The week in GRC: Uber board approves governance changes and judge says Wells Fargo directors must face lawsuit

Oct 06, 2017
This week’s governance, compliance and risk-management stories from around the web

– The US Supreme Court began its new term on Monday, and Reuters noted that it started by looking at a major employment case that could deprive workers of the ability to join together to file lawsuits when taking on companies over a wide range of labor disputes. The Trump administration argued alongside companies that agreements requiring workers to arbitrate disputes with their employers individually, rather than bringing class action lawsuits collectively with their co-workers, are valid. Class actions can result in large awards by juries and are harder for businesses to fight than cases brought by individual plaintiffs.

Bloomberg reported that, according to people familiar with the matter, the Commodity Futures Trading Commission (CFTC) has requested information from Coinbase about a June 21 incident on its GDAX digital currency exchange in which the ether digital token suffered a precipitous drop, falling to 10 cents from $317.81 in milliseconds before quickly recovering.

‘As a regulated financial institution, Coinbase complies with regulations and fully co-operates with regulators,’ the company said. ‘After the GDAX market event in June 2017, we proactively reached out to a number of regulators, including the CFTC. We also decided to credit all customers who were impacted by this event. We are unaware of a formal investigation.’ A CFTC spokesperson declined to comment.

The Wall Street Journal reported that, according to a person familiar with the matter, the board of Equifax is reviewing the actions of the company’s top lawyer in connection with share sales by executives in the aftermath of a huge data breach. John Kelley, Equifax’s chief legal officer, had the ultimate responsibility for approving share sales by top executives days after the company discovered in late July that it had been hacked, according to people familiar with the matter. He is also central to broader questions facing the board because he is responsible for security at the company.

Equifax did not respond to requests for comment. An Equifax spokesperson previously said the company takes seriously its responsibility to protect the security of consumers’ information. Kelley did not respond to multiple requests for comment.

– The UK Financial Conduct Authority (FCA) is facing pressure to introduce strict rules requiring independent directors to make up the majority of fund boards amid fears that asset managers’ interests are being put ahead of those of investors, according to the Financial Times. The FCA in June issued proposals that fund boards should appoint at least two independent directors. But pension and consumer groups have pushed back against the plans, demanding that the FCA take tougher measures on boards. The Pensions and Lifetime Savings Association suggested that, in the long term, fund boards should be made up of a ‘majority’ of independent directors.

Reuters reported that SEC chair Jay Clayton said the personal information of two individuals was compromised in the recently uncovered breach of the agency’s Edgar system. Clayton said additional forensic analysis had found that the social security numbers, dates of birth and names of two individuals were made available to the hackers after they breached the database.

The SEC is reaching out to those people and offering them identity theft protection services. Clayton said the agency was still working to determine whether additional individuals’ information may have been compromised, adding that the SEC is immediately hiring new staff and outside technology consultants to review and improve its existing cyber-security policies and practices.

– Jeff Immelt, the long-time leader of General Electric, is stepping aside as chair and leaving the board several months ahead of schedule, according to the WSJ. Immelt, who resigned from the CEO role on August 1 after 16 years at the helm, is handing over the chair to his successor John Flannery, effective immediately. The company said Immelt had determined that the CEO transition was proceeding smoothly and that Flannery was ready to take over as chair, according to a regulatory filing. The filing stated that the board concurred.

– The FT reported that cyber-security experts believe the SEC was the latest victim of cyber-criminals on the hunt for market-moving corporate secrets, following a series of attacks seeking to steal unpublished press releases, deal negotiations and economic data. As banks increase spending on cyber-security and hire thousands of information security specialists, hackers have been looking to more vulnerable targets across the financial sector. The SEC has said it believes its online filing system, used by almost 6,000 public companies, may have been hacked to reap ‘illicit’ trading gains. The regulator did not respond to a request for comment.

– On Monday a group led by Zevin Asset Management said it would pressure Starbucks to inform shareholders of whether its paid family leave policy – which offers less leave to retail workers, adoptive parents and new fathers than to corporate employees – might count as employment discrimination, the Guardian reported. ‘Paid family leave is a huge factor in how well women can stay involved in the workforce after having a baby, or how much time out they have to take in their careers,’ said Pat Tomaino, Zevin’s associate director of socially responsible investing.

It appears to be the first shareholder proposal calling for a company to rethink its policy on paid family leave. Starbucks argues its parental leave policy is one of the best in the retail industry. A company spokesperson would not comment on how Starbucks would respond to the proposal, but touted its benefits policy.

– The WSJ reported that Uber Technologies’ board unanimously approved a series of changes along with an investment from SoftBank Group that are designed to strengthen the company’s corporate governance and curtail former CEO Travis Kalanick’s influence. Among the approved proposals, Uber’s 11-person board agreed to revoke certain investors’ super-voting rights, which granted them multiple votes per share, according to a person familiar with the matter.

The board also agreed to spread the power on the board by adding as many as six new seats – three independent, one new chair and two possibly designated for SoftBank – the person said. Uber said its board voted unanimously on the SoftBank investment and governance changes, which ‘would strengthen its independence and ensure equality among all shareholders.’ Kalanick said the board ‘came together collaboratively and took a major step forward in Uber’s journey to becoming a world-class public company.’ He said he expects ‘great things ahead for Uber.'

– According to the Guardian, Yahoo said every one of its 3 billion accounts was affected by a 2013 data theft at the company, tripling its earlier estimate of the largest breach in history. The company, now part of Verizon Communications, included the finding in an update to its account security update page. The company said it will begin alerting accounts that were not previously notified of the attack. But it said the latest investigation indicated that the stolen information did not include passwords in clear text, payment card data or bank account information.

‘It is important to note that, in connection with Yahoo’s December 2016 announcement of the August 2013 theft, Yahoo took action to protect all accounts. The company required all users who had not changed their passwords since the time of the theft to do so. Yahoo also invalidated unencrypted security questions and answers so they cannot be used to access an account,’ the company said.

– The WSJ reported that former Equifax CEO Richard Smith repeatedly told legislators that he and other executives weren’t aware of the significance of the company’s data breach until weeks after it was detected in late July. These assertions failed to mollify members of Congress who criticized Smith and Equifax for allowing the hack to happen, failing to immediately realize its significance and the handling of the problem after disclosing it publicly.

Lawmakers also raised questions about the structure of credit reporting companies, whether they need more regulation and the amount of consumer information they gather. Smith, testifying before a subcommittee of the House Committee on Energy and Commerce, said the company initially knew there was an incident involving ‘suspicious activity’, but not that millions of customers’ personal information had been compromised.

– The SEC approved a Financial Industry Regulatory Authority rule proposal intended to streamline competency exams and expand opportunities for prospective securities professionals seeking to enter or re-enter the industry. The rule will take effect on October 1, 2018. Under the streamlined structure, all new representative-level applicants will be required to pass a general knowledge exam and a revised representative-level qualification exam, such as the revised general securities representative (Series 7) exam, appropriate to their job functions at the firm with which they are associating before their registration can become effective.

– Federal Reserve chair Janet Yellen said the central bank has been working to ensure regulations are tailored to the size, complexity and roles of the lenders it oversees, according to Bloomberg. ‘For community banks, which by and large avoided the risky business practices that contributed to the financial crisis, we have been focused on making sure much-needed improvements to regulation and supervision since the crisis are appropriate and not unduly burdensome,’ Yellen said. The Fed has ‘an abiding commitment to consider how our decisions affect institutions and the customers they serve,’ she added.

– The WSJ reported that, although large US companies have for years sought to tie executive pay to financial and stock market results, a new study suggests their efforts aren’t working over the long term. The MSCI study compares 10 years of stock market returns at 423 US companies to the compensation their CEOs received over that period. It finds highly paid CEOs among the worst performers and vice versa, even counting market gains on their equity compensation. ‘There wasn’t really any pattern that seemed to link back to the way the pay worked out,’ said Ric Marshall, executive director of environmental, social and governance research at MSCI.

– US district judge Jon Tigar in San Francisco said current and former Wells Fargo officers and directors, including CEO Tim Sloan, must face nearly all of a lawsuit brought by shareholders seeking to hold them personally liable for sales abuses and the creation of millions of unauthorized accounts, Reuters reported. ‘Where, as here, plaintiffs’ claims arise from a pervasive and undisputed fraud going to the core of the company’s business, it is reasonable to infer senior executives knew about, or at least recklessly turned a blind eye to, the stream of red flags,’ Tigar wrote.

A Wells Fargo spokesperson said the bank was taking ‘decisive steps’ to rebuild trust, including from employees and shareholders, adding: ‘We will continue to advocate strongly for our positions before the courts.’ Lawyers for the plaintiffs did not respond immediately to requests for comment.

CNBC reported that the US Senate voted to confirm Randal Quarles as a member of the Federal Reserve board, bringing what is expected to be a softer regulatory approach to the central bank. Quarles will be the first to hold the title of vice chairman in charge of bank oversight, a position created under the Dodd-Frank Act. In a confirmation hearing in late July, Quarles indicated that he thinks it is time to scale back some of the financial regulations that were put in place after the financial crisis.

– The Consumer Financial Protection Bureau finalized a rule aimed at stopping payday debt traps by requiring lenders to determine upfront whether people can afford to repay their loans. These measures cover loans that require consumers to repay all or most of the debt at once, including payday loans, auto title loans, deposit advance products and longer-term loans with balloon payments.

Sign up to get stories direct to your inbox
Cs logo Cs logo
Loading