the survey, 85 percent of US-based CFOs said their board has had a formal discussion about recent cyber-security incidents and the aftermath of the events.

‘It’s a business for the hackers and a business decision on whether to pay for the victims,’ said Jim Lewis, senior vice president and director of the strategic technologies program at the Center for Strategic and International Studies.

‘I’ve been in board meetings before where CEOs were literally in tears, crying because a 100-year-old family business is completely shut down,’ said David Kennedy, a former National Security Agency hacker turned founder and CEO of security firm TrustedSec.

– Shareholders have approved a record number of resolutions in 2021 on issues related to climate and social topics such as diversity, according to CNN. ‘This is a startling proxy season,’ said Heidi Welsh, executive director of the Sustainable Investments Institute. ‘I think it’s really going to change the way companies look at concerns on environmental and social issues raised by their investors.’

A review of top US companies from the Sustainable Investments Institute and As You Sow identified 34 majority votes this year for proposals regarding ESG issues. That’s well above last year’s record of 21, and the number could keep growing.

– The WSJ reported that activist investor Elliott Management has increased pressure on GlaxoSmithKline (GSK), calling on the pharmaceutical company to replace members of its board and launch a process to decide whether CEO Emma Walmsley should continue in her role. In a letter addressed to Glaxo chair Jonathan Symonds, Elliott made several recommendations including that the company undertake a ‘robust process’ to select the best leadership after Glaxo’s planned split into a pharmaceuticals and vaccines business, and one focused on consumer healthcare. It said this process needed to be undertaken by a refreshed board with expertise in pharmaceuticals and science.

A spokesperson for Glaxo on Thursday said the issues described in Elliott’s letter weren’t new and that its existing plans sought to address them. ‘We believe our shareholders are supportive of this strategy, and that they are focused on [GlaxoSmithKline] executing on it without distraction or delay,’ he said, adding that the company would respond more fully in due course.

CNBC reported that GSK's board on Friday rejected Elliott’s demands that the company change its board and sell its consumer healthcare arm after separating it from its pharma business, a day after receiving proposals from the activist investor. ‘The board strongly believes Emma Walmsley is the right leader of New GSK and fully supports the actions being taken by her and the management team,’ GSK said, referring to the core pharmaceuticals and vaccine business.

It added that support for GSK’s strategy and leadership was shown in talks with its largest shareholders. GSK said governance and oversight had been strengthened with the appointment of two new non-executive directors over the last 18 months, and that more biopharmaceutical expertise was on its way with even more appointments, saying this had been flagged previously.

– The US Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued a wide-ranging set of national anti-money laundering priorities, naming corruption and cyber-crime among the areas where financial institutions should focus their compliance resources, according to the WSJ. The list is the first created by FinCEN following a major overhaul of US anti-money-laundering laws in January. Legislation passed by Congress required FinCEN to develop a national strategy for countering money laundering and terrorism financing and to issue a list of priorities every four years.


Ben Maiden

Ben Maiden is the editor-at-large of Governance Intelligence, an IR Media publication, having joined the company in December 2016. He is based in New York. Ben was previously managing editor of Compliance Reporter, covering regulatory and compliance...