ABA Nonprofit Governance Subcommittee

ABA Nonprofit Governance Subcommittee

Aug. 1, 2009 meeting

Page 1

ABA Nonprofit Governance Subcommittee Aug. 1, 2009 meeting

Topic: The Board's Role in Assessing Direct and Oversight-Related Risk

In-Person Attendance List:

Michael Malamut, Co-Chair

Solo

John Stout, Co-Chair

Fredrikson & Byron

Bruce Jay Baker

Illinois Bankers Association

Larry Beaser

Blank Rome, LLP

Dan Brandenburg

Saul Ewings, LLP, DC

Kevin Cox

UPS

Megan Christensen

Blank Rome, LLP

Paul H. Davis, Jr.

DCFCU

George Flint

Parsons Behle & Latimer

Nancy Fallon Houle

Nancy Fallon-Houle, PC

Douglas F. Fries

KPMG, LLP

Geoffrey Hazard

Hastings Law

Laurence Hazell

S&P

Nell Hennessy

Fiduciary Counselors, Inc.

Mark Melickian

solo

Kimberly Quinn

Illinois Bankers Association

Lisa Runquist

Runquist & Assocs.

Patrick Sternal

Runquist & Assocs.

Ann Stillman

Stolar Partnership

David Tang

Gowlings

Nancy Trudel

WVHTC Foundation

John Vail

Quarles & Brady LLP

Call-In List:

Kenneth D. Alderfer

Akin Gump Strauss Hauer & Feld LLP

1333 New Hampshire Ave., N.W.

Washington, DC 20036

Phone (202) 887-4059

Fax (202) 955-7659

e-mail:

David Ball

Caryl Ben Basat

Weston, Florida

Christopher J. Bonner

Hiscock & Barclay, LLP

One Park Place

300 South State Street

Syracuse, NY 13202

D: (315) 425-2708

F: (315) 425-8568

E:

A. Bruce Bowden

Duane Morris LLP

P: 412.497.1050 C: 412.298.5897 F: 412.497.1001

600 Grant Street, Suite 5010 | Pittsburgh, PA 15219-2811

E-mail:

Barbara Braunstein

Allison Clements

Corporate Counsel

Natural Resources Defense Council

40 W. 20th Street

New York, NY 10011

(p) 212.727.4473

Kevin Cox

Seaton M. Daly III

Law Office of Seaton M. Daly III, P.L.L.C.

901 Fifth Avenue, Suite 1700

Seattle, WA, 98164-2008

Phone: 206.346.6028

Fax: 866.654.7307

E-mail:

Julia Darlow

Linda J. Dunn

VP & Assistant General Counsel

Winn-Dixie Stores, Inc.

Legal Department

5050 Edgewood Court

Jacksonville, FL 32254-3699

(904) 370-6810

(904)783-5138 (fax)

Scott Earnshaw

The Law Offices of Scott Earnshaw

34 Juniper Drive

Bedford, New Hampshire 03110

T 603.472.2264

F 603.218.6646

C 603.305.1946

Jay Fleisher

David S. Fushtey .General and Legal Counsel

The Governance Counsel™

Suite 404 -- World Trade Centre 999 Canada Place,

Vancouver, British Columbia, CANADA V6C 3E2.

WWW: Governance.DSFW.com

David Hankey

Gohn, Hankey & Stichel, LLP

201 North Charles Street, Suite 2101

Baltimore, Maryland 21201

Direct Line: 410-263-3411

Facsimile: 410-752-2519

Robert Krasne

tel +1 202 243-3100

fax +1 717 427-1625

mobile +1 202 361-8547

Angelo J. Loumbas

Senior Vice President, Wealth Strategist

Wealth Planning Solutions

U.S. Trust, Bank of America Private Wealth Management

231 South LaSalle Street

IL1-231-03-18

Chicago, Illinois 60604

P: 312.828.2367

F: 312.537.6447

Lloyd Hitoshi Mayer

Associate Professor

Notre Dame Law School

P.O. Box 780

Notre Dame, IN 46556-0780

Phone: (574) 631-8057

Fax: (574) 631-4197

Suzanne Ross McDowell

Steptoe & Johnson LLP

1330 Connecticut Ave, NW

Washington, DC 20036

Ph: (202) 429-6209

Fax: (202) 261-0633

Email:

Gregg Nasky

Patsy W. Nichols, Partner

FULBRIGHT & Jaworski L.L.P.

600 Congress Avenue, Suite 2400

Austin, Texas 78701-2978

T: 512 536 4532

F: 512 536 4598

John F. Olson

Gibson, Dunn & Crutcher LLP

1050 Connecticut Avenue, NW

Washington, DC 20036-5306

Direct Phone: (202) 955-8522

Cell Phone: (202) 250-4700

Direct Fax: (202) 530-9574

E-mail:

Robert Paine

Paine Law Group

130-A Courthouse Square

Oxford, MS 38655

662-236-9901(w)

662-236-9902(f)

Michael W. Peregrine

McDermott Will & Emery LLP

227 West Monroe, Chicago, IL 60606

Direct: 312.984.6933

Fax: 312.984.7700

Robert Rappel, DO, JD

Certified Health Law Attorney

Rappel Health Law Group, PL

1515 Indian River Boulevard, Suite A-210

Vero Beach, Florida 32960-7103

Telephone: 772.778.8885

Facsimile: 772.778.8883

R. Sampson

Joseph Semo, Esq.

SEMO LAW GROUP

1800 M Street, NW

Suite 730S

WASHINGTON, DC 20036

Direct Dial: 202 833 7366

Facsimile: 202 478 0919

Naomi Sheffield

Perkins Coie LLP

1201 Third Avenue, Suite 4800

Seattle, WA 98101-3099

206.359.8078

206.359.9078

Gene Takagi

425 Market St., Suite 2200

San Francisco, CA 94105

415.977.0558

Steve Tollefsen

TOLLEFSEN BUSINESS LAW PC

2825 COLBY AVENUE, SUITE 304

EVERETT, WASHINGTON 98201

TELEPHONE(425) 353-8883

FAX (425) 353-9415

Pre-Meeting Notes:

From Paul Weiss website, Board Oversight of Risk Management in Light of Emerging Trends, June, 2009:

In Delaware, courts have held that directors’ obligations include a duty to “attempt in good faith to assure that a corporate information and reporting system, which the board concludes is adequate, exists.” See In re Caremark International Inc. Derivative Litigation. In Caremark, the court held that directors are liable for breach of fiduciary duty only in the event of a “sustained or systematic failure of the board to exercise oversight – such as an utter failure to attempt to assure a reasonable information and reporting system exists.” Since then, subsequent cases have confirmed that standard and also noted that liability can arise where, having implemented such a system, directors “consciously failed to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention.” See Stone v. Ritter, and In re Citigroup Inc. Shareholder Derivative Litigation. The court in Stone v. Ritter approved the Caremark standard and clarified that liability would be based on the concept of good faith, which is embedded in the duty of loyalty and does not constitute a separate fiduciary duty.

...

The proposed Shareholder Bill of Rights Act of 2009 would require listed companies to establish an independent risk committee responsible for establishing and evaluating risk management practices.

...

The SEC is considering, for example, whether to enhance disclosure requirements concerning director nominee experience, qualifications and skills in order to augment current requirements that are limited to a brief description of a candidate’s business experience over the past five years. The SEC is also considering whether to require disclosure of the reasons why a board has chosen a particular leadership structure; whether to require greater disclosure of how a company, and particularly its board, manages risks, generally and with respect to setting compensation; and whether greater disclosure is needed regarding a company’s overall compensation approach (beyond its highest paid officers), as well as compensation consultant conflicts of interests.

If U.S. listed companies are required to establish risk committees, boards will need to consider various issues: the role of any such committee in light of their company’s risk profile, the nature of the interface between the risk committee and other board committees; and how best to discharge the ultimate responsibility of the full board. Composition of the risk committee will also need to be considered, particularly if the independence standards follow current audit committee requirements and if directors are expected to provide more disclosure regarding skills and experience.

...

As part of its oversight function, the board should:

• assess the quality of the information it is receiving;

• assess how well it understands the company’s business and the risks the company faces;

• assess how management evaluates risks;

• assess the quality of the risk management oversight structure; and

• consider lessons learned.

From Wachtel Lipton website, Risk Management & the Board of Directors, Nov. 2008:

But what exactly is the proper role of the board in corporate risk management? The board cannot and should not be involved in actual day-to-day risk management. Directors should instead, through their risk oversight role, satisfy themselves that the risk management processes designed and implemented by executives and risk managers are adapted to the board’s corporate strategy and are functioning as directed, and that necessary steps are taken to foster a culture of risk-adjusted decision-making throughout the organization. Through its oversight role, the board can send a message to the company’s management and employees that corporate risk management is not an impediment to the conduct of business nor a mere supplement to a firm’s overall compliance program but is instead an integral component of the firm’s corporate strategy, culture and value generation process.

...

The Delaware courts have developed a framework for the board oversight of risk

management in a line of cases dealing with alleged violations of fiduciary duty. In the first of these cases, the Delaware Chancery Court stated that director liability for a failure of board oversight required a “sustained or systemic failure of the board to exercise oversight—such as an utter failure to assure a reasonable information and reporting system exists,” noting that this was a “demanding test.” In re Caremark International Inc. Derivative Litigation, 698 A.2d 959, 971 (Del. Ch. 1996). The cases that followed made clear that there would be no liability under a Caremark theory unless the directors intentionally failed entirely to implement any reporting or information system or controls or, having implemented such a system, intentionally refused to monitor the system or act on any warnings it provided. In recent years, the few Caremark claims to survive motions to dismiss have involved an absence of any monitoring system or clearly egregious behavior.

.. .

[C]ompanies that are not subject to the [Troubled Asset Relief Program Capital Purchase Program] requirements should still consider reviewing their compensation plans and programs in the context of risk management and risk oversight with a view to whether the compensation structure encourages excessive risk-taking. To the extent that compensation is viewed publicly or politically as a key source of inappropriate risk, the interaction between compensation and risk will inevitably find its way into other legislative and regulatory responses and/or become a focus of shareholder activism and media attention. For example, one of the recommendations included in the Declaration of the Summit on Financial Markets and the World Economy, issued by the White House on November 15, 2008 following the initial meeting of the Group of Twenty, states that “Financial institutions should have clear internal incentives to promote stability, and action needs to be taken, through voluntary effort or regulatory action, to avoid compensation schemes which reward excessive short-term returns or risk-taking.”

...

The following is a non-exhaustive list of some of the risks commonly faced by many major companies and business enterprises. The general advice remains the same for all

types of risk: while it is not the role of the board or its designated committee to directly manage and specifically address each of the risks the company faces, the members of the board or the relevant committee should be aware of the relevant risks and satisfy themselves that management (1) designs and implements risk management policies and infrastructure that sufficiently address the relevant risk issues, (2) ensures the effectiveness of the risk policies and infrastructure, and (3) reports on these issues to the board or the committee[: financial risks, fraud, bribery/foreign corruption, disasters, product liability, health and safety, environmental, insurance, information technology, intellectual property, antitrust compliance, employment practices, social responsibility and human rights].

...

Currently, most boards delegate oversight of risk management to the audit committee, which is consistent with the NYSE rule that requires the audit committee to discuss policies with respect to risk assessment and risk management. In many companies, however, the scope and complexity of risk management may make it desirable to consider creating a dedicated risk management committee or subcommittee in order to permit greater focus at the board level on risk management and oversight. The NYSE rule permits boards to delegate the primary risk oversight function to a separate board committee, subject to limited continuing audit committee oversight. Currently, it appears that less than five of the one hundred largest U.S. companies by market capitalization maintain a board committee dedicated to risk management; however, in light of the intense focus on risk in the current environment, this number will likely increase in

the future.
Talking points raised in roundtable discussion at Aug. 1, 2009, meeting:

Direct risk issues: choice/evaluation/compensation/succession planning of senior executive/management, board composition (nominating committee, independence, evaluation) and compensationrequirements/guidelines, setting management’s authority, board organization and leadership/committee structure, mission/long term planning, choice of auditor, conflicts review

Board training, board time & focus, board minutes, reliance on committee/consultant investigations/reports

Unique nonprofit issues in regard to the board’s role in assessing and addressing risk: In small organization’s when board gets involved in management; fidelity to mission, role of mission in long-term planning, what is the risk of departure from mission?

How does a board get its arms around risk? What issues does the board have direct responsibility for if it does it improperly?

Hospital fraud, what is the oversight risk?

Financial risk of poor investment choices, is this an oversight risk or a direct risk, depending on the structure of the board and its role in investment planning?

Community foundation work requires attention to mission and values. How are the risks of fidelity to mission evaluated?

It should be noted that a nonprofit can intentionally, and properly, go out of business by following its mission, without necessarily incurring risk of liability by the directors.

What is the risk regarding anonprofit organization’s director’s obligations in zone of insolvency? In Pennsylvania, the legislature changed the applicable statute,

15 Pa. Consol. Stat. §515, so that the board can take community interest into account even in insolvency.

Boards have been focusing recently on conflict-related risks.

Boards also often assess classic tort risks. The question is how does the organization survive in light of risk/minimize risk/appropriately insure against risk?

Someone observed that it is hard to get outside, truly independent board members for nonprofit boards who will devote the necessary time and effort to explore, evaluate, and address risk.

Regarding the risk of departure from the nonprofitmission, relations with donors and grant funders may partially substitute for market discipline as a means of insuring focus on mission.

What are the special risks of boards whose active members are managers of the nonprofit? This is common in many smaller organizations?

The American Law Institute project on Nonprofit Organizations (originally Nonprofit Governance) addresses roles & risks of board service and board liability concerns.

There is a practical question about directors who serve primarily as fundraisers (either by contributing themselves or by soliciting contributions from associates), whether they should they be held to the same level of fiduciary responsibility as “oversight” directors. Legally, all directors are held to the same standards and duties, but many “fundraising” directors as a practical matter see their roles as primarily fundraising.

Lawrence Hazell of Standard & Poor commented that his firm rates nonprofits as well for-profits in regard to the riskiness of bond issues, a concern for many larger nonprofits. Standard & Poor will shortly start evaluating company risk management as a part of its assessment of the overall risk. This new element in risk assessment will soon affect nonprofits who need outside evaluations of risk to issue bonds, and also other nonprofits requesting loans or other forms of outside financing. Eventually, there will be a trickle down effect of this focus on risk analysis and governance on small nonprofits as well. Ordinary donors and funders will ask whether the organization is risk aware/risk attentive.

The size and structure of the board are direct risks, as opposed to oversight risks. In other words, board decisionmaking in those areas is direct and does not rely on staff action. Organizations are struggling with how to create an effective board. The new IRS Form 990 raises a lot of risk related issues about whether an organization’s policies are suited/adequate for institution and whether good policies are poorly followed.

In the context of assessing direct risk, attendance requirements for board members are a risk issue (it goes to duty of care).

Another form of direct risk is the method of selecting board members, which will affect the quality of board. A poor nomination process may expose current directors to liability if they do not recruit new board members with appropriate skills.

As donors look at best governance practices, in a tight money environment, means of evaluating how a board assesses and addresses risk will become part of the grant/contribution review process.

How is the risk assessment and reduction role of the board addressed functionally? Is this a part of the role of the audit committee or separate stand-alone risk-related committee?

There is no one size fits all response to risk for nonprofits. Mission is the primary concern. Some missions may require greater exposure to risk.

In the nonprofit area, directors must still be sensitive to antitrust issues This is particularly true for professional associations, but may also raise issues with hospital mergers and in other areas.

The National Association of Corporate Directors is about to issue report on board’s role in regard to risk assessment. Members of the subcommittee may want to review the document for its implications for nonprofits.