Tag Archives: Sabastian V. Niles

Understanding the Role of ESG and Stakeholder Governance Within the Framework of Fiduciary Duties

by Martin Lipton, Adam O. Emmerich, Kevin S. Schwartz, Sabastian V. Niles, and Anna M. D’Ginto.

Over the past decade, investors, companies, and commentators have increasingly accepted and adopted stakeholder governance as the way to pursue the proper purpose of the corporation and have embraced consideration of environmental, social and governance (ESG) issues in corporate decision-making toward that end. But an emerging movement opposed to any consideration, at all, of ESG factors threatens to erase the gains that have been made over the past ten years and revert to the outdated view that the purpose of a company is solely to maximize short-term shareholder profits.

This debate is playing out very publicly, with politicians at the highest levels of state and federal government publicly staking out positions on ESG and the extent to which it should (or should not) be considered by asset managers; through regulation and law; and in boardrooms across the country and around the world. At one extreme, critics of ESG are dismissing any consideration of the long-term impact of environmental or social risk on a company as “woke” capitalism, to be condemned, if not outlawed. (See Bloomberg, Populist House Republicans Picking a Fight With US Business Over ‘Woke Capitalism’ (Nov. 27, 2022).) At the same time, attacks from the other end of the spectrum condemn board consideration of ESG in a stakeholder governance model as insufficiently prescriptive. Yet neither view, attempting to politicize the role of companies and their boards, grapples adequately with the real meaning of ESG and stakeholder governance and the role of these concepts in the decision-making process of corporate boards and management.
Continue reading

Cybersecurity Oversight and Defense – A Board and Management Imperative

by John F. Savarese, Sarah K. Eddy, Sabastian V. Niles, and Jeohn Salone Favors 

This past weekend, criminal ransomware cyberattacks drove the shutdown of one of America’s largest pipelines for refined gasoline, diesel fuel, and jet fuel as a precautionary means of containing the impact of the breach, highlighting the vulnerability of the nation’s energy infrastructure. Recent reports indicate that more than two dozen other company victims across a range of industries were targeted by these ransomware attacks, with worse damage blocked thanks to close and rapid coordination between federal authorities and private sector partners to identify and swiftly shut down servers being used in the attack. Earlier this month, a California- based regional hospital operator had to take healthcare IT systems offline following a cyberattack, significantly disrupting care, forcing medical personnel to use back-up paper records and raising concerns about vulnerabilities in the healthcare system as the nation continues to battle the Covid-19 pandemic.

Continue reading

SEC Division of Enforcement Forms New Climate and ESG Task Force to Target ESG-Related Misconduct and Potential Violations

by David M. Silk, Wayne M. Carlin, David B. Anders, Sabastian V. Niles, and Carmen X. W. Lu

Last week, the SEC Division of Corporation Finance announced (PDF: 131 KB) it would enhance its focus on climate-related disclosures and risks at the direction of the Acting Chair of the SEC. Yesterday, the SEC announced a new Climate and ESG Task Force within the SEC’s Division of Enforcement. This Enforcement Task Force will be heavily resourced, have access to ESG-related whistleblower complaints and referrals and focus on proactively identifying ESG-related misconduct (such as material disclosure “gaps” and misstatements), including by using data analysis to identify potential violations.

Continue reading

Using ESG Tools to Help Combat Systemic Racism and Injustice

by Adam O. Emmerich, David M. SilkSabastian V. Niles, Elina Tetelbaum, and Carmen X. W. Lu 

Events of recent weeks and months have starkly illuminated the effects of systemic racism and injustice on Black Americans, including threats to physical safety, psychological trauma and economic disparity. CEOs worldwide and across industries have spoken out, expressing their horror and outrage, as well as their resolve to do more. Companies have announced significant financial commitments; others have referred to actions to be taken, and early movers have begun to announce or amplify business-related initiatives. Institutional investors, asset owners, asset managers, private equity fund limited partners and investor groups have also begun speaking out and considering action with respect to companies in their portfolios. The question for all is how to follow through on the sentiments expressed and drive positive change: what tools are available to address systemic racism and injustice and the threats they pose, and how can those tools be used?

Continue reading

Investor Advisory Committee Urges SEC to Advance Mandatory ESG Disclosures

by David M. Silk, David A. Katz, Sabastian V. Niles, and Carmen X. W. Lu

The U.S. Securities and Exchange Commission’s (SEC) Investor Advisory Committee (IAC) has recommended (PDF: 241 KB) that the SEC begin an “earnest” effort to update reporting requirements to include “material, decision-useful, ESG factors.” The IAC recommendation was high level and modest: it neither endorsed any particular disclosure framework nor made any specific prescriptions. Rather, recognizing the growing demand from investors and other market participants for standardized, comparable and reliable ESG data, and concluding that the SEC is best positioned to set a framework, the IAC recommendation calls on the SEC to begin outreach to investors, issuers and other market participants to develop “well-constructed, principles-based reporting.” The IAC reasoned that if the SEC does not take the lead with this type of disclosure, it is highly likely that U.S. issuers will be bound to follow standards imposed by other jurisdictions. Continue reading

NIST Releases an Updated Version of its Cybersecurity Framework

by Sabastian V. NilesMarshall L. Miller, and Jeohn Salone Favors

Last week, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) released an updated Cybersecurity Framework (PDF: 1,038 KB) that revises NIST’s baseline recommendations for the design of cybersecurity risk management programs.  In announcing its release, Commerce Secretary Wilbur Ross described the updated Framework as “a must do for all CEOs” and recommended that “every company” adopt the Framework as its “first line of defense.”  As with the prior version, the updated NIST Framework provides a useful tool to guide and benchmark company approaches to cybersecurity risk and will impact how regulators evaluate cybersecurity programs and incident responses across sectors. Continue reading

SEC Releases New Guidance on Cybersecurity Disclosures and Controls

by John F. Savarese, David A. Katz, Wayne M. Carlin, David B. Anders, Sabastian V. Niles, Marshall L. Miller, and Jonathan Siegel

Yesterday, in keeping with a heightened governmental focus on cybersecurity, as exemplified by the Justice Department’s formation of a new Cyber-Digital Task Force (PDF: 62 KB) earlier this week, the Securities and Exchange Commission announced new guidance on cybersecurity disclosures by public companies (the Guidance (PDF: 139 KB)”).

Much of the Guidance tracks 2011 interpretive guidance from the SEC’s Division of Corporation Finance and retains a focus on “material” cyber risks and incidents.  However, the expanded details and heightened pressure to disclose indicated in the Guidance, along with its issuance by the Commission itself, signal that the SEC expects public companies to consider more detailed disclosure of cyber risks and incidents, and to maintain “comprehensive” policies and procedures in this area.  The SEC is also encouraging, though not requiring, forward-leaning approaches, such as with respect to disclosures about the company’s cyber risk management programs and the engagement of the board of directors with management on cybersecurity issues.  SEC Chairman Jay Clayton has also directed (PDF: 92 KB) SEC staff to monitor corporate cyber disclosures. Continue reading

Federal Reserve Takes Severe and Unprecedented Action Against Wells Fargo: Implications for Directors of All Public Companies

by Edward D. Herlihy, Richard K. Kim, and Sabastian V. Niles

In a stinging rebuke, the Federal Reserve on February 2nd issued an enforcement action barring Wells Fargo from increasing its total assets and mandating substantial corporate governance and risk management actions.  The Federal Reserve noted in its press release that Wells will replace three current board members by April and a fourth board member by the end of the year.  In addition, the Federal Reserve released three supervisory letters publicly censuring Wells’ board of directors, former Chairman and CEO John Stumpf and a past lead independent director.  These actions are a sharp departure from precedent, both in their severity and their public nature.  They come on the heels of significant actions already taken by Wells, including appointing a former Federal Reserve governor as independent Chair and replacing a number of independent directors as well as its General Counsel.  Continue reading

Insights for All Companies from the SEC’s Cybersecurity Examination of Regulated Financial Entities

by Sabastian V. Niles and Marshall L. Miller

In August 2017, the Office of Compliance Inspections and Examinations (“OCIE”) of the Securities and Exchange Commission released the results of its second Cybersecurity Initiative, which examined cybersecurity-related preparedness and implementation efforts by 75 regulated financial entities.  The resulting OCIE Risk Alert (PDF: 310 KB) depicts an industry demonstrating 0heightened sensitivity to cyber risks, but also experiencing gaps between policy ambition and day-to-day execution, and confronting growing pains associated with accelerated change, including the introduction of significant new policies and procedures that may lack focus or consistent implementation.  While the Risk Alert directly addresses the cybersecurity procedures of broker-dealers, investment advisers, and other SEC-regulated entities, companies in all industries should consider assessing their practices with respect to the issues highlighted by the SEC. Continue reading