A new director of a public company, starting a normal term of service, should expect to be involved in at least one crisis during his or her service. A crisis can come in many forms it may involve health issues of senior executives, product recall, violation of laws such as the Foreign Corrupt Practices Act, financial restatements, whether or not resulting from fraud, violation of codes of conduct such as sexual harassment or discrimination, etc. The list of possible causes goes on and on. But it is “when,” not “whether.”
New directors should concentrate on three questions to prepare for the (almost) inevitable crisis.
- What should a director do in advance to be as prepared as possible?
- When the crisis arrives, what are the proper questions to ask and steps to take to minimize the impact on the corporation, the shareholders and the directors themselves?
- What conflicts will emerge that may make coping with the crisis even more difficult? Answers to the second and third are situation-dependent, but thoughtful preparation will pay real dividends.
Preparing for a crisis will help mitigate its impact. Yet, many boards do little or nothing to prepare, and hence, when the crisis arrives, they start from a defensive and disorganized base. This is particularly untoward, because, in many crisis situations, the company’s responses in the first 24-48 hours will be very important to managing the situation successfully. Directors should be educated on the principal laws which affect their businesses, they understand the nuances of their Directors & Officers liability insurance policy, and they should assemble and “drill” with a core crisis management team. Crisis plans should include, as a minimum, succession planning for illness or death of senior executives (including discussion of appropriate disclosure) depending upon the company, product recall and accounting or financial fraud or possible foreign corrupt practices. Plans to cope with physical, bio- and cyberterrorism should be addressed as well.
Planning for a crisis should be a key part of a company’s risk management process. Prudence suggests a 360-degree view of risks, which should be developed by a group of current and former directors, key executives and operating personnel, working outside the normal chain of command. This group, a “Risk Assessment Committee,” should evaluate risks based on probability and consequence, and should report to the board regularly on areas in which risk mitigation needs to be strengthened. The group’s work should be coordinated with any external enterprise risk management activities and with internal risk management efforts, a crisis will occur when a risk, whether or not anticipated, materializes.
Crises often have ramifications for the on-going operations of the business including but certainly not limited to access to capital markets and retention of key employees. While some of the preparatory work should be delegated to appropriate committees, the full board, at each regular meeting, should address the aforementioned questions in an appropriate sequence. External resources, including counsel, forensic accountants, security consultants and crisis communications support, will need to be involved to provide briefing materials and contingency plans. Screening and selecting these specialized advisors in advance is critical—they will provide major inputs when the crisis arrives. Internal crisis management teams also may be involved. (These teams usually are organized into functional areas such as IT, HS&E and physical security.)
What to do when the crisis arrives? The first step should be to select a leader of the crisis response effort. That leader may be the lead director (or chairman) or the chairman of a major board committee. The leader should supplement the core crisis response team as necessary. The team usually will involve top management, unless there is some evidence of a potential conflict, e.g., financial fraud. The team should include a small group of independent directors, appropriate technical advisors and communications support. To the maximum extent possible, the crisis management activity should be separated from the on-going business, to reduce disruption to employees, suppliers and customers.
It is very important for the board to take initial control of the crisis management process, both to avoid conflicts and to keep management focused on the company’s operations. If it becomes clear that the crisis can be appropriately handled by management without conflict of interest or diverting attention from operations, the board may reassign lead responsibility back to management.
After the team is assembled, the next step may well be to issue a statement regarding the company’s position and/or taking responsibility for the consequences of the crisis event. Simultaneously, the team should start fact-finding, to identify what is known, what is uncertain, and what consequences are likely to result. In the case of senior management health issues, the process may be relatively straightforward; in the case of product recall, illegal payments, or financial fraud, the process may require extensive fact-finding over a period of months and may involve coordination with regulators. (The question of notification of regulators—how much to report and when—is a complicated one, the answer to which will depend on facts and circumstances.) In many situations, fact-finding is a very slow process, requiring reviews of emails, written correspondence, etc. What is thought to be true often turns out to be false and vice versa. It is important that the company inform its outside auditors and its lenders in a timely but appropriate way. The auditors will need to consider interim filings, control opinions and the consequences of forensic work to be done by an independent firm if necessary. And, to the extent that the company’s loan documents have representations about material adverse events or litigation, or financial covenants and/or capital markets access may be affected, and lenders and investors may need to be informed.
Directors should anticipate that crises arise with little or no warning, and, at the onset (and perhaps for some time), they will receive little and imperfect information. Pressured decision-making often will be required, without much analytical support. (Note the contrast to the regular board process, with thick binders, detailed presentations and carefully vetted management recommendations.)
The full board should be kept well-informed on a regular basis, but its focus should continue to be to monitor company performance. In the early stages of a crisis, much is likely to be unknown. “Murphy’s Law” seems to apply more often than not, in that new information which emerges is more likely to be negative than positive—unearthed email files may contain all kinds of bad news, and disgruntled employees may emerge with all kinds of stories.
As the crisis develops, certain conflicts are inevitable—and directors should be prepared for them.
First, management will want to take charge of the crisis response, and the internal general counsel will want to take responsibility for oversight of any investigation. Depending on the nature of the crisis, these efforts generally should be rebuffed. Management’s attention should be directed to improving the company’s operations, and unexpected conflicts may emerge which cause management some embarrassment or worse.
Second, legal counsel, whether the company’s lead outside firm or special counsel (choice of which itself is a topic to be addressed), often will advise to disclose as little as it permissible, and to avoid speculation or assertion about unknowns. Crisis communications teams, on the other hand, generally will favor fuller disclosure, and even acceptance of responsibility, in an attempt to “get in front of the problem.” Although there is no perfect balance, directors often will find themselves pulled in opposite directions. Directors need to think through both of these conflicts carefully, for the sakes of the corporation and shareholders they represent, as they focus on their decisions.
In summary, get ready, prepare for your calendar to be torn apart by unrelenting demands for meetings, and expect lots of finger-pointing and conflicting expert advice.
Herbert S. “Pug” Winokur Jr. is chairman and CEO of Capricorn Holdings, Inc., a private investment firm. He has served on a number of public and private for-profit and nonprofit boards, and has attended more than 300 public company board meetings.