The mandate for the U.S. Securities and Exchange Commission (SEC) has always been to require disclosure in registration statements, annual reports, proxy statements, and other documents that companies file with the commission, as chapter 11 discusses. When the SEC has attempted to meddle in corporate governance, at least when it has no specific legislative mandate, the courts have slapped the commission’s wrist. Ordinarily, without a specific legislative grant of authority, the SEC may not exceed its disclosure mandate.
Among the general public, of course, the belief is widespread that the SEC’s mandate is to act as a near-despot over public corporations. That belief is, of course, erroneous, as by and large the SEC’s mandate is to require disclosure and disclosure only.
In Business Roundtable v. SEC, the SEC attempted to meddle in corporate governance.1 As a result, the powerful Court of Appeals for the District of Columbia, known as the little supreme court because of its jurisdiction over cases by persons aggrieved by administrative agency rule making, took the SEC to the woodshed. In the mid-1980s, beset by corporations who wanted to issue super voting stock, say with ten votes per share, mainly as a defense against hostile takeover bids, the New York Stock Exchange (NYSE) quickly folded, deleting the supposedly sacrosanct “one share, one vote rule” from its regulations. Using its power to review exchange rule changes, the SEC rejected the revision, reinstating the one share, one vote rule upon which the NYSE had always prided itself. The Business Roundtable, a conservative organization composed of the CEOs of the largest American corporations, challenged the SEC and won, hands-down.
So, given the SEC’s traditional fiefdom, and its resounding loss in the Business Roundtable case, undoubtedly the SEC felt that it had at its disposal only one tool to deal with boards’ composition, a corporate governance rather than a securities law subject. The tool, of course, would be a requirement for disclosures in documents companies file with the commission.
The SEC’s first and only foray into diversity concerned diversity on boards of directors. Without fanfare, in December 2009, the SEC issued a release entitled “Proxy Rule Disclosure and Enhancements.”2 The release amended SEC Regulation S-K, the umbrella disclosure regulation that dictates what material public companies must disclose and sometimes in what format they must disclose it.3 For example, in tabular form, and as Regulation S-K outlines, companies must disclose the five most highly compensated executives and both the cash and the non-cash remuneration they received in the most recent year. Regulation S-K applies across the breadth of documents companies file with the commission, including registration statements, tender offer documents, proxy statements, and periodic disclosure reports (8-Ks, 10-Qs, and 10-Ks).
Effective February 28, 2010, publicly held companies had to disclose concerning several diversity-related issues:
Based upon SEC filings, in recent proxy seasons, a graduate student (Bryce Holzer) at the University of Washington (Seattle) sorted a sample of twenty-four large cap companies into four groups.5
The first Holzer group consisted of a large number of companies (twelve of twenty-four) who gave lip service only to the new SEC requirements. The companies merely disclosed that diversity was a factor in selecting director candidates. They disclosed nothing further, such as how the corporation considered diversity in the selection process or how effective the company’s efforts (if any) had been.
A second group of companies (three of twenty-four) more closely adhered to but still did not meet the SEC guidelines. Disclosing that, indeed, diversity was a factor, these companies disclosed only tidbits about how their processes encapsulate their diversity commitments. One large company, for instance, disclosed that it instructs the executive search firm it hires to give diversity weight in culling candidate names to present to the board. Another proxy statement provided that “the Governance Committee assesses the composition of the board [including its diversity] at least once per year.”
Third, a fair number of companies (seven of twenty-four, including Boeing, Microsoft, Home Depot, Altria, Century Aluminum, and Amazon), but still constituting a minority of the sample, met the SEC requirements. These companies described the racial and gender composition of their boards of directors. They stated that diversity is considered and stated how they factored it into the selection process.
Fourth, a group of two all-stars (Proctor & Gamble and Citigroup) exceeded the SEC’s bare-bones disclosure requirements. Mr. Holzer found these two companies to be “head and shoulders above the rest.” They fully articulated their policy and their process (instructions to search firms, annual assessment by the governance committee or by the full board, or both). They calculated the results: “two nominees are women and five nominees—including the chairman and the chief executive officer—are Asian, African American or Hispanic.”6 Finally, these two companies attempted to elucidate how diversity affects the operation of their businesses and what they are attempting to achieve.
Early on, then, Mr. Holzer found that only nine of twenty-four corporations met the newly enunciated standards. Later, based upon its examination of the disclosures it had received, the SEC reported that only 8 percent of the companies indicated that they had any sort of formal diversity policy.7 In 2016 Professor Deborah Rhode of Stanford University reported that only an approximate 6 percent of public companies substantially complied with SEC requirements.8
Viewed charitably, many corporate draftspersons may not have developed a feel for the newly amended Regulation S-K and the disclosure the SEC sought to require. If that assessment were accurate, however, as the years progressed, the quality of efforts and the disclosure both would improve. As a result of being required to disclose, companies, boards, and board committees would enhance the diversity-oriented processes. By and large, they have not.
In contrast, viewed less charitably, the SEC regulations contain an obvious “coach and horses” exception. Under the rules, companies may opt out of the diversity disclosure policy altogether by stating that they have no fixed policy within the company regarding diversity of candidates for board positions.9 Brazen corporations can thus short-circuit the SEC’s requirements, negating the regulation’s intended effect. The “no policy” alternative seems to be the SEC board diversity disclosure standard’s Achilles’ heel.10
A second Achilles’ heel is that the SEC fails to define diversity. A frequently quoted line is that “a responsibility to all [or to many] may be a responsibility to none.” Companies may define, and many do define, diversity in their own way. In their SEC filings, many corporations define diversity broadly, as including race/ethnicity (African American, Asian American, Latino), gender, business experience, governance experience, international background, and the like. Not only is the SEC requirement not pinpointed toward gender diversity, but the regulation permits companies to adopt a scattershot approach.
For two obvious reasons, carrying out up-to-date research on compliance with the SEC’s diversity regulation is an academic exercise. One reason is that there appear to have been no enforcement efforts by the SEC of its diversity policy disclosure regulation. A second reason may be that, whatever the level of increased compliance or enforcement, disclosure has not proven effective, at least in information technology. Information technology companies have as poor a record in selecting women as directors or in hiring or promoting women to executive positions as they did before the SEC promulgated the regulation. That record has been as poor after the regulation as it was before adoption. As chapter 1 illustrates, in information technology, disclosure requirements and compliance with them have not moved the needle at all.
In fact, one can pinpoint several other deficiencies in the commission’s regulation:
As concerns diversity, requirements for disclosure are weak tools at best. Regulation through disclosure is too little, like trying to irrigate a desert with a garden hose.
But that is not the biggest objection to a disclosure regime. The biggest objection is that requiring disclosure of some sort is the only tool at the SEC’s disposal. Partly because of circumstances, compounded by judicial decisions such as Business Roundtable v. SEC, the SEC painted itself into a corner. It can do little else than devise some broad-based disclosure requirements concerning gender diversity, or diversity generally, for publicly held companies.
In this country, and unlike, say, European nations that have adopted quota laws, the only avenue open is self-regulation. State legislatures are not going to provide authority for more stringent measures. Neither will Congress. The industry, therefore, and self-regulatory measures by it, are the most means by which the industry will become more inclusive. It will take leadership, a summit, and continuous monitoring for information technology to increase the number of women serving as corporate directors or senior executives. A pure disclosure mandate, with nothing more, is not a promising recipe for success on these issues.