Skip to main content

The Important Work of Boards of Directors

Commissioner Luis A. Aguilar

12th Annual Boardroom Summit and Peer Exchange<br>New York, NY

Oct. 14, 2015

Thank you for that kind introduction. Before I begin my remarks, let me issue the standard disclaimer that the views I express are my own, and do not necessarily reflect the views of the U.S. Securities and Exchange Commission (“SEC” or “Commission”), my fellow Commissioners, or members of the staff.

It’s a great honor to be back again speaking at an event sponsored by the New York Stock Exchange. It has been more than six years since, as a relatively new SEC Commissioner, I had the opportunity to ring the closing bell at the Exchange. Of course, a lot has changed since then.

At the time, the country was in the midst of the worst financial crisis since the Great Depression, and our capital markets were in turmoil. Some of our most storied financial institutions had suffered unparalleled economic damage.[1] The money market fund industry was mired in a crisis of confidence, interbank lending had collapsed, and our short-term capital markets had seized up.[2] To stem the bleeding, the federal government engaged in an unprecedented intervention in the financial sector to inject stability and confidence into the capital markets and to the greater economy.[3]

As the country pulled itself out from under the financial wreckage, we entered a period of self-reflection, analysis, and evaluation, in which no stakeholder in our capital markets escaped critical review. In fact, even the continued existence of the SEC was open to question.[4] Ultimately, Congress and the White House reaffirmed the essential role of the SEC with the passage of the Dodd-Frank Act,[5] which expanded the Commission’s authority and jurisdiction.

Beginning even before passage of the Dodd-Frank Act, the Commission had already entered what has become one of the most active periods in its history—from significant internal restructurings[6] to a transformative number of new rules that, without risk of overstatement, will permanently change the regulatory landscape.[7]

I’ve had a front row seat to these events, having been sworn in as a Commissioner on July 31, 2008, a few weeks before the fall of Lehman Brothers. In fact, according to a recent article, since the passage of the Dodd-Frank Act, the majority political party has changed in both chambers of Congress, the Treasury Department has a new Secretary, and I am the only Commissioner at either the SEC or the Commodity Futures Trading Commission (“CFTC”) who remains in office.[8] It appears that, as the longest serving member of the current Commission, I am in a small category of key decision-makers still standing.[9]

As you can imagine, this period has been both daunting and rewarding.[10] I am proud of my public service during these eventful times, and I have worked to make the Commission a stronger and more effective agency,[11] and one that is more transparent and accountable to the American people.

The SEC, however, is but one of the players in the capital market ecosystem—and, of course, we are never in your boardrooms when decisions are being made. That responsibility falls on those of you in this room who serve as directors of our nation’s publicly-traded companies. Clearly, the way you collectively exercise corporate governance over the management and operations of your companies has an enormous impact on the way the capital markets function.

To that end, I would like to speak about several principles that are critical to good corporate governance. It has long been recognized that good corporate governance serves to enhance the effective deployment of shareholder capital that ultimately contributes to growth and positive long-term performance.[12] Strong corporate governance processes help companies hire and incentivize good managers, while at the same time promoting accountability.[13] In addition, a robust corporate governance infrastructure enables a company to better understand where risks can arise, including emerging risks like cybersecurity.[14] Ultimately, the quality of a company’s corporate governance infrastructure can provide a window into the effectiveness of the board of directors’ oversight of the company for the benefit of shareholders and the long-term health of a company.

Critical to strong corporate governance are its implementers—the boards of directors. I have long-recognized that directors of public companies have particularly difficult jobs.[15] As a former practitioner who regularly advised boards of directors, I am familiar with the challenges you face. The many specific duties and responsibilities you have are too many to list here, but as fiduciaries, all of them are clearly aimed at one overarching obligation—and that is to faithfully represent the interests of shareholders.

To that end, you have significant oversight responsibilities with respect to executive management and for the overall direction of the company. As directors, you play a critical role in setting the appropriate tone at the top, are expected to be guardians of the company’s assets, and are relied upon by both shareholders and the capital market. In addition, you typically sit on at least one board committee with enumerated responsibilities. And you are expected to carry out these duties and responsibilities with a keen focus and attention to detail—all on a part-time basis.

Moreover, in today’s litigious society, you fulfill your responsibilities with the threat of lawsuits hanging over your head.[16] As you well know, it is not uncommon for shareholders to file suit against corporate directors for alleged failures to uphold their responsibilities as fiduciaries of the companies’ assets.[17]

As an SEC Commissioner, I am also aware of the concern directors may have that the SEC could second-guess their judgment and bring an enforcement action against them. While I do not profess to be in your shoes, I can appreciate why you may have this concern; however, the reality is far different. From my own experience, and based on discussions with our staff, it appears that the SEC has rarely brought cases against directors—particularly outside directors—for failing to fulfill their responsibilities as corporate fiduciaries. Indeed, these matters are so infrequent that the agency does not currently maintain statistics on cases that are brought against directors. On those occasions when the SEC has brought actions against directors, the matters typically involve directors who either have taken affirmative steps to participate in fraudulent misconduct or have otherwise enabled fraudulent misconduct to occur by unreasonably turning a blind eye to obvious “red flags” of misconduct.[18]

The rarity of these matters reflects that most directors are dedicated to doing a good job. This experience makes clear that although corporate directors have substantial obligations which are not easy to fulfill, the vast majority of directors are embracing their responsibilities and are fulfilling them conscientiously. These directors should have nothing to fear from the SEC. Serving as a director is important work that needs good people, and I respect those of you who have stepped up to the plate.

With these thoughts in mind, today I want to focus on three themes of corporate governance that merit special attention:

  • First, the importance of effective engagement with shareholders;
  • Second, the importance of company resiliency—with a focus on crisis and risk management; and
  • Third, the importance of ensuring that boards of directors remain relevant as their companies—and the times—change.

Enhancing Engagement with Shareholders

First, I want to discuss the core corporate governance theme of engagement, and the important goal of maximizing communication between companies and their shareholders.

This is not a new concept, and it’s one I’m sure you hear time and again.[19] Shareholders often suggest that annual meetings are too infrequent, that they cover topics at too high a level to address specific concerns,[20] and that more engagement with company leadership would enhance their rights as owners of the company.[21] These are sentiments with which we likely can all agree.

Of course, corporate ownership is simply too widely dispersed geographically for the directors and officers of public companies to meet with every shareholder—or even groups of shareholders—in person. Notably, however, these often-heard concerns don’t just come from retail investors, but also from many institutional and large shareholders.[22]

As a result, there is an increasing acceptance that more direct shareholder engagement is not just good corporate governance, but is good business.[23] To that end, in recent years, many forward looking companies have augmented their shareholder engagement and have become more proactive in their investor relations.[24] In fact, a study published in 2014 found that 47% of issuers reported having initiated more than ten engagements in the preceding year, in contrast to just 31% of issuers in a 2010 survey.[25]

Indeed, the trend towards more engagement between shareholders and company boards is not just a domestic one. Various developments abroad indicate that increased shareholder engagement has no borders. For example, in October 2014, the United Kingdom introduced the Investor Forum, which is intended to bring together institutional investors and board directors.[26] Separately, in December 2013, the Global Network of Director Institutes (or “GNDI”), which represents 100,000 individual directors and governance professionals around the globe, published a white paper discussing various “best practices” for effective shareholder engagement.[27]

And we are continuing to witness a growing recognition by domestic companies of the importance of shareholder engagement by corporate boards. For example, in early 2014, a working group of issuer and investor representatives developed the Shareholder-Director Exchange (SDX) Protocol, which is a guide on when direct engagement between shareholders and public company boards may be appropriate, and how such engagements can work best for all parties.[28] One of the key takeaways from this Protocol is that both issuers and investors now increasingly recognize that there is value in encouraging greater engagement before crises or other developments occur.

While many of these efforts are aimed at institutional investors, other technological innovations hold out hope for increased engagement with retail investors, a group that is often overlooked in the engagement process. One example took place in March 2015, when Hewlett Packard held a completely virtual annual shareholder meeting to allow more shareholders to participate without incurring travel costs.[29] And the use of virtual shareholder forums appears to be steadily growing.[30] Moreover, other companies have hosted so-called “hybrid” shareholder meetings, with shareholders having the ability to choose to attend physically or virtually (by participating online).[31] There are those who object to virtual-only meetings and strongly prefer the “hybrid” approach.[32] What is clear, however, is that these innovations reflect creative solutions to the challenges of engaging with a geographically dispersed investor base.

These examples reflect a positive trend of enhanced communication, but they still seem to be the exception, not the rule. As representatives of shareholders—with fiduciary responsibilities—directors should look for ways to foster engagement. Regardless of the mechanism, the goal should be the same—furthering communications between companies and shareowners. The resulting communication establishes a strong foundation for good corporate governance.

Resiliency—the Growing Importance of Board Oversight for Crisis and Risk Management

A robust corporate governance framework is also exemplified by effective risk oversight. Indeed, in today’s volatile world, how a company prepares for and responds to major disruptive events—sometimes referred to as “resiliency”—has become increasingly critical to the protection and growth of a company’s assets.[33]

In just the last ten years, we’ve experienced some of the most devastating and costliest natural disasters in our country’s history—from Hurricane Katrina to Hurricane Sandy to Hurricane Ike.[34] Some of these natural disasters have been so unexpected and so unusual, that no one would expect a company to reasonably anticipate that they would happen.[35] Indeed, no one can control Mother Nature. However, there are natural events that occur with such frequency in certain areas of the country, such as earthquakes, tornados, and hurricanes, that there is sentiment that boards need to consider how to respond to these crises.[36] These events can cause all kinds of disruptions—widespread black-outs, infrastructure damage, and widespread internet and/or communication outages. Some of these events may be catastrophic. Others may be less dramatic. But, we all know that they can be severely disruptive and costly to companies, their employees, and shareholders.[37]

Crisis events can also be man-made, such as accounting scandals and other serious regulatory violations, product defects, or even terrorist attacks.[38] Although some man-made crises could be considered “black swans” because no one would reasonably expect them to occur, others are, unfortunately, all too common and thus reasonably foreseeable. Examples of foreseeable man-made crises might include, depending on the industry, oil spills,[39] automobile recalls,[40] and outbreaks of foodborne illnesses.[41] To this list, of course, you can add cyber-attacks.[42] Ultimately, each company and industry faces its own unique risks that are foreseeable, and therefore worthy of any prudent board’s attention.

As the spectrum of risks that companies face has increased, so has the recognition among boards that risk management is integral to every aspect of a company’s long-term well-being—and that risk management is applicable to both natural disasters and man-made events.[43] Traditionally the purview of company management, the overall supervision of risk management has gradually become part of board agendas.[44] Indeed, in 2009, the Commission encouraged this shift by requiring companies to disclose their boards’ role in enterprise risk oversight. While the Commission intentionally did not mandate a specific risk oversight role, it did note that “risk oversight is a key competence of the board.”[45]

Shareholders have likewise recognized the increasingly important role of the board in enterprise risk oversight, and are taking steps to hold directors accountable for perceived failures in this function. In early 2014, in the wake of a coal-ash spill, the California Public Employees’ Retirement System (“CalPERS”) and the New York City Comptroller urged shareholders to vote against four independent directors to Duke Energy Corp.’s board, accusing them of having “failed to fulfill their obligations of risk oversight as members of a committee overseeing health, safety and environmental compliance at the company.”[46] Separately, in 2013, a prominent shareholder advisory firm recommended that shareholders withhold support for three directors of the board of JPMorganChase and Co., accusing them of “material failures of stewardship and risk oversight” after the bank suffered a multibillion-dollar loss as a result of the “London Whale” trading scandal.[47]

The increasing importance of a board’s oversight role in risk management is illustrated by one of the more important risk issues faced by American companies, government institutions, law enforcement, and many regulators today: cybersecurity. This is an issue that I take very seriously, and have spoken about on a number of occasions, including at a conference sponsored by the New York Stock Exchange just last year.[48] Unfortunately, it has become too commonplace to talk about the increasing frequency, severity, and sophistication of cyber-attacks.[49]

The frequency of cyber-attacks—and the likelihood of more—has only served to ratchet up the pressure on company boards to effectively implement enterprise risk oversight. Indeed, shareholders have sued boards of directors for failing to guard against cyber-attacks, alleging breaches of fiduciary duties and oversight failures, among other things.[50] Moreover, boards also need to be aware of the increased regulatory focus on a company’s cybersecurity oversight. For example, recently the U.S. Court of Appeals for the Third Circuit affirmed the authority of the Federal Trade Commission to pursue enforcement actions against companies that fail to employ reasonable and appropriate cybersecurity measures for consumers’ sensitive personal information.[51] In addition, just last month the SEC brought its first case against a registered investment adviser alleging that its failure to establish required cybersecurity policies and procedures compromised the personal information of roughly 100,000 individuals.[52]

Fortunately, many boards are becoming more diligent in responding to the increased cybersecurity threat. For example, in early 2015, a survey of nearly 200 directors of public companies highlighted a trend towards more board-level discussion of cybersecurity matters, finding that more than 80% of participants indicated that cybersecurity is discussed at most, and in some cases all, board meetings.[53] A separate May 2015 survey of global financial institutions confirmed this trend, and found that, in addition to cybersecurity concerns, boards are devoting more time to risk management in general and to addressing key risk issues.[54]

Ultimately, while there is no “one size fits all” approach to board oversight of risk management, the goal is to give proper attention to a company’s perceived risks to ensure sufficient preparedness. This can mean making sure the board is appropriately informed about the global risks facing an organization or its broader industry, tasking appropriate personnel with monitoring and preparing for such risks, and implementing protocols to be able to quickly respond if and when such risks become a crisis event.

As you well know, in today’s digitally interconnected society, the potential reputational harm that can envelop a company not prepared to respond to a crisis can quickly overtake the initial crisis as the most consequential threat to a company’s future outlook.[55]

Some crises cannot be avoided, no matter how carefully you plan, but pre-planning can give a company a better chance to respond to and recover from a crisis when it occurs.

Ensuring that Boards Remain Effective Stewards of the Corporate Enterprise

The ascendance of cybersecurity on board agendas in recent years[56] highlights the fact that the pace of change has accelerated dramatically in the business world.[57] The reasons for this acceleration are numerous and defy simple explanation. But most would agree that the phenomenon is fueled, at least in part, by three overarching trends. They include the increasingly rapid emergence of novel and disruptive technologies, the intensifying nature of globalization, and the relentless pressure on firms to innovate.[58] These phenomena present boards with an ever changing—and ever more challenging—business environment.

In an era of such aggressive technological and economic transformation, boards that hope to remain effective will need to do more than merely react to events as they unfold. Instead, prudent and responsible boards will need to work to foresee the challenges and opportunities that lie ahead, and apply their expertise to help their companies navigate them.[59] In these circumstances, boards may need to strive for a deeper level of insight, broader subject matter expertise, and, perhaps most importantly, more agile strategic thinking.[60] Furthermore, some experts believe that there is a growing need for boards to bring fresh viewpoints to the table, and to be willing to challenge the status quo in the pursuit of constructive change.[61] This school of thought believes that boards must take the initiative by engaging in long-term strategic planning ahead of management, and must be willing to be catalysts for change when their company’s best interests demand it.[62]

How can boards ensure that they possess the necessary expertise and acumen to keep pace with a constantly shifting business landscape? This is certainly no easy task. Ultimately, the question centers on whether the board is composed of individuals who possess the appropriate skills, experience, and judgment to govern effectively. To ensure that this is the case, some experts have focused on the issue of director tenure, and have suggested term limits for directors as one approach to help boards periodically reassess whether their members’ collective skills and expertise remain aligned with the company’s needs.[63]

Proponents of this view claim that term limits would yield numerous benefits, including allowing boards to regularly recruit new members who possess the perspectives, skills, and experiences the company needs to achieve its goals in a changing world.[64] Proponents of term limits also assert that they could help counter the perception that longer-tenured directors may become ineffectual over time—because, for example, their business experience grows stale, or their passion and interest in the company begins to wane.[65] Another concern is that longer-tenured directors could become too deferential to management as personal relationships deepen during the years, which could potentially compromise the directors’ independence.[66]

Needless to say, there are those who disagree.[67] Opponents of term limits decry them as a blunderbuss approach, one that can deprive companies of directors who possess valuable and, oftentimes, irreplaceable knowledge.[68] Opponents of term limits also contest the notion that longer-serving directors may lose their ability to be truly independent. Instead they believe that such directors can actually be more independent, because their extensive experience and deep knowledge of the company place them in a better position to challenge management.[69]

Further complicating matters, however, is the conflicting empirical evidence as to whether director tenure meaningfully affects company performance and shareholder value. Some studies have concluded that companies with higher rates of director turnover provide their shareholders with superior returns.[70] And one 2013 study concluded that company performance generally begins to falter once a board’s tenure surpasses nine years.[71]

Yet, other studies appear to contradict these findings. For example, one study of global companies found that companies with entrenched boards—especially family-dominated companies—have significantly outperformed their peers over the past five years.[72] Another study dispelled the notion that longer-serving directors tend to become disengaged. According to this study, longer-tenured directors are more likely to attend board meetings and serve on board committees than newer directors. Notably, this study also found that companies with a higher proportion of longer-serving directors were less likely to engage in accounting fraud, engaged in more lucrative corporate acquisitions, paid their CEOs less, and were more likely to replace CEOs for poor performance.[73]

While the merits of term limits remain unclear, what is certain is that boards face growing pressure to address the issue in a meaningful way. A variety of stakeholders, ranging from institutional investors to proxy advisory firms and shareholder “activists,” have coalesced around the view that longer-tenured directors can be problematic.[74] Asset managers and proxy advisory firms alike have issued guidelines that may assign lower ratings to firms that have a significant number of longer-tenured outside directors.[75] And, as you may know, the issue of board tenure figured prominently in the 2015 proxy season.[76]

Ensuring that a board continues to possess the optimal mix of skills and experience to govern effectively implicates a range of issues. Accordingly, a mechanistic approach that focuses solely on director tenure may not be the best method. Instead, it may be more useful to view board effectiveness through a broader lens, one that takes into account all aspects of a board’s capacity to oversee the company.[77] The cornerstone of this approach is a periodic review of the board’s performance, one that encompasses the board’s composition, leadership, interpersonal dynamics, governance policies, and strategic vision, among other topics.[78]

Many boards appear to have recognized this. In fact, nearly all the boards of S&P 500 companies have established a framework for regularly evaluating their performance as a group.[79] Yet, only about a third of S&P 500 companies currently evaluate the performance of individual directors,[80] despite the fact that investors increasingly view such evaluations as being essential.[81] Individual director assessments can be a valuable tool for identifying incipient gaps between board members’ skills, knowledge, and abilities, on the one hand, and the company’s evolving needs, on the other.[82] Moreover, many boards have not kept up with our nation’s changing demographics and are lacking the skills, talents, and perspectives that women and minorities can bring.[83] Periodic evaluations can make boards aware of these and other gaps, and allow them to be effectively addressed. For example, boards can recruit additional directors, rotate board committee memberships, and provide board members with needed educational opportunities, such as by having subject matter experts make presentations on key topics.[84]

In the end, boards have a fiduciary responsibility to ensure that they possess the necessary skills, experience, and judgment to be competent stewards of their companies. Meeting this high standard can be challenging and it requires boards to routinely undertake a rigorous and honest assessment of their own abilities and performance. Such assessments are rarely easy, and are sometimes painful, but they are essential if boards are to meet the implacable demands of today’s constantly evolving business environment.


As I conclude my remarks, I want to acknowledge again the significant challenges faced by corporate boards. While much is expected of you, I am confident that you are up to the task and to fulfilling your roles as custodians and fiduciaries of your shareowners’ assets. It’s something many of you have excelled at. America’s companies are among the most innovative and profitable in the world, and much of the credit for those successes rightly belongs to the efforts of directors and the effective use of corporate governance processes. There is much to be proud of—but, there is always room for improvement. Of course, that is why you are here at the Boardroom Summit and Peer Exchange. Learning about and focusing on more effective corporate governance processes is one sure way of making things better.

Thank you for having me here today.


[1] See, e.g., Nick Mathiason, Three weeks that changed the world, The Guardian (Dec. 27, 2008), available at (“Not since 1929 has the financial community witnessed 12 months like it. Lehman Brothers went bankrupt. Merrill Lynch, AIG, Freddie Mac, Fannie Mae, HBOS, Royal Bank of Scotland, Bradford & Bingley, Fortis, Hypo and Alliance & Leicester all came within a whisker of doing so and had to be rescued.”).

[2] Senior Supervisors Group, Risk Management Lessons from the Global Banking Crisis of 2008, 7 (Oct. 21, 2009), available at

[3] See, e.g., Nick Mathiason, Three weeks that changed the world , The Guardian (Dec. 27, 2008), available at

[4] Indeed, in early 2009, there were reports that the White House and the U.S. Department of Treasury were considering a plan that would reduce the SEC’s authority to protect investors, and transfer this authority to a new federal “super cop.” Chair Mary Jo White, The Importance of Independence (Oct. 3, 2013), available at; Jill E. Fisch, Top Cop or Regulatory Flop? The SEC at 75, 95 Va. L. Rev. 785, 786-789 (June 2009), available at; Marcy Gordon, Obama’s financial watchdog plan faces big hurdles, Real Clear Markets (May 20, 2009), available at (last visited Oct. 5, 2015).

[5] Dodd-Frank Wall Street Reform and Consumer Protection Act (the “Dodd-Frank Act”), Pub. L. 111-203, § 410 (2010).

[6] These internal restructurings included a reorganization of the Enforcement Division, which created specialized teams of lawyers and market experts to focus in the areas of Asset Management, Market Abuse, Complex Financial Instruments, Foreign Corrupt Practices, and Municipal Securities and Public Pensions. See SEC Press Release No. 2010-5, SEC Names New Specialized Unit Chiefs and Head of New Office of Market Intelligence (Jan. 13, 2010), available at In addition, the Office of Market Intelligence was created to better manage and assess tips, complaints, and referrals. See id. Furthermore, the Commission created a new division to focus on economic analysis and risk assessment, known as the Division of Economic and Risk Analysis, or “DERA,” to support the SEC’s rulemakings, and to assist with our examination and enforcement programs. See SEC Press Release No. 2009-199, SEC Announces New Division of Risk, Strategy, and Financial Innovation (Sept. 16, 2009), available at; SEC Press Release No. 2013-104, SEC Renames Division Focusing On Economic and Risk Analysis (June 6, 2013), available at In addition, the Commission revamped our inspection and examination program. See SEC Website, The Securities and Exchange Commission Post-Madoff Reforms, available at

[7] For example, shortly before passage of the Dodd-Frank Act, the Commission adopted amendments to rules governing money market funds designed to strengthen the entire money market fund framework, including making such funds more resilient in the face of credit, liquidity, and interest rate risk (Money Market Fund Reform, SEC Release No. IC-29132 (Feb. 23, 2010), available at In addition, the Commission adopted rules enhancing the custody practices of investment advisers (Custody of Funds or Securities of Clients by Investment Advisers, SEC Release No. IA-2968 (Dec. 30, 2009), available at, and significantly amended the rules governing nationally recognized statistical rating organizations (Amendments to Rules for Nationally Recognized Statistical Rating Organizations, SEC Release No. 34-59342 (Feb. 2, 2009), available at; and Amendments to Rules for Nationally Recognized Statistical Rating Organizations, SEC Release No. 34-61050 (Nov. 23, 2009), available at Since the passage of the Dodd-Frank Act, the Commission has adopted or substantially amended a number of transformative rules. These include, just to name a few, adopted rules to increase transparency in the disclosures for the asset-backed securities markets that contributed to the 2008 market turmoil (Credit Risk Retention, SEC Release No. 34-73407 (Oct. 22, 2014), available at; Asset-Backed Securities Disclosure and Registration, SEC Release No. 33-9638 (Sept. 4, 2014), available at; and adopted final rules to designed to strengthen the technology infrastructure of the U.S. securities markets (Regulation Systems Compliance and Integrity, SEC Release No. 34-73639 (Nov. 19, 2014), available at In addition, the Commission adopted or substantially amended a number of other significant regulatory and disclosure rules—including, for example, final rules regarding the application of Title VII definitions of security-based swap dealer and major security-based swap participants in the cross-border context (Application of “Security-Based Swap Dealer” and “Major Security-Based Swap Participant” Definitions to Cross-Border Security-Based Swap Activities, SEC Release No. 34-72472 (June 25, 2014), available at; final rules implementing a statutory mandate that prohibits any banking entity from engaging in proprietary trading or from acquiring or retaining an ownership interest in, sponsoring, or having certain relationships with a hedge fund or private equity fund, subject to certain exemptions (Prohibitions and Restrictions on Proprietary Trading and Certain Interests In, and Relationships With, Hedge Funds and Private Equity Funds, SEC Release No. BHCA-1 (Dec. 10, 2013), available at The SEC has also passed amendments to the rules governing money market mutual funds (Money Market Fund Reform; Amendments to Form PF, SEC Release No. 33-9616 (July 23, 2014), available at; rule amendments to strengthen the custody practices of broker-dealers (Broker-Dealer Reports, SEC Release No. 34-70073 (July 30, 2013), available at; rules to prohibit pay-to-play activity in the investment advisory industry (Political Contributions by Certain Investment Advisers, SEC Release No. IA-3043 (July 1, 2010), available at; and rules to enhance municipal securities disclosure (Amendment to Municipal Securities Disclosure, SEC Release No. 34-62184A (May 26, 2010), available at

[8] See Micah Green, Scott Sinder, and Matthew Kulkin, Five Takeaways From the First Half Decade of Wall Street Reform, Bloomberg BNA (Aug. 3, 2015), available at

[9] See id.

[10] For example, between the Dodd-Frank Act and the JOBS Act (Jumpstart Our Business Startups Act, Pub. L. 112-106 (H.R. 3606) (2012)), Congress placed a rulemaking yoke across the Commission staff’s back; by one estimate, these statutes together require the Commission to adopt nearly 100 separate rulemakings. See Dodd-Frank Progress Report, Davis Polk & Wardwell LLP, available at At the same time, the Commission must continue its ongoing responsibilities as the capital markets’ primary regulator, overseeing mutual funds and exchange-traded funds, broker-dealers, transfer agents, private fund advisers, municipal advisors, securities exchanges, as well as self-regulatory organizations. The SEC also has responsibility for reviewing the disclosures and financial statements of thousands of reporting companies, and has new and expanded responsibilities over the derivatives markets. At the same time, the securities markets have increased exponentially in size, complexity, and volatility. Yet, Congress is currently suggesting that the Commission be funded with the same amount—$1.5 billion—as its fiscal year 2015 level. Senate Committee Agrees to FY2016 Financial Services Appropriations Bill (Majority) (July 23, 2015), available at This concerns me, as the agency’s vital mission is clearly more important now than ever. As I have said on numerous occasions, one of the most significant challenges is to ensure that the SEC has the resources necessary to fulfill its responsibilities to carry out its mission to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation. It is critical that we ensure that the Commission receives the funding that it needs to fulfill its mission and to keep pace with the rapidly expanding and accelerating innovations of the marketplace.

[11] As one example, just last month the Commission announced a new rulemaking website that was created at my request. See Chair Mary Jo White, Announcement of New Rulemaking Database (Sept. 24, 2015), available at; see Commissioner Luis A. Aguilar, Statement on New Rulemaking Website (Sept. 24, 2015), available at This new website will enhance transparency internally at the Commission and to the public about the status and progress of the Commission’s rulemaking agenda.

[12] See TIAA-CREF Policy Statement on Corporate Governance—6th Edition, available at; see Jay W. Eisenhofer, Does Corporate Governance Matter to Investment Returns? Grant & Eisenhofer P.A. (2010), available at

[13] See Commissioner Luis A. Aguilar, Looking at Corporate Governance from the Investor’s Perspective (Apr. 21, 2014), available at

[14] See Commissioner Luis A. Aguilar, Boards of Directors, Corporate Governance and Cyber-Risks: Sharpening the Focus (June 10, 2014), available at; Commissioner Luis A. Aguilar, Looking at Corporate Governance from the Investor’s Perspective (Apr. 21, 2014), available at

[15] See Commissioner Luis A. Aguilar, Making Investors a Priority in Regulatory Reform (Apr. 17, 2009), available at

[16] See, e.g., Kevin LaCroix, Target Directors and Officers Hit with Derivative Suits Based on Data Breach, The D&O Diary (Feb. 3, 2014), available at

[17] See, e.g., Judy Greenwald, Multimillion-dollar shareholder derivative settlements drive litigation boom, Business Insurance (Feb. 1, 2015), available at (noting that “Experts say derivative actions are a growing problem for companies, driven in part by a plaintiffs bar seeking revenue as a shrinking number of publicly traded companies leads to fewer securities class actions.”);

Kevin LaCroix, Target Directors and Officers Hit with Derivative Suits Based on Data Breach, The D&O Diary (Feb. 3, 2014), available at (describing a shareholder derivative suit filed against Target Corporation directors as a result of its data breach of customer’s records).

[18] See, e.g., In the Matter of Donald W. Prosser, CPA, Exchange Act Release No. 75855 (Sept. 8, 2015), available at (in a case involving a series of accounting and disclosure violations, including the failure to properly report perks provided to executives as compensation, charging also the former audit committee chair for allegedly causing reporting and proxy violations because he stepped outside of his normal role as audit committee chair to personally, and negligently, review and approve the perks to company executives and then wrongly overruled an independent consultant hired by the company to advise on such perks; he then signed public filings that understated the actual amount of the executive perks); SEC Press Release No. 2014-47, SEC Charges Animal Feed Company and Top Executives in China and U.S. With Accounting Fraud (Mar. 11, 2014), available at (in a matter involving a massive accounting fraud by the company and top executives, also charging an outside director with “scheming to avoid or delay disclosure of the accounting fraud once [he] learned about it in 2011 while engaged in efforts to raise capital for expansion and acquisitions.”); SEC v. Jerome Krantz, Cary Chasin, and Gary Nadelman (DHB Industries), Litigation Release No. 21867 (Feb. 28, 2011), available at (charging fraud against DHB Industries, Inc.’s former outside directors and audit committee members Krantz, Chasin, and Nadelman for allegedly facilitating the company’s accounting fraud by willfully ignoring and failing to take action with respect to numerous significant red flags signaling widespread accounting fraud and misappropriation by company senior officers); SEC v. Vasant H. Raval, Litigation Release No. 21451 (Mar. 15, 2010), available at (charging former chairman of the audit committee of InfoUSA Inc., Vasant Raval, with fraud for allegedly failing to take action in the face of numerous “red flags” concerning the company’s former CEO and Chairman’s use of corporate funds for personal expenses and related party transactions with entities controlled by the former CEO and Chairman. In particular, the SEC alleged that two company internal auditors raised concerns with Raval about these issues, yet he failed to take meaningful action, and he omitted critical facts in a report to the Board about the CEO’s expenses.).

On occasion, the SEC has brought actions involving what some would characterize as technical violations. These would include, for example, the Commission’s 2014 sweep of Form 4 reporting violation actions brought under Section 16(a) of the Securities Exchange Act of 1934 against seven corporate directors (three of whom were CEO and Chairmen of the Board) and announced on September 10, 2014 as part of a broader sweep of such violations. See SEC Press Release No. 2014-190, SEC Announces Charges Against Corporate Insiders for Violating Laws Requiring Prompt Reporting of Transactions and Holdings (Sept. 10, 2014), available at In addition, the SEC has brought other actions against corporate directors who clearly breached their fiduciary duties and therefore engaged in misconduct outside the scope of their official actions, such as with insider trading matters. See, e.g., In the Matter of Rajat K. Gupta, Exchange Act Release Nos. 63995 (Mar. 1, 2011), available at (concerning insider trading by Rajat K. Gupta, who was alleged to have disclosed material nonpublic information that he obtained in the course of his duties as a member of the Boards of Directors of The Goldman Sachs Group, Inc. and The Procter & Gamble Company to Raj Rajaratnam, the founder and a Managing General Partner of the hedge fund investment adviser Galleon Management, LP).

[19] I have spoken about the importance of shareholder engagement on prior occasions. See, e.g., Commissioner Luis A. Aguilar, Looking at Corporate Governance from the Investor’s Perspective (Apr. 21, 2014), available at

[20] See James Kim and Jason D. Schloetzer, Global Trends in Board-Shareholder Engagement, The Conference Board (October 2013), available at

[21] See, e.g., Framework and Tools for Improving Board-Shareowner Communications: The Report of the Council of Institutional Investors—National Association of Corporate Directors Task Force on Improving Board—Shareowner Communications, published by The National Association of Corporate Directors® in partnership with The Council of Institutional Investors (2004), available at See also, e.g., letters of William C. Thompson, Jr., Comptroller of the City of New York (Sep. 15, 2003), Jerry Gabert, UUA Vice President of Finance and Treasurer, Advisor to the UUA Committee on Socially Responsible Investing, Unitarian Universalist Association (Sep. 15, 2003), SEC File No. S7-14-03. Cf., letter of Cary Klafter, Vice President, Legal and Government Affairs, Director, Corporate Affairs and Corporate Secretary, Intel Corporation (Sep. 15, 2003), SEC File No. S7-14-03. (SEC comment letters in File No. S7-14-03 are available at

[22] See James Kim and Jason D. Schloetzer, Global Trends in Board-Shareholder Engagement, The Conference Board (October 2013), available at; Framework and Tools for Improving Board-Shareowner Communications, The Report of the Council of Institutional Investors—National Association of Corporate Directors Task Force on Improving Board—Shareowner Communications, published by The National Association of Corporate Directors® in partnership with The Council of Institutional Investors (2004), available at

[23] Indeed, increased shareholder communication can have an impact on some of the most pressing issues in corporate governance today—such as how companies respond to shareholder “activism.” Shareholder “activism,” viewed broadly, can take many forms—and can range from hedge funds that propose director candidates or strategic corporate decisions, to individual shareholders who wish to express their views on various corporate governance topics. See Shareholder activism: Who, what, when, and how? (March 2015), PricewaterhouseCoopers LLP, available at Regardless of the form, increased communications with investors can lead to a greater level of trust between the company and its shareholders, particularly its long-term shareholders. See Director dialogue with shareholders—what you need to consider, PricewaterhouseCoopers LLP and Weil Gotshal & Manges LLP (2013), available at In fact, the various tactics of so-called shareholder “activists” have elevated the discussion of the critical role that shareholders can play in a company’s corporate governance, and how proactive companies can best forge relationships to alleviate the concerns raised by these investors. See, e.g., Martin Lipton, Steven A. Rosenblum, and Karessa L. Cain Some Thoughts for Boards of Directors in 2015, Wachtell, Lipton, Rosen & Katz (Dec. 2, 2014), available at (noting that “[d]irectors should develop an understanding of shareholder perspectives on the company and foster long-term relationships with shareholders….”); Considerations for Public Company Directors in the 2015 Proxy Season and Beyond, Gibson, Dunn & Crutcher (Feb. 6, 2015), available at (noting that “[s]hareholder engagement also is an important component of preparation” for dealing with shareholder “activists.”).

[24] See Matt Orsagh, Shareholder Engagement: Bridging the Divide Between Boards and Investors (March 26, 2014), CFA Institute, available at While there may not be any single reason for the increase in shareholder engagement, many observers point to the advent of shareholder “say on pay” advisory votes, as mandated by the Dodd-Frank Act, which provide investors with a forum to express their concerns regarding executive compensation and other governance issues. See, e.g., Gretchen Morgenson, Not Walking the Walk on Board Diversity, The New York Times (May 31, 2014), available at; Shareholder Engagement: A New Era in Corporate Governance, Deloitte Insights, Risk & Compliance Journal (Oct. 1, 2013), available at; see also 2013 Annual Corporate Governance Review, Georgeson, available at (calling the 2013 proxy season the “Era of Engagement.”). For example, some have also cited to the influence of proxy advisory firms, which could result in certain institutional investors voting in the same way on certain issues. See Director dialogue with shareholders—what you need to consider, PricewaterhouseCoopers LLP and Weil, Gotshal & Manges LLP (2013), available at (“Plus, many institutional investors use the same two proxy advisory firms, so if they follow those firms’ voting recommendations, they may end up voting largely the same way.”); Marc Goldstein, Defining Engagement: An Update on the Evolving Relationship Between Shareholders, Directors and Executives, Institutional Shareholder Services study for the Investor Responsibility Research Center Institute (April 10, 2014), available at

(“It is safe to say that the advent of say-on-pay in the United States has been a major driver of increased engagement.”).

While most companies typically receive favorable votes, if a “say on pay” vote did not achieve desired results there would no doubt be extra motivation to engage with shareholders to find out why. See, e.g., Steven Hall & Partners, Short Takes, available at (Of 3,100 companies that held say-on-pay votes in 2013, as of mid-November of that year, only 69 of these companies had failed to obtain approval.). For example, in 2013, after receiving only 22% support for its “say on pay” proposal, McKesson Corporation affirmatively set out to increase its dialogue with its largest shareholders and as a result made changes to its executive compensation arrangements. See Amanda Gerut, How Engagement Helped McKesson Achieve Say-on-Pay Approval, Rountree Group (June 4, 2015), available at

Others suggest that the trend towards more shareholder engagement is reflective of the fact that share ownership has become more highly concentrated in the hands of institutional investors, which provides these large investors with more leverage and influence on those companies whose shares they own. See Director dialogue with shareholders—what you need to consider, PricewaterhouseCoopers LLP and Weil, Gotshal & Manges LLP (2013), available at For example, in early 2014, Apple Computer avoided a shareholder vote on the diversity of its board of directors and revised its board committee charter to prioritize female and minority board hires after engaging with two of its largest shareholders on the issue. See Laurie Havelock, Investor pressure prompts Apple board diversification, IR Magazine (Jan. 8, 2014), available at Just this last February, Vanguard’s Bill McNabb issued a clarion call on engagement when he sent an open letter to the boards of directors of its largest portfolio holdings specifying principles of good corporate governance, including that effective shareholder engagement is compelling “for both shareholders and boards.” See Letter sent by F. William McNabb III, Vanguard’s Chairman and CEO (Feb. 27, 2015), available at

[25] See Marc Goldstein, Defining Engagement: An Update on the Evolving Relationship Between Shareholders, Directors and Executives, Institutional Shareholder Services study for the Investor Responsibility Research Center Institute (April 10, 2014), available at Conversely, only 22% of issuers reported that they had not initiated any engagements in the prior year, as compared to 27% in the prior 2010 survey. See id.

[26] See Introducing the Investor Forum, available at!history/c22bc.

[27] See Board-Shareholder Communications (Dec. 19, 2013), Global Network of Director Institutes, available at (noting that some of these “best practices” include, among other things, regular dialogue between company leaders and significant investors, opening a channel of communication between shareholders and the board, and remaining open to face-to-face meetings).

[28] See James Woolery, Introduction to the SDX Protocol (Feb. 5, 2014), available at

[29] See Jena McGregor, More companies are going virtual for their annual shareholder meetings, The Washington Post (Mar. 17, 2015), available at (describing that instead of hosting the meeting in a hotel ballroom or conference center, shareholders participated in the meeting by logging in remotely online). Such meetings can lead to efficiencies for companies and increased virtual participation by shareholders, provided that companies ensure that policies and procedures are adopted to ensure the same level of transparency with investors had the investors attended a meeting in person. See Donald Ainscow and Harva Dockery, Top Ten Things To Remember When Considering Virtual Shareholder Meetings (Dec. 23, 2014), available at (noting that in 2012, a group of institutional investors, governance groups, and Broadridge Financial Solutions, issued a white paper entitled “Guidelines for Protecting and Enhancing Online Shareholder Participation in Annual Meetings,” which recommends a set of best practices for companies conducting virtual-only and hybrid shareholder meetings, including adoption of principles for online participation and practical safeguards, which are generally intended to ensure virtual shareholder meetings are accessible, increase shareholder participation and engagement, and protect the interests of shareholders.).

[30] An article earlier this year indicated that, whereas, in 2011, 21 companies held virtual meetings using a leading provider of such services, in 2014, 53 held such meetings using the service; and, thus far this year, over 80 companies of various sizes have held such meetings. See Jena McGregor, More companies are going virtual for their annual shareholder meetings, The Washington Post (Mar. 17, 2015), available at Statistical information for 2015 is from discussion between counsel to Commissioner Luis A. Aguilar and representative of Broadridge Financial Services on September 17, 2015.

[31] During the 2015 proxy season, for example, Advanced Micro Devices, Inc. held a so-called “hybrid” shareholder meeting, with shareholders choosing whether to attend the annual meeting in person in New York or participate online in a virtual shareholder meeting. See AMD to Host Hybrid Meeting (Mar. 30, 2015), available at

[32] For example, the Council of Institutional Investors (“CII”) specifically recommended against the use of online-only meetings, and instead advocated for the use of “hybrid” meetings where companies are considering the use of virtual meetings. Specifically, the CII stated the following: “Companies should hold shareowner meetings by remote communication (so-called “virtual” meetings) only as a supplement to traditional in-person shareowner meetings, not as a substitute. Companies incorporating virtual technology into their shareowner meeting should use it as a tool for broadening, not limiting, shareowner meeting participation. With this objective in mind, a virtual option, if used, should facilitate the opportunity for remote attendees to participate in the meeting to the same degree as in-person attendees.” See Guidelines for Protecting and Enhancing Online Shareholder Participation in Annual Meetings, 5 (June 2012), available at

[33] See Board Perspectives: Risk Oversight—The Most Important Risks for 2015, Protiviti (2015), available at (“Senior executives and directors are realizing there isn’t an organization on the planet immune to being tested by a crisis.”).

[34] Some estimates are that Hurricane Katrina directly resulted in 1,836 lives lost, over one million people displaced from their homes, and over $150 billion in economic damage, while the damage caused by Hurricane Sandy, which hit the New Jersey and New York coasts in 2012, amounted to $65 billion in economic damage. See Reuters, Hurricane Katrine: Costliest natural disaster in U.S. history in numbers (Aug. 28, 2015), available at Other estimates are that Hurricane Katrina resulted in $67.8 billion in insured losses on homes, businesses, and cars, as measured in 2012 dollars. See Costliest U.S. Natural Disasters, The Wall Street Journal (May 30, 2014), available at By this estimate, Hurricane Sandy is said to have caused $26.4 billion in insured losses to homes, businesses and cars. See id. Hurricane Ike, which hit Galveston, Texas, in 2008 is estimated to have caused $16.2 billion in insured losses to homes, businesses and cars. See id.

[35] Some events are too infrequent to predict. See, e.g., Doyle Rice, S.C. flood is 6th 1,000-year rain since 2010, USA Today (Oct. 6, 2015), available at (“[a] ‘1-in1,000 year event” means that there’s a 1 in 1,000 (or 0.1% chance) of it happening in any given year in a given location . . . In addition to this weekend’s floods in South Carolina . . . the other 1-in-1,000-year rain events include the Tennessee floods in May 2011, the Mid-Atlantic, Northeast and New England drenching during Hurricane Irene in 2011, the Colorado floods in 2013, the deluge in Baltimore in August 2014, and the flooding earlier this year in Nebraska.”).

[36] See BDO Board Reflections—April 2015, BDO United States (Apr. 2015), available at (“Boards should be prepared to articulate what they have done to prepare for low probability, but high impact events such as natural disasters.”); See Catherine Bromilow, Putting resilience on the board agenda, PricewaterhouseCoopers (2013), available at (noting that with the spectre of natural disasters among other risks that can turn into crises, “[b]oards should periodically discuss the appropriateness of the company’s crisis response plans.”); Edward M. McNally, Are Directors Vulnerable for Lack of Oversight When a Natural Disaster Strikes?, Morris James Delaware (Apr. 6, 2011), available at (Pointing out that for boards of directors, “[n]ot every potential disaster needs to be planned for, just those that are actual threats.”).

[37] In fact, three years ago this month Hurricane Sandy struck the New Jersey coast; as a result, the commercial trucking industry was stalled for a week and incurred losses estimated at $140 million per day, and Atlantic City casinos that were forced to close lost an estimated $5 million per day in revenue. See Economic Impact of Hurricane Sandy, U.S. Department of Commerce, Economics and Statistics Administration (September 2013), available at And it’s not just companies’ own vulnerabilities that subject them to risk, but also the potential impact of disruptions to third-party venders and suppliers that companies rely upon to conduct their daily business. In one 2014 survey, four out of five respondents said they had experienced at least one instance of supply chain disruption in the past 12 months. See Jonathan W. Hall, Why Be Vulnerable?, Treasury and Risk (Apr. 15, 2015), available at And these disruptions can impact a company’s bottom line. A 2013 study found that on average, disruptions to a company’s supply chain can reduce shareholder value by 7%, and can affect stock prices even before formal announcements or coverage of impacts. Building Resilience in Supply Chains, World Economic Forum (January 2013), available at

[38] In January of 2014, for example, trade unionists held two executives hostage at the Goodyear Tire plant in Northern France in order to demand higher severance pay for planned layoffs. See Nicholas Vinocur, ‘Boss-napping’ returns in France as unionists lock up Goodyear executives, Reuters (Jan. 7, 2014), available at Furthermore, this past summer, Toshiba Corporation’s president and his two predecessors resigned after investigators determined that the Japanese company inflated earnings by more than $1.2 billion since the 2008 financial crisis. See Pavel Alpeyev and Takashi Amano, Toshiba Executives Resign Over $1.2 Billion Accounting Scandal, Bloomberg Business (July 21, 2015), available at In addition, just last month, Volkswagen AG announced it would take a roughly $7.27 billion charge against earnings as a result of its efforts to circumvent global emissions limits. See William Boston, Mike Spector, and Amy Harder, Volkswagen Scandal Pressures CEO, The Wall Street Journal (Sept. 23, 2015), available at

[39] See, e.g., Frances Beinecke, Foul waters, hard lessons from BP oil spill, CNN (Jan. 13, 2011), available at (“[w]e on the commission found that this disaster was both foreseeable and avoidable. The industry failed to manage the risk of an inherently dangerous operation. Our government failed to adequately protect us from those risks. And the people we rely on to enforce our protections lacked the resources they needed to do the job.”).

[40] See, e.g., Joseph White, Jonathan Stempel, and Nate Raymond, Recall settlement frees GM CEO to confront new challenges, Reuters (Sept. 17, 2015), available at (“GM disclosed in February 2014 that it failed to tell regulators what it knew about defective ignition switches that could cause vehicles to stall, and cut power to the air bags.”); Hans Greimel, Toyota recalls more than 6 million vehicles, Automotive News (Apr. 9, 2014), available at (“Toyota’s recalls today took place after the company agreed last month to pay a penalty of $1.2 billion to the U.S. government for misleading consumers and concealing facts about unintended acceleration in his vehicles”).

[41] See Laura Landro, Foodborne Illness Risk Lives On, The Wall Street Journal (July 6, 2015), available at (“[p]ublic health officials say the outbreaks are largely because of safety gaps in the way food is processed, manufactured and packaged, as microbes, such as listeria and salmonella, contaminate more foods.”); Lydia Zurawi, Update: Six Vermont E. Coli Cases Being Linked to Undercooked Ground Beef, Food Safety News (Sept. 30, 2015), available at (“state health inspectors . . . believe that the undercooked hamburgers were the course of the contamination.”).

[42] See, e.g., Julie Hirschfeld Davis, Hacking of Government Computers Exposed 21.5 Million People, New York Times (July 9, 2015), available at

[43] See William B. Asher, Jr., Michael T. Gass, Erik Skramstad, and Michele Edwards, The Role of Board of Directors in Risk Oversight in a Post-Crisis Economy, Bloomberg Law Reports-Corporate Law Vol. 4, No. 13, available at,%20Gass%20-The%20Role%20of%20Board%20of%20Directors%20in%20Risk%20Oversight%20in%20a%20Post-Crisis%20Economy.pdf (“We know today, however, that risk management has indeed forced its way into the boardroom and that there has been a substantial change in the relationship between the overseers of public companies and their shareholders.”); see Martin Lipton, Steven A. Rosenblum, and Karessa L. Cain, Some Thoughts for Boards of Directors in 2015 (Dec. 2, 2014), available at (“In boardrooms, directors have been reviewing not only the company’s policies and structures for managing this risk, but also the effectiveness of the board’s oversight in this area.”).

[44] See Martin Lipton, Steven A. Rosenblum, and Karessa L. Cain, Some Thoughts for Boards of Directors in 2015 (Dec. 2, 2014), available at (“In addition, the risk management paradigm has evolved from being primarily a business and operational responsibility of management, to being characterized also as a governance issue that is squarely within the purview of the board’s oversight role.”).

[45] Proxy Disclosure Enhancements, SEC Release No. 33-9089 (Dec. 16, 2009), available at Moreover, the Commission suggested that companies describe “how the board administers its risk oversight function, such as through the whole board, or through a separate risk committee or the audit committee.” See id.

[46] See Barry B. Burr, CalPERS, NYC Retirement Systems oppose Duke Energy directors in coal-ash spill aftermath, Pension & Investments (Apr. 15, 2014), available at

[47] See Susanne Craig and Jessica Silver-Greenberg, A Call for New Blood on the JPMorgan Board, DealB%k, The New York Times (May 5, 2013), available at

[48] See Commissioner Luis A. Aguilar, Boards of Directors, Corporate Governance and Cyber-Risks: Sharpening the Focus (June 10, 2014), available at; see also, Commissioner Luis A. Aguilar, A Threefold Cord — Working Together to Meet the Pervasive Challenge of Cyber-Crime, available at

[49] For example, late last year it was Sony Pictures Entertainment having its highly confidential company information stolen, its computers disabled, and its servers wiped. See Adi Ignatius, “They Burned the House Down”: An Interview with Michael Lynton, Harvard Business Review (July-August 2015), available at Earlier this year it was Anthem, one of the nation’s largest health insurers, announcing that the personal information of tens of millions of its customers and employees were compromised by a sophisticated cyberattack. See Reed Abelson and Matthew Goldstein, Millions of Anthem Customers Targeted in Cyberattack, The New York Times (Feb. 5, 2015), available at

See also, Robert Ackerman, Destructive Cyber Attacks Increase in Frequency, Sophistication, AFCEA (July 1, 2015), available at (noting that “[n]ew capabilities have stocked the arsenals of cybermarauders, who now are displaying a greater variety of motives and desired effects as they target governments, power plants, financial services and other vulnerable sites.”); Kyle Balluck, DARPA: Cyberattacks against US military ‘dramatically increasing,’ The Hill (Feb. 8, 2015), available at (“The head of the Defense Advanced Research Projects Agency’s software innovation division said in an interview broadcast Sunday night that cyberattacks against the U.S. military are increasing in frequency and sophistication.”); Greg MacSweeney, Increasing Cyberthreats Pose Massive Challenge for Financial Firms, WallStreet & Technology (Jan. 8, 2015), available at (noting that “[t]he frequency and intensity of cyber attacks on financial institutions has increased exponentially in the past 12 months.”) And as we have also witnessed this year, the federal government is not immune to massive security breaches that result from cyber-attacks. See, Cybersecurity Resource Center, Cybersecurity Incidents, available at (last visited September 3, 2015); see also David Perera, 21.5 million exposed in second hack of federal office, (July 9, 2015), available at; Jim Miklaszewski, Pentagon Email System Is Back Online After Cyberattack, NBC News (Aug. 10, 2015), available at

[50] See Considerations for Public Company Directors in the 2015 Proxy Season and Beyond, Gibson Dunn (Feb. 6, 2015), available at (noting shareholder derivative suits against the boards of directors at Target Corporation and Wyndham Worldwide Corporation for data breaches at those companies, and noting that such suits following a cyber-attack have “become common.”).

[51] See Federal Trade Commission v. Wyndham Worldwide Corp., et al., No. 14-3514, 2015 WL 4998121 (3d Cir. Aug. 24, 2015) (holding that the FTC can use its authority under § 5(a) of the Federal Trade Commission Act, which empowers the FTC to prevent “persons, partnerships, or corporations . . . from using . . . unfair or deceptive acts or practices in or affecting commerce,” to bring claims against companies that fail to employ reasonable and appropriate cybersecurity measures for consumers’ sensitive personal information), available at See also Anu Passary, FTC Can Sue Companies With Weak Cybersecurity, Rules US Court Of Appeals, Tech Times (Aug. 26, 2015), available at For the original action by the Federal Trade Commission (FTC) against Wyndham Worldwide Corporation, see FTC Press Release, FTC Files Complaint Against Wyndham Hotels For Failure to Protect Consumers’ Personal Information (June 26, 2012), available at

[52] See SEC Press Release No. 2015-202, SEC Charges Investment Adviser With Failing to Adopt Proper Cybersecurity Policies and Procedures Prior To Breach (Sept. 22, 2015), available at

[53] See Fahmida Y. Rashid, NYSE Survey Examines Cybersecurity in the Boardroom, (May 28, 2015), available at

[54] See Global risk management survey, ninth edition, Deloitte Touche Tohmatsu Limited (May 13, 2015), available at

[55] See Catherine Bromilow, Putting resilience on the board agenda, PricewaterhouseCoopers (2013), available at (“Similarly, the public outcry following an environmental lapse, safety scare or other such scandal now stands alongside market shocks and natural disasters as one of the key crises that tests resilience. The advent of social media means that news spreads, and the impact of such crises can escalate far quicker than many companies’ ability to respond.”).

[56] Jody R. Westby, Governance of Cybersecurity: 2015 Report (Oct. 2, 2015), available at (finding that cybersecurity is now a boardroom-level issue for nearly two-thirds (63%) of the companies surveyed, a significant jump from 2012, when only 33% of boards were actively addressing computer and information security).

[57] Erik Brynjolfsson and Andrew McAfee, The Second Machine Age: Work, Progress, and Prosperity in a Time of Brilliant Technologies (2014) (asserting that technological change is accelerating faster than ever before, and that it is now more difficult than ever to manage this change).

[58] Spencer Stuart Board Index 2014, Spencer Stuart (Nov. 2014), available at

[59] Id., see also Patrick R. Dailey, Ph.D and Joel M. Koblentz, Refreshing Your Board of Directors, The Corporate Board (Nov./Dec. 2012), available at

[60] Patrick R. Dailey, Ph.D and Joel M. Koblentz, Refreshing Your Board Of Directors, The Corporate Board, 16 (Nov./Dec. 2012), available at

[61] Id.

[62] Id.

[63] See Considerations for Public Company Directors in the 2015 Proxy Season and Beyond, Gibson Dunn (Feb. 6, 2015), available at (noting that “[s]ome institutional investors have expressed concern that long-term board service may adversely impact director independence and engagement, and that it hinders greater boardroom diversity.”); William M. Libit and Todd E. Freier, Is 75 the New 68? Director Tenure, Mandatory Director Retirement and Related Issues, 29 InSights, 2 (Mar. 2015), available at

[64] William M. Libit and Todd E Freier, Is 75 the New 68? Director Tenure, Mandatory Director Retirement and Related Issues, 29 InSights, 4 (Mar. 2015), available at

[65] Id.

[66] Id.

[67] See, e.g., Robert Pozen and Theresa Hamacher, The trend towards board term limits is based on faulty logic, Financial Times (May 31, 2015), available at

[68] Steven Haas, A Closer Look at the Emerging Debate Over board Tenure, National Association of Corporate Directors (Mar. 2015), available at

[69] William M. Libit and Todd E Freier, Is 75 the New 68? Director Tenure, Mandatory Director Retirement and Related Issues, 29 InSights, 4 (Mar. 2015), available at

[70] George M. Anderson and David Chun, How Much board Turnover Is Best?, Harvard Business Review (Apr. 2014), available at (finding that, between 2003 and 2013, companies that replaced three or four directors over a three-year rolling period outperformed their peers); Greg Berberich and Flora Niu, Director Busyness, Director Tenure and the Likelihood of Encountering Corporate Governance Problems (Jan. 17, 2011), CAAA Annual Conference 2011, available at (finding a positive association between director tenure and the probability of a company experiencing governance problems, indicating that long board service has negative governance consequences and that “problem directors” had an average tenure of 10.4 years versus “non-problem directors” who averaged 8.5 years).

[71] Sterling Huang, Zombie Boards: Board Tenure and Firm Performance (July 29, 2013), available at (concluding that company value rises as the average tenure of outside board members increases to nine years, after which the effects of director entrenchment outweigh the knowledge of long-tenured directors; provided, however, the author acknowledged that such relationship varies across industries and firms and, accordingly, he did not advocate regulating director tenure by imposing a mandatory term limit).

[72] Ric Marshall, Entrenched Boards: Director Tenure and Performance (Apr. 2015), available at

[73] Ying Dou, Sidharth Sahgal, and Emma Jincheng Zhang, Should Independent Directors Have Term Limits? The Role of Experience in Corporate Governance, 4 Financial Management 583, 584-86 (Aug. 4, 2015), available at

[74] Joann S. Lublin, For Older Board Members, the Pressure to Move On, The Wall Street Journal (Dec. 23, 2014), available at

[75] See, e.g., Proxy Voting Guidelines for U.S. Securities, BlackRock (April 2014); Proxy Voting and Engagement

Guidelines—U.S., SSgA (March 2014).

[76] 2015 proxy season insights, Ernst & Young, available at In fact, one activist investor made a bid—which ultimately proved unsuccessful—to compel one major company to require that at least two-thirds of its directors have less than 15 years of tenure on the board. See Form 8-K for COSTCO Wholesale Corp. (Feb. 4, 2015), available at

[77] Patrick R. Dailey, Ph.D and Joel M. Koblentz, Refreshing Your Board Of Directors, The Corporate Board, 16 (Nov./Dec. 2012), available at

[78] Beyond Term Limits: Using Performance Management to Guide Board Renewal, Institute of Corporate Directors (Feb. 13, 2015), available at; Patrick R. Dailey, Ph.D and Joel M. Koblentz, Refreshing Your Board Of Directors, The Corporate Board, 16 (Nov./Dec. 2012), available at

[79] Spencer Stuart Board Index 2014, Spencer Stuart (Nov. 2014), available at; Beyond Term Limits: Using Performance Management to Guide board Renewal, Institute of Corporate Directors (Feb. 13, 2015), available at

[80] Spencer Stuart Board Index 2014, Spencer Stuart (Nov. 2014), available at

[81] 2015 Proxy Season Insights: spotlight on board composition, Ernst & Young (Mar. 2015), available at$FILE/EY-proxy-season-preview-2015-spotlight-on-board-composition.pdf.

[82] Patrick R. Dailey, Ph.D and Joel M. Koblentz, Refreshing Your Board Of Directors, The Corporate Board, 16 (Nov./Dec. 2012), available at

[83] For example, last year, women accounted for only 19% of the total number of directors of S&P 500 companies. Spencer Stuart Board Index 2014, Spencer Stuart (Nov. 2014), available at And, among the largest 200 of the S&P 500 companies, minorities accounted for only 15% of the total number of directors, with 9% of these being African-American, 5% being Latino, and only 2% being Asian. Id. In addition, a 2012 study on Fortune 100 boards of directors found that women and minorities remained substantially underrepresented in corporate boardrooms, and, combined, represented just over 30% of the 1,214 seats. Missing Pieces: Women and Minorities on Fortune 500 Boards 2012 Alliance for Board Diversity Census (Aug. 15, 2013), Alliance for Board Diversity, available at The same study found that women and minorities were also underrepresented in Fortune 500 boardrooms, with white males accounting for more than 73% of the 5,488 available board seats, and women collectively holding only 16.6% of those seats. See id. Another study found that while the number of women board members among S&P 100 companies had been trending upward, they still only represented 19.9% of board members in these companies in 2013. Gender Diversity Survey—2013 Proxy Season Results (Dec. 11, 2103), Fenwick and West LLP, available at

[84] Id.; see e.g., Jim McAlpin, Part I: Best Practices of Bank boards, (Sept. 30, 2013), available at (noting that for bank boards, best practices suggest that increased educational efforts at board meetings, in order such that “directors can become more effective in their recognition and understanding of the risks to be monitored, as well as the factors that most influence a bank’s strength and performance); Compensation Committee Best Practices, Fenwick & West LLP (providing a general description of education of a company’s compensation committee), available at

Return to Top