More companies seem to be expanding their compliance efforts related to their executive compensation disclosure in the area of potential risks created by compensation plans. Item 402(s) of Regulation S-K, issued by the U.S. Securities and Exchange Commission in December 2009, requires a company to assess whether its compensation policies and practices for all employees, including non-executive officers, are reasonably likely to have a material adverse effect on the company. Item 407(h) of Regulation S-K requires disclosure of the company's board leadership structure and the reasons why the company believes that its board leadership structure is appropriate, including a description of the extent of the board's role in the risk oversight of the company, such as how the board administers its oversight function, and the effect that this has on the board's leadership structure.

Because the SEC published its new rules on compensation risk review and disclosure in December 2009, too late to do much for the 2010 proxy statements, and 2010 saw promulgation of the Dodd-Frank Act, many companies never fully ramped-up their compliance efforts related to their executive compensation disclosure in the area of potential risks created by compensation plans. However, more and more companies are doing so all of the time. We have worked with various individual companies to conduct a compensation risk assessment, usually including the company's chief legal officer, chief human resources officer, chief financial officer and chief risk officer. Often we assist the company with preliminary organizational matters, such as conducting an initial organizational meeting and/or establishing a separate compensation risk review committee, developing a committee charter, developing a process for activities, developing a timeline and making initial contacts with external resources.

To initiate the compensation risk review, the company (and its counsel) must collect all compensation plans, policies and practices provided by the company and its affiliates for all employees, including non-executive officers. Generally, these plans, policies and practices will fall into the following categories:

  1. Long-Term Incentives (including the company's equity incentive plan and equity award agreements); 
  2. Short-Term Incentives (including the company's annual bonus plan, retention awards, and/or sales incentive programs);
  3. Employment, Severance and Change in Control Agreements; and 
  4. Qualified and Non-Qualified Retirement Plans (collectively referred to as the "Plans").

The company should provide the annual "company spend" for – and number of participants in – each Plan. The company or its counsel should review and analyze the Plans (we usually do that by preparing a chart entitled "[Company] Areas of Potential Compensation and Risk"), which summarizes the performance measures, pay mechanics, and potential payouts for each Plan. After reviewing the summary of the Plans in conjunction with the annual company spend and number of participants in each Plan, the company or its counsel should conduct a preliminary or initial review to identify the potential compensation risks for each Plan.

Counsel also should review the company's board of directors' committee charters, corporate governance guidelines, code of business conduct and ethics, Form 10-K risk factors, any enterprise risk management assessment report prepared by the company or its auditors, and other relevant company documents and information.

To assist in its initial review for potential compensation risks, some companies also use a chart entitled "Review of Potential Compensation Risk for [Company]." The chart summarizes nine Plan-specific categories of risk and thirteen overall company considerations that we have identified through experience and in literature and studies by other well-known compensation professionals and organizations. This chart also includes five potential risk disclosure triggers identified by the SEC in its proxy statement disclosure rules. (If the company or its auditors (or other consultants) have undertaken an enterprise risk management assessment, any categories of enterprise risks that were identified in such assessment should be added to the chart.) The company or its counsel should review each risk category for each Plan and made a preliminary determination whether there is little or no risk, low to moderate risk, or moderate to high risk. The company or its counsel also should attempt to identify potential mitigating factors for any potential risk.

After conducting an initial review, the key company parties involved with the compensation risk assessment should meet with counsel to discuss each category of risk. At this meeting, the parties would conduct a formal risk assessment of the Plans, during which they would discussed each category of risk in greater detail and identify any additional mitigating factors.

After completing this review and compiling the additional mitigating factors identified by the company during the meeting, the company or its counsel should complete its summary of the company's assessment of potential areas of risk and summarize them in the Review of Potential Compensation Risk chart. A written report of results of the compensation risk assessment should be prepared and a draft of the report reviewed with the chair of the compensation committee and any external resources (e.g., auditors or consultants) that were involved in the assessment. 

After the draft report is revised as necessary to finalize it, the company or its counsel should present the final report to Compensation Committee and/or the Board and suggest SEC disclosure language for future proxy statements. (Finally, the company or its counsel also should suggest and/or implement changes to the process for future reviews.)

Fellow blogger Mark Borges has pointed out that the 2012 proxy statement of Cummins Inc. contains a good summary of the process and a good example of disclosure.