Boardroom Confidentiality Under Focus
In our Age of Communication,1 confidential information is more easily exposed than ever before. Real-time communication tools and social media give everyone with Internet access the ability to publicize information widely, and confidential information is always at risk of inadvertent or intentional exposure. The current cultural emphasis on transparency and disclosure—punctuated by headline news of high-profile leakers and whistleblowers, and exacerbated in the corporate context by aggressive activist shareholders and their director nominees—has contributed to an atmosphere in which sensitive corporate information is increasingly difficult to protect. There is limited statutory or case law to guide boards and directors in this area, and there exists a range of opinions among market participants and media commentators as to whether leaking information (other than illegal insider tipping) is problematic at all.2
Directors' legal obligations with respect to confidentiality are not well articulated,3 and confidential board information is unique in the corporate context. It includes material, non-public information, the disclosure of which is regulated by federal securities laws and by company-wide policies and procedures, but it also includes sensitive boardroom discussions that have both personal and business elements and implications. In order for boards to function effectively, directors must feel comfortable expressing their views in the boardroom on corporate matters honestly and freely, without concern that their conversations will be made public.
Concerns about leaks often increase with the election of "constituent" directors. These directors, placed on public company boards through proxy access or a proxy fight, are typically perceived—rightly or wrongly—as representatives of those shareholders that nominated them and are considered likely to share details of board deliberations with their sponsors. When sensitive board information is deliberately exposed by a director, boards may struggle to respond effectively, as the remedies available to the board and the company are limited, particularly since directors cannot require another director to resign. In order to protect confidential and sensitive information, boards should, at a minimum, have robust director confidentiality policies and, in appropriate circumstances, should consider adopting bylaws regarding preserving confidentiality. Companies may also want to review their crisis management plans to ensure that they cover breaches of confidentiality by directors in addition to employees.
Confidential Board Information
Confidential, non-public corporate information falls generally into three categories: proprietary information that is of competitive, commercial value to the company; inside information about the company's finances, operations, and strategy; and sensitive information regarding board proceedings and deliberations. Unauthorized disclosures of proprietary information could imperil a company's competitive advantage or commercial success while unauthorized disclosures of inside information can lead to illegal insider trading and manipulation of the company's stock price. Information in any category that is material and non-public may be disclosed by company insiders only in specific ways prescribed by the federal securities laws, including Regulation FD. For these reasons, all companies should have comprehensive corporate confidentiality policies that apply to employees as well as directors. The authorized processes and channels for disclosure of confidential corporate information should be well defined and understood within the company, as improper disclosures can lead to criminal and civil liability in certain circumstances.
The third category, sensitive board information, includes information to which a director is privy by virtue of his or her membership on the board of directors. In the course of fulfilling their fiduciary duties and director responsibilities, directors are entrusted with significant amounts of material, non-public information of all types; however, they also become aware of the inside story: how this confidential corporate information is discussed, used, and understood within the board itself. Directors generally know how their fellow board members view corporate executives, strategic initiatives, potential acquisitions, competitive and legal threats, and even each other. They also understand how board deliberations have developed over time. Any element of this "meta-information" may be of particular importance, may be potentially disruptive or embarrassing if disclosed, or may simply have been shared within the boardroom with the expectation of privacy. Leaks of sensitive board information—as opposed to proprietary or valuable corporate information—also can be highly damaging to a company. Such leaks can be made publicly, to the media and the investor community at large, or privately, to a director's sponsor or other influential shareholders.
Public and Private Disclosures
The most sensational type of leak happens when a disgruntled or dissatisfied director provides confidential information to the media in order to put pressure on the rest of the board. One recent headline-making situation involved J. C. Penney director, and activist investor, William Ackman. Ackman was a major stockholder of J. C. Penney, owning nearly 18 percent of the company's shares through his hedge fund Pershing Square Capital Management. In August 2013, Ackman provided to a major news outlet two letters from himself to the J. C. Penney Board.4 The letters detailed boardroom discussions and expressed frustration with the leadership of the company and the J. C. Penney board, particularly with respect to the ongoing chief executive search process. The public firestorm that ensued benefited no one; the outcome included high-profile criticism of Ackman's behavior from prominent members of the corporate community, Ackman's resigning from the J. C. Penney board, Pershing Square's sale of its holdings in the company, and a dramatic (and ongoing) decline in the value of J. C. Penney stock.
A less dramatic but likely more prevalent type of boardroom leak is the private communication of confidential information by constituent directors to their sponsoring shareholders. Activist shareholders and the investment community are increasingly pushing for shareholder-sponsored directors on public company boards, and indeed their numbers are growing.5 Dissident success in proxy fights put more constituent directors on boards in 2013 than in any year since 2009. In 2013, there were 90 proxy fights, 30 of which went to a shareholder vote. Of those 30, 17—over half—were won by the dissident. By contrast, 2012 saw only 77 proxy fights, of which 28 went to a vote, and nine of those were won by dissidents.6
The possibility of mandatory proxy access still lingers, though fortunately it is no longer on the near-term horizon. Proxy access had been a top Securities and Exchange Commission (SEC) priority but suffered a setback in 2011 when the U.S. Court of Appeals for the D.C. Circuit overturned the rule on the basis that the SEC had not conducted an adequate analysis of the rule's economic impact.7 In 2012, SEC Chairman Mary Schapiro told a Congressional panel that the SEC had no immediate plans to revisit its proxy access rule.8 Nonetheless, shareholder proposals on proxy access slightly increased in number and shareholder support in 2013, and two did receive shareholder approval.9
Constituent directors may be chosen for board seats by their sponsoring entities on the explicit understanding that they will share inside information for investment evaluation purposes. Indeed, the Delaware Chancery Court recently expressed the view that "[w]hen a director serves as the designee of a stockholder on the board, and when it is understood that the director acts as the stockholder's representative, then the stockholder is generally entitled to the same information as the director."10 Absent contractual or bylaw provisions to the contrary, Delaware law permits constituent directors to disclose information to their sponsors so long as they do so in a manner that is consistent with their fiduciary duties. If the corporation were harmed by the disclosures, or if the director knew that the sponsor would use the information disclosed to usurp corporate opportunities belonging to the company, the director likely would be found to have breached his or her duty of loyalty.11 Regardless of the director's intention, however, once information has been passed outside of the board, as a practical matter it is impossible to control the flow of information from the sponsoring shareholder's employees to others in the investment community, absent specific confidentiality obligations being in place. Other directors may not be aware of the extent or type of information that a constituent director is providing to the sponsoring shareholder, nor how widely the information is being disseminated. Certain activists routinely enter into confidentiality agreements with companies on whose boards they participate, and these agreements, when properly drafted, protect both the company and the activist.
Some activist hedge funds have begun the unfortunate practice of providing their constituent directors with special compensation arrangements, some of which are contingent on certain events or on the implementation of the shareholding entity's plans for the company. These arrangements are deeply problematic, as directors—regardless of who nominates them—owe fiduciary duties to all shareholders of the company and should not be prioritizing any particular agenda for personal benefit. As one commentator has observed, "If this nonsense is not illegal, it ought to be."12 Boards should give consideration to adopting a bylaw that would disqualify candidates from serving as directors if they are party to such arrangements,13 although a position recently taken by ISS makes this decision more difficult.14
There is a risk of harm to the company itself when any confidential information is leaked, but there is certain harm to the functioning of the board of directors when its sensitive deliberations are publicly disclosed. An effective group of directors trusts and relies on each other, encourages discussion and debate, and can tolerate even strongly-held dissenting views. When trust has been undermined, board effectiveness will be seriously compromised. A major breach of confidentiality, or an ongoing flow of sensitive information outside the board, can have a chilling effect on board deliberations, thereby depriving shareholders of the full benefit of the directors' expertise and judgment. Meetings are likely to become contentious, and the board may become incapable of consensus or timely decision-making. All of this is particularly true when a leak exacerbates existing board dysfunction. Showing a lack of understanding of board dynamics, activist director William Ackman opined—in one of his letters to the J.C. Penney board that he provided to the media—that "[e]xtreme candor among directors is critical."15
Public company boards should consider implementing a confidentiality policy specific to directors. The policy should define "confidential information" broadly, listing examples of the types of information covered, and emphasize that the category includes all non-public information entrusted to or obtained by directors due to their position on the board. The policy should remind directors of their fiduciary duties and state that directors may only use confidential information for the benefit of the company, and not for personal benefit or the benefit of any other entities. The policy should specifically address the issue of disclosure by constituent directors to their sponsors and should note that directors are bound by their confidentiality obligations even after their tenure on the board concludes. The policy should expressly state that, while directors may disclose confidential information when required by law, in such cases a director should provide advance notice of the upcoming disclosure to the board, its chairman, and the chief executive officer. The policy could also require the director is to attempt, in cooperation with the company and at the company's expense, to avoid or minimize any required disclosures through legally available steps.
Having a detailed and robust board confidentiality policy will serve both to advise directors (and their sponsors, if any) as to their obligations with respect to sensitive board information and to create a board culture that views leaking as unacceptable and dishonorable behavior. The chairman of the board should provide the policy to director candidates before they are nominated (or, in the case of constituent directors, directors-elect before they begin service) and may wish to obtain written or oral assurances that they understand and can abide by the terms of the policy. Another available mechanism is a board-approved bylaw requiring director nominees to confirm their acceptance of the board's confidentiality policy and to agree that they will not act as representatives of particular constituencies while on the board. Advance notice bylaws for director nominations may also contain confidentiality requirements. To the extent information will be shared with sponsors by their directors, the board should require the execution of a confidentiality agreement with the sponsor.