Best Practices for Virtual Board Meetings

Dallas Kayser, the chairman at $5.1 billion City Holding Co. in Charleston, West Virginia, says his board has essentially been “on call” throughout the coronavirus crisis, with more frequent board and executive committee meetings to discuss issues like how the bank will offer small business customers the Paycheck Protection Program loans launched under the Coronavirus Aid, Relief, & Economic Security (CARES) Act.

But given the nature of the pandemic, which has shut down many sectors of the U.S. economy, directors aren’t meeting face-to-face in the boardroom. Instead, they’re meeting virtually. 

Covid-19 has quickly changed how boards conduct their business.

Meeting virtually isn’t new. We’ve had the technology for years, and many boards already had some sort of virtual attendance option in place for far-flung directors — snowbirds, for example, or those more distantly located from the bank’s headquarters. The difference now? “This is the first and only time we’ve all 100% been forced to do it, if we want to meet. That’s why it feels new,”  says Dottie Schindlinger, the executive director of Diligent Institute, part of governance software provider Diligent Corp.

As boards have quickly learned, there are important considerations to keep in mind when meeting virtually. Bank Director compiled the following checklist, based on conversations with industry experts, for your board’s consideration as it navigates this shift.

1. Establish ground rules.
First, the board should understand how state laws and other regulations govern virtual board meetings, including how it will impact procedures like establishing a quorum and voting. Also, review the board’s policies and bylaws to see if they should be updated for meeting virtually.

You’ll also want to consider how the technology used by the board impacts seemingly simple matters like minutes and roll call. If the board is using an audio-only format, a roll call will be necessary. It will also be important for directors to introduce themselves before speaking, to ensure accurate minutes.

The board should also weigh the pros and cons of audio versus video technology. Many find discussions more productive through video, due to the ability to pick up on others’ visual cues.

However, using video raises new questions that boards will have to consider. Should someone record the meeting? Should directors be required to use web cams, so everyone can see one another? Should directors be encouraged to use headsets, to ensure conversations are private? And if the bank’s staff runs the technology, how can the board meet in executive session?

And it’s important to understand any technology needs directors may have now that they’re logging in from their homes. The iPad the bank purchased a few years ago may not be able to run the latest and greatest video-conferencing solution. Also, someone at the bank will need to serve as “tech support” as the board gets used to this new way of meeting.

2. Rethink the agenda.
Consider shorter, more frequent meetings, and focus the agenda on the critical issues that the board needs to discuss at that time. Ensure materials are received in advance to allow sufficient time to review, as directors can’t spend time catching up during the shorter meetings. And clearly define roles in advance, if needed. Who will lead the discussion on a particular issue? Who will take minutes?

Also, wrap up the meeting by reviewing the key items discussed and items that require further action, recommends Denise Kuprionis, the president of The Governance Solutions Group.

And sometimes, old-school methods work. Kayser at City Holding prints out the agenda, so he can check off items as they’re discussed.

3. The role of the facilitator could evolve.
The chair or lead director should make a more concerted effort to engage every director. Everyone’s voice should be heard.

Kuprionis recommends keeping a list of all board members at hand, so no one’s forgotten. “You’re listening to a conversation, you’re participating [and] you get caught up,” she says. “If you have that list in front of you … it helps you remember who’s not there.”

Also, be emboldened to speak up when someone’s dominating the conversation. It’s easy in face-to-face meetings for a single individual to do this; the problem is compounded when visual cues have been removed. Discuss — as a board — how these directors can be reined in. One solution Schindlinger recommends is time limits. When one director has spoken for a predetermined time limit, the chair can interrupt or mute that individual, and move on to request input from other board members.

For more on facilitating effective meetings, read “A Roadmap for Productive Board Discussions.”

4. Ensure secure communications.
Not all formats provide the security boards need, so that should be considered as specific technologies are reviewed. Are passwords required? Is there a waiting room feature, so guests — like executives — can be held outside the meeting until the board is ready?

You’ll also want to wean directors off paper packets, or at least talk with some directors about how to access and print their materials securely. Don’t discuss board business via email, says Schindlinger. “You know the old adage, ‘never waste a good crisis?’ Well, hackers have really taken that to heart. They are looking for opportunities to exploit all of us right now, because we’re vulnerable,” she says. We’re stressed about the pandemic and the economy, cooped up in our houses and spending more time online. “This is not the time to send out stuff via email.”

Also, consider how side conversations will be managed. While Schindlinger says assigning a “board buddy” can be helpful to new directors trying to gain a grasp of the board’s culture, those conversations should be secure — not through text or email. Board portals like Diligent or Nasdaq’s Director’s Desk, which is used at City Holding, allow directors to conduct one-on-one exchanges safely.

Virtual board meetings could become part of the new normal that emerges out of the Covid-19 crisis. It may be awhile before we’re all ready to convene in groups and what’s more, some directors may like the experience. Kayser sees benefits in saving travel and time, along with the ability to schedule discussions on short notice. However, he also feels that discussions on deeper issues — an acquisition, for example — could be challenging.

Boards have an opportunity now to figure out how to make virtual meetings work. “There are no playbooks about this stuff right now,” says Schindlinger. “The right answer is going to be the right answer for your board. Your board is going to come up with the right ideas and vote those in. Just have the conversation.”

COVID-19 Poses New Cybersecurity Challenges for Banks

The COVID-19 pandemic has turned the banking world upside down, not the least by requiring a significant number of employees to work remotely.

Social distancing requirements have forced many companies, banks included, to have large numbers of their employees work from home. Not only is this a stark departure from how most banks have traditionally operated, it happened very quickly; the new coronavirus swept across the country like a derecho, giving them little time to prepare.

And while social distancing will hopefully “flatten the curve” of the pandemic’s infection rate, to use a now common expression, it has had the unintended consequence of increasing the industry’s cyber risk by opening banks up to new attacks.

The “core threat,” according to Ron Buchanan, the chief information security officer at $17.6 billion Atlantic Union Bankshares Corp. in Richmond, Virginia, involves remote access platforms like virtual private networks (VPNs) and video conferencing platforms. This would include companies using VPNs for the first time, or companies that risk exposing services and sensitive or internal communications online.

“There are plenty of companies out there that aren’t used to working remote and are in a rush to enable remote access services and doing that without the knowledge and proper protections,” Buchanan says. “That creates the vulnerable environment for the attackers to go after. And that’s what they’re focused on.”

In some instances, employees who are working remotely are forced to use their home computers because they don’t have a company laptop. “[With s]ome clients of ours, not [every employee] has a company-issued laptop to take home,” says Shawn Connors, a principal in PwC’s cybersecurity and privacy practice.

In that scenario, the employee may have to use a home computer that is operating outside of the bank’s security framework. The bank’s challenge is to understand “what information is potentially leaving the confines of the organization, where is it going and do those machines that are accessing or manipulating that data, are they at the corporate standard of what one would expect to put into appropriately managed cyber risk?” Connors says.

Larger banks generally have had less trouble meeting the demands of a distributed workforce because they have a more robust technology infrastructure to begin with, as well as more employees working from remote locations. Many smaller banks, on the other hand, have been challenged by the sudden shift to a work-from-home policy.

“We have definitely had a number of clients where, not only is the capacity not there, but they have a security concern on top of it because they don’t have control of the device that’s actually going to be accessing data in these corporate environments,” Connors says. “Overnight, some really bad hygiene practices have been put back in place, just because they got caught flat-footed.”

For its part, Atlantic Union has been able to handle the sudden shift to a distributed workforce in stride. “It hasn’t had too much of an impact on us because we already had a large number of laptop users with the right security protections on those laptops,” says Buchanan. “So really, it was just a slight tuning adjustment to scale up that coverage and keeping a close eye on the increased load on the VPN infrastructure.”

Buchanan has sent out communications reminding employees who are working from home that they are required to use the bank’s VPN and must abide by restrictions such as a prohibition against printing out documents at home.

There has also been a surge in video conferencing, which may not be the most secure communications platform for sensitive meetings. “The biggest risk is if you’re having a confidential conversation and someone eavesdrops on that call, and they’re eavesdropping on that confidential conversation,” Buchanan says. “If you’ve turned on the security settings, which means turning on the password and all the encryption settings, it increases the security of the call. And if you don’t recognize someone and you can’t figure out who it is, then you should assume the call has been compromised and either kick that connection off or change calls.”

The Financial Services Information Sharing and Analysis Center, an industry consortium focused on cybersecurity, offers home security resources for institutions that are managing a distributed workforce.

The Need for Secure Communications in the Boardroom


communication-5-21-19.pngBoards need to keep director communications secure, timely and accurate.

Communication can be a major challenge for busy board directors who need to touch base with their peers regularly, and it can introduce major security risks for the institution.

Boards tend to use different applications or multiple email accounts; the numerous multiple electronic platforms means that directors need to remember multiple user IDs and passwords. Directors sometimes resort to using their personal email accounts out of frustration with other systems or for personal convenience.

Many boards send sensitive internal governance communications through insecure communication channels. The use of personal email for internal board communications is widespread. A report Diligent Corporation conducted with Forrester Consulting discovered that 56 percent of directors use personal email for their board communications. Governance professionals and C-level executives also sometimes use their personal email for governance communications.

This is not a good practice. Cybercrime continues to evolve; attacks are increasingly sophisticated, and they are occurring with increasing frequency. Attacks are also becoming more complex, and recovering from digital breaches may become increasingly difficult.

Hackers specifically target directors, C-level executives and the people who support them in a tactic known as “whaling.” Hackers are keenly aware that boards regularly deal with information that is highly sensitive and confidential. Cyber criminals are likely to target high-profile individuals, threatening them with the release of private information unless they pay a ransom. When directors and other notable individuals use personal email accounts for corporate business, they are prone to falling victim to phishing and malicious cyberattacks that could harm the corporation.

Best practices for corporate governance require directors to communicate in ways that are secure, timely and accurate, and that reflect good governance principles. Encapsulated within the principles of good corporate governance is the need to use the right technology to support these efforts. Specific technology that protects the board’s internal communications can also streamline various processes. However, boards should look for specific tools with features such as remote wiping, given that nearly 30% of directors report losing or misplacing a phone, tablet or computer at some point.

The only way to keep sensitive and confidential information private is to use a secure digital messaging application. Look for applications that can work with existing digital infrastructure but are also secure. Some solutions help augment governance and accountability functions, which can address liability issues that email and other types of communications can sometimes create for board administrators and general counsels.

Probably the most difficult element of using secure communications in the boardroom is actually getting directors to use the technology. Getting board directors to change their habits can be a daunting task and something that can take time. However, with the right support and training, directors will be more willing to make the change.

Directors need to understand the importance of using the right technologies and why their current communication methods open the board up to risk. Assessing the security threat demonstrates to the board that the discussion topics and documents are highly sensitive and cannot risk being leaked. The right communication application should provide control to the administrator, with security being a top feature to ensure directors are protected.

Additionally, getting director buy-in from the start is crucial. It is important that boards realize what could happen if their emails are hacked and why they need to adopt secure communications avenues.

Providing your board of directors with the right reasons for needing secure communications is half the battle. Make sure your bank properly evaluates the various technologies to ensure that they will have the right training to properly leverage the tools.

The Three C’s of Compliance



Compliance doesn’t have to be the department of ‘no:’ It can be a benefit, rather than a burden. Barbara Boccia of Wolters Kluwer explains the three C’s that drive a culture of compliance and describes how to integrate these factors within the organization.

  • Turning Compliance Into a Competitive Advantage
  • Key Factors That Drive Compliance Culture
  • Elevating Compliance as a Strategic Asset

Getting Shareholders to Say “Yes” to Your Pay Plan


12-11-13-Naomi.jpgHonolulu-based Territorial Bancorp’s Vice Chairman Vernon Hirata has a piece of advice for other bank boards: communicate with shareholders about potentially sensitive compensation related matters. Or else.

Territorial received a 74 percent approval rating from shareholders in its annual “say on pay” advisory vote in 2012. Sure, it was a passing vote, but too close for comfort, said Todd Leone, a partner at McLagan, the bank’s compensation advisor.

“We called McLagan and said, ‘Houston, we have a problem,’’’ said Hirata, who spoke at Bank Director’s recent Bank Executive and Board Compensation Conference in Chicago.

As Hirata remembers it, the $1.6-billion asset company approved a new equity incentive plan for top management in 2010 after an initial public offering of bank stock in 2009. The company spent lots of time with investor groups explaining the compensation plan, and passed its first shareholder advisory vote with no sweat. But the next year, in 2012, there was almost no communication with shareholders about the incentive plan, aside from a written description in the proxy.

And that was unfortunate because the proxy statement’s summary compensation table that year had some high numbers in it. Most notably, chairman, president and chief executive officer Allan Kitagawa had been paid almost $6.8 million in 2010, more than double his pay in 2009 or 2011. Other executives saw similar jumps that year.

Hirata said the executives were paid stock awards that year that vested over a six-year period, but the company had to report the amounts as a one-time grant, per rules from the Securities and Exchange Commission. Apparently, shareholders were not pleased. “Soon after our proxy was distributed, we got a call from our proxy distributor and said a proxy firm was deciding to recommend a ‘no’ vote,’’ Hirata said.

It was a little late to do anything, as the shareholder meeting was right around the corner. But this year, the bank reached out to shareholders and explained the equity plan better, he said. The bank was rewarded with a 91 percent approval vote this time around.

Shareholder advisory firms, which recommend votes to the large institutional investors who are their clients, don’t like big equity payouts when they don’t seem to be linked to performance, said Chris Fischer, a partner at Aon Hewitt consulting, which owns McLagan. Institutional shareholders owned about 55 percent of Territorial Bancorp’s stock, which meant the bank had to pay attention to the advisory groups.

Other compensation practices that draw the ire of shareholder advisory groups include tax gross ups, where the company agrees to pay an executive’s taxes when a change-in-control would trigger a “golden parachute” and additional taxes under the Internal Revenue Code. Also, shareholder groups don’t like it when companies tell the market one set of goals for the institution’s financial performance, while benchmarking their executives to a lower standard for bonuses.

Another red flag for shareholder advisory groups is when companies compare their compensation to a peer group with other companies that are much larger. Instead, companies typically set up peer groups with similar-sized companies in the range of half to 2.5 times the bank’s asset size, Fischer said. Communication with shareholders is important to winning a say on pay vote, he said.

“It’s better on an annual basis to reach out to your institutional investors about what concerns them with your pay package,’’ he said.

Leone agreed.“You are generating some good will with them, and most important, in your next proxy, you get to say you went out and talked to your investors,’’ he said.

As for Hirata, he had his own lessons learned from the crisis at his bank.

“Do the hard work now,’’ he said. “You don’t want to have that call and scramble at the last minute. You need to do the work before your proxy gets out there.”

Best Practices for Your Compensation Committee


11-13-13-Meridian.pngCompensation committees today face increased responsibilities, time commitments and risks. The Dodd Frank- Act, the Securities and Exchange Commission (SEC) and the stock exchanges are mandating new governance standards and disclosure rules. Bank regulators, shareholders and their advisory firms (e.g. Institutional Shareholder Services, Glass Lewis) create pressures to conform to their requirements, which often conflict. As external pressures continue to evolve, compensation committees need to address more complex issues and change their practices to ensure proper oversight.

Committee Governance

Establishing appropriate governance structures is critical to enabling compensation committees to make effective decisions in this complex environment. The SEC recently approved new independence requirements for compensation committees listed on NASDAQ and NYSE. In consideration of these requirements and other trends, below is a list of some best practices related to compensation committee governance. A compensation committee should have:

  • Composition comprised solely of independent board members, willing to encourage discussion, debate and challenge the status quo.
  • A charter that provides clear definition of authority and meets new SEC requirements.
  • Clear definition of its authority to manage compensation risk.
  • An annual calendar defining activities/actions to be taken throughout the year.
  • Oversight that includes CEO and top executives.
  • Agendas and meeting materials sent well in advance of meeting with clearly define topics for review, discussion and approval.
  • A two-review process for major decisions (e.g. one meeting to review materials and discuss; second meeting to approve).
  • Executive sessions without management at every meeting.
  • Annual self-assessments of the committee’s performance.
  • Annual assessments of independent advisors.
  • Ongoing director/committee education (through advisors, conferences).

Compensation Program Design

Compensation program designs and practices are changing as a result of the increased influence of bank regulators, shareholders and advisory firms such as ISS and Glass Lewis. Best practice compensation programs should:

  • Align and drive the bank’s strategic goals and business plans.
  • Reflect the bank’s unique compensation philosophy and guiding principles.
  • Provide a balance of or between:
    • Performance measures (e.g. return, operational, shareholder).
    • Fixed and variable/performance based programs.
    • Short and long-term performance.
    • Cash and equity-based compensation.
    • Bank, division and individual performance.
    • Formula versus discretion.
    • Absolute and relative performance.
  • Include a mechanism for risk-adjusted compensation. (Approaches vary but might reflect inclusion of risk metrics in the incentive plan, such as risk-adjusted returns, or deferral of incentive pay.)
  • Embrace meaningful stock ownership for executives and board members through ownership guidelines, holding requirements, payment in stock and outside purchases.
  • Include a clawback policy (which may need to be revised as rules are finalized implementing the Dodd Frank Act).

Compensation committees today need to conduct more rigorous analyses and testing to ensure total compensation programs are effectively meeting objectives and complying with today’s requirements and best practices. Some examples of good analyses include:

  • Compensation history and tally sheet of executives’ total compensation.
  • Pro forma illustration of the range of potential total compensation resulting from a variety of performance results.
  • Realizable pay analysis (total compensation likely to be paid based on performance).
  • Updates on progress toward annual and long-term performance goals.
  • CEO and executive performance and pay relative to peer group.
  • Current stock ownership and progress toward ownership guidelines.
  • Value of retention tools (e.g. stock awards, Supplemental Executive Retirement Plans).
  • Annual review of compensation risk assessment.
  • The ratio of CEO pay to median employee pay (this is required by the Dodd-Frank Act with an estimated implementation in the year 2015).

All of these analyses can provide helpful perspective for committees when designing programs and making pay decisions.

Communication and Disclosure

Communication with shareholders and regulators is more critical than ever, as both groups are seeking to determine if compensation programs align with their expectations. Best practices include the following:

  • Enhance your compensation disclosure and analysis on your proxy statement with an executive summary to tell your story and communicate to shareholders the objectives of your pay program and the resulting pay-performance relationship.
  • Understand the influence and perspectives of shareholder advisory groups (e.g. ISS, Glass Lewis) but don’t try to emulate them. Their policies evolve and their analysis is a one-size-fits-all approach.
  • Provide clear documentation of your incentive plans and be prepared for the formal documentation that will result as required by Section 956 of the Dodd Frank Act.
  • Engage in ongoing communication with shareholders; not just during annual say-on-pay voting.

These checklists provide a starting point for assessing the effectiveness of governance practices and could help a compensation committee review their own practices and see what they would like to change.