As the 2023 proxy season draws to a close, high profile activist hedge fund attacks on blue chip companies continue to dominate the headlines, and an in-depth look at the campaigns during the first season in the context of the SEC’s new Universal Proxy Rules reveals shifts in strategy and tactics that companies, activists and their advisers are carefully considering. As such, it’s no surprise that preparing for activism continues to be high on the priority list of many public company boards.
But as last year showed, a public attack by an activist is not the only form of corporate crisis. The current macroeconomic environment and depressed valuations have led bidders (strategic and financial sponsors) to make unsolicited and, in some cases, even openly hostile M&A approaches more regularly. Sophisticated short-attack hedge funds are getting bolder and expanding their targets to more mature global companies, with multiple campaigns resulting in major stock price reactions, government investigations and executive departures. ESG continues to be a priority, but companies now face growing tensions between pro-ESG and anti-ESG groups, with areas of vulnerability extending beyond shareholder proposals to litigation, to state law and possible state AG investigations and federal congressional investigations, as well as potentially significant business, reputational, and financial risks (for example, through boycotts or aggressive campaigning on social networks), all of which can be interdependent and even feed into each other. The liability landscape of directors (and officers) for Caremark (oversight) claims continues to evolve, with cases ranging from cyberattacks and allegations of employee sexual misconduct to more traditional areas of risk, including natural disasters, critical regulatory and enforcement compliance issues, and fraud. Boards of directors now also find themselves operating in an era of rapid and unprecedented regulatory change in critical areas, including antitrust and environmental policy – not to mention accelerating business and industry change via technological disruption ( including GenAI) that continue to disrupt and threaten business models. .
In our experience, the boards that respond most effectively to major corporate crises are those that approach crisis preparedness proactively and holistically rather than from a reactive posture focused on silos of individual risks. While there is no one-size-fits-all approach and every company (and every board) is different, it can be helpful to ask yourself the following questions to ensure the board is prepared.
- Does the board know what can happen? Does the board receive periodic briefings from relevant experts within the company (e.g., compliance, legal, cyber, government relations) about the company’s most likely vulnerabilities? Are outside advisors providing feedback to management and the board on industry-wide developments, company-specific threats, and relevant current issues (e.g., the impact of universal power of attorney on the company’s vulnerability to shareholder activism and the potential impact of relevant DOJ enforcement priorities)? Does the company monitor the shareholder base (including its list of registered shareholders) for suspicious activity and notify the board of critical investor comments? Does it monitor the company’s website for visits from activists, potential bidders and their respective advisers, as well as government agencies and regulators?
- Are there policies designed to protect directors (and officers) from possible Caremark claims? Is the board regularly briefed on business risks and is there a process for internal and external red flags (including those from whistleblowers) to be escalated to senior management and, ultimately, to the board of directors? Have policies and procedures been implemented to establish a record of the board’s good faith efforts to implement and monitor oversight systems and develop policies to escalate risks that are critical to the mission of the company?
- Does the company have processes in place to identify and address reputational risks associated with an increasingly polarized political and cultural climate? Does the company have viable processes for uncovering potentially significant reputational risks that could be associated with communications or marketing activities directed to the public? Has management reviewed with the board the company’s plans for dealing with external political or social developments and controversies that may not directly affect the core business of the company, but on which employees, customers or the general public pressure the company to take a stand?
- Is the long-term plan updated and adapted to the new economic landscape? Has management updated the company’s long-term plan and key assumptions for the current macroeconomic environment? Are assumptions and sensitivities discussed with management and clearly understood to maintain appropriate flexibility for the board in the event an unsolicited bidder or activist approaches?
- Does the company communicate its strategy and board expertise appropriately? Does the company have a plan to present the company’s long-term strategy to major shareholders and other key stakeholders? Are director biographies in the company’s proxy statement and on the investors’ website written to explain why and how each director’s background, skills and experience add unique value to the board, rather than just narratives of employment history and more general rationale? Does the board have an informed list of potential board candidates should the need arise?
- Has ESG disclosure been verified? Has the company’s ESG disclosure (including DEI and sustainability) been vetted for compliance with changing regulations, as well as expectations of investors, proxy advisors and other parties stakeholders and from the point of view of the risk of litigation? Has such disclosure been reviewed for possible negative feedback from ESG and anti-ESG perspectives?
- Does the board periodically assess its structural defenses to activism and takeovers? Have management and advisors reviewed with the board potential updates to its charter and bylaws to respond to new universal proxy rules and, where applicable, state law (eg. exoneration of officers for Delaware corporations)?
- Is there a protocol for directors and senior managers to follow if they receive input from an activist, unsolicited bidder, or other third party? Does counsel receive periodic reminders of best practices for note-taking, email, text and other communications to protect attorney-client privilege and prepare for potential litigation and battles by power of attorney, taking into account major recent cases and enforcement actions where email and text messages were the primary source of evidence for civil plaintiffs and/or regulators?
- How will the board make decisions in the event of a live fire crisis? Require management and relevant advisors to develop and guide the board through action plans to familiarize directors with the pace, tactics and timing of potential crisis scenarios and educate directors about a high level to the merits and pitfalls of a range of possible response options when the business is under attack?
- Does the company have a competent and integrated crisis response team? Does the company have a playbook with identified internal leaders who will be the decision makers for different types of crises? Does the company have an external consultant, financial advisor, crisis public relations firm, and other relevant specialists engaged or on standby for potential crisis scenarios? Is the internal and external response team aware of the company’s culture, priorities and vulnerabilities? Does the outside attorney have the breadth of expertise to cover the relevant threat landscape (including corporate governance, activism, hostile mergers and acquisitions, inter-corporate litigation, white collar (SEC/DOJ), congressional investigations, ESG and cyber)?
As with any effective pre-preparedness exercise, in crisis preparedness, asking the right questions is only the first step. A reflexive “yes to all” should not be the goal. Instead, we encourage board leadership to work with fellow directors, leadership teams (particularly the General Counsel), and trusted advisors to consider these issues as part of an effort to develop a crisis response program carefully tailored to specific business needs. It is equally important that the program is not static. The most effective crisis programs are reviewed and regularly updated as needed to address a rapidly changing threat and risk landscape.