The most important year-end 2009 task for companies, boards of directors and compensation committees may be to begin to establish a process for assessing the risk of the company's executive and employee compensation programs. The U.S. Securities and Exchange Commission ("SEC") is expected to publish final rules later this Fall (the proposed rules were issued in July), which will apply to proxy statements for fiscal years ending after Dec. 15, 2009, and require that every company:
The failure to conduct a risk assessment process in the thorough and intensive manner required by the rules, which most companies have not historically conducted, could put a company at a disadvantage if and when the SEC rules are finalized. A failure to conduct a risk assessment in compliance with the rules could lead to increased scrutiny (and liability) from the SEC and shareholders, and/or the company's failure to identify or manage a critical incentive for risk-taking.
This requirement originally appeared in the Emergency Economic Stabilization Act of 2008 (EESA), as amended by the American Recovery and Reinvestment Act of 2009 (ARRA), which contained language requiring affected financial institutions to adopt:
The EESA and ARRA provisions only apply to companies receiving funds under the Troubled Asset Relief Program ("TARP"). However, legislation passed by the full House of Representatives would, if approved by the Senate and signed by the President, impose similar requirements on all public companies, even if the SEC does not finalize the rules this year. Therefore, all public companies should prepare to conduct a risk assessment this year.
Because every company of every size in every industry has a different risk profile, there can be no "one size fits all" program for conducting the required risk assessment. However, at Winston & Strawn we have designed two forms of a Step-by-Step Action Plan for Conducting Executive Compensation Risk Assessments - one for larger companies and one for smaller companies - which create a structure (or starting point) for the assessment and set forth many of the steps that would be required of any company, board of directors or compensation committee for the upcoming proxy season.
These action plans set forth a series of procedural steps to conduct a thorough and compliant risk assessment. For some companies, this approach may have as many as thirty separate but integrated steps. For small companies or industries with fewer risk factors, the plan may be as few as ten steps. Different companies also may choose to change the order of these steps, as suitable. Not every step of either action plan will apply to every company.
An exhibit to the action plan describes a number of factors that can help identify executive and employee compensation practices that create incentives for excessive risk-taking. The following are a few simple examples of executive compensation program features that could provide too much incentive for executives to take risk or otherwise manipulate financial results:
Executives are already under enormous pressure to achieve announced or expected EPS figures. This all-or-nothing approach would only exacerbate the problem. Instead, the company should consider bonus payouts at 90% of base salary for achieving EPS that is barely below the target and straight-line interpolation downward for other, lesser performance targets.
The company provides equity incentive compensation solely in the form of stock options. Many of the stock options are underwater.
Executives need to "hit a grand slam home run" in terms of performance in order to see any return on their stock options. Slow, but steady, growth may not be enough. Ideally, the company would provide part of its equity compensation in restricted stock or RSUs, so that executives will receive some benefit for navigating through difficult times.
These action plans also discuss ways to manage or mitigate these risk factors.
The executive compensation risk assessment process should proceed in several distinct phases:
1. Collect and review the company's existing polices and programs (including corporate governance guidelines and committee charters) on risk management.
2. Organize the team and the risk assessment process. Select the involved parties. Create a timeline (including compliance dates) for the process. Create a list of all executive and employee plans to be reviewed.
3. Conduct the risk assessment. Identify for the compensation committee the risks that the company faces that could threaten its value or have a material impact on the company. Identify the features of the executive and employee compensation programs that could induce executives and employees to take those risks.
4. Analyze the results of the risk assessment and deliberate over how to manage any risks, and/or revise any compensation and incentive programs with material risks.
5. Implement changes to executive and employee compensation programs to manage incentives for risk-taking (and eliminate inappropriate incentives).
6. Record the results in meeting minutes and report them in the company's proxy statement (and/or Form 10-K, as required.)
7. During the assessment process (or at its conclusion), develop written policies and guiding principles for proposing, establishing and monitoring compensation and incentive plans that can be applied company-wide in the future, which will make future risk assessments easier.
About the authors: Michael Melbinger is the lead partner and global head of Winston & Strawn's employee benefits and executive compensation practice group. Erik Lundgren is a partner at Winston & Strawn concentrating his practice in employee benefits and executive compensation matters.