BOARD COMPOSITION SHAREHOLDER COMMUNICATION HUMAN CAPITAL STRATEGY ENTERPRISE RISK MANAGEMENT Businesses are increasingly facing a wide array of enterprise risks that are being exacerbated by the speed of technology, increased shareholder activism, rapidly evolving regulatory requirements, an abundance of communication channels and opportunistic plaintiffs. Given this changing environment, boards face new challenges in how they monitor and manage reputational risks. Independence Skills Diversity Tenure Transparency Say on Pay Activism Proxy Access Enterprise Risk & Crisis Response Anti-Corruption Cybersecurity Social Media Regulatory Privacy Blake, Cassels & Graydon LLP | blakes.com Work with management to establish an appropriate human capital strategy that attracts and develops talent. Ensure that compensation policies and incentives encourage appropriate behaviours and acceptable risk-taking. Nurture a positive and principled culture by setting the tone at the top. Develop long-term and emergency succession plans for the CEO and other key executives. Corporate Governance *Hover over the icons below to reveal more about each issue. Diversity Achieving a wide range of knowledge, experience and perspectives on the board is key. Consider a diversity policy and recruitment process that achieves this. Tenure Adopt a constructive director peer review process, and examine the board’s needs in light of industry evolution and the company’s anticipated direction. Consider outside directors’ tenure and board turnover. Skills Board members should have complementary skills including expertise in financial matters, strategic planning, corporate governance, human resource management, operations, risk management and industry-specific skills. Independence Strike the appropriate balance between independent and non-independent directors, recognizing that one size does not fit all. Establish a protocol to address conflicts of interest. Activism With the rise in investor activism, boards are revising their shareholder communication strategies and directors should be prepared to deal directly with investors to ensure that any concerns are fully understood. Transparency Augment disclosure documents with clear statements regarding the board and management’s long-term plans and vision for the company. Say on Pay Proactively engage with shareholders and be responsive to their concerns. This may encourage support of say-on-pay resolutions or avoid “withhold” votes and a loss of majority support for director nominees. Proxy Access Some governance commentators and shareholder advocacy groups are looking for shareholders to have further rights to directly participate in the director nomination process. While proxy access initiatives are gaining some ground in the U.S., no consensus for support has been reached in Canada. Cybersecurity Undertake security testing and audits to identify vulnerabilities and necessary technology enhancements. Given the complexity of information systems and the ever-evolving ingenuity employed by cyber-attackers, ensure that a thorough incident response plan is in place. Corporate Governance A strong governance framework should account for a company’s particular context and characteristics. It should focus on relevance to the company and consequential substance rather than being a “check-the-box” exercise. Anti-Corruption Criminal and regulatory investigations and prosecutions can have a devastating impact on a company, its directors, responsible officers and other stakeholders. Develop anti-corruption compliance programs and conduct detailed anti-corruption due diligence during transactions. Privacy Regulation of the collection and use of personal information has become a key concern. Develop and implement policies to ensure compliance and protect privacy. Social Media Employees’ use of social media presents unique challenges for employers. Establish a social media policy in order to minimize potential liability if an issue arises. Regulatory More than ever, regulators expect a high degree of board engagement and oversight around a company’s regulatory compliance program. Enterprise Risk & Crisis Response Directors must oversee management’s design and implementation of (1) ERM programs that utilize a proactive approach to the identification and assessment of organizational risks, (2) compliance plans to guard against those risks and (3) crisis response protocols to mitigate the impact on the long-term financial health and reputation of the organization and its stakeholders when risk incidents arise.