Few leaders shaped the landscape of corporate governance as profoundly as Mary Jo White. As the 31st chair of the SEC, White championed accountability and shareholder engagement to set key reforms in motion, including the Universal Proxy Card rule requiring both management and shareholder nominees on a single ballot. Her regulatory tenure ultimately reshaped corporate elections, encouraging broader participation and transparency.
Now a partner in Debevoise & Plimpton’s litigation department, she counsels boards on high-stakes governance matters, earning a reputation among clients as a strategic, practical and trusted voice in boardrooms. In a recent interview, White shared insights about her tenure along with practical advice for boards navigating a more complex regulatory and enforcement environment.
Your tenure as SEC chair encompassed important foundational work on the Universal Proxy Card rule. What prompted that focus on reforming the proxy system, and how did you approach what was surely a controversial change?
Everything was pretty controversial during my tenure. That was the era of the Dodd-Frank and JOBS Act rule-making. So, you were always trying to find space for the discretionary rule-makings, which tended to be fairly controversial as well. Obviously, this was one of those, not a mandated rule-making. It’s been a few years, but my recollection is that the Council for Institutional Investors was very articulate and persuasive in their advocacy for such a rule, as were many others.
Frankly, it was just the logic of it and the fairness of it that I thought were quite compelling. That was pre-pandemic, but even then, for shareholders to need to make it to an in-person meeting so that they could actually split their ticket, so to speak, with competing slates was a deterrent to that aspect of shareholder democracy and empowerment that I thought should be part of the proxy system and part of the shareholders’ sort of litany of rights. Obviously, we didn’t pass it. It was resurrected later, but I thought it was a very important reform.
The final rule came after your departure. What, in your view, has its impact been?
The feared parade of horribles has not happened. While I’m sure there’s always room for improvement and tweaking, from what I can determine it’s worked as intended. So, I’m quite pleased that it was picked up and carried forward. Any rule-making deserves being studied pretty continuously until, if ever, there’s a period of stability in terms of its impact. But from what I’ve seen, it seems to be working well and is at least on its way to achieving its intended purpose. Again, you never rest on your laurels. You study it, improve on it if it needs to be improved.
We’ve seen activist investors pursue board seats pretty aggressively, yet secure relatively few. Is that an example of the rule working or not working?
It falls on the side of the rule working. It was never intended to favor the activists or disfavor the activists. It’s just that shareholders ought to be able to vote for whom they want to on competing slates. Having your vote as a shareholder fully heard shouldn’t depend on whether you’re at the shareholder meeting; it can be rather costly and inconvenient to get there, among other things. So, that result actually doesn’t surprise me. I would have assumed that the rule would be made use of by the activists certainly, and all parties for that matter. But I would have guessed that it would not have had a major impact. That doesn’t mean it’s not working. It just means we’re more assured that shareholders have a full voice, frankly, in a pretty important decision that they make.
You’ve also been credited for promoting transparency and shareholder participation. Do you feel that boards have evolved in response to some of those efforts?
Due to the rule-making? Look, some of it’s compelled, and obviously the argument could be made that if a rule-making wasn’t mandated, the rule would have been different and probably better because you weren’t required to do certain things. For example, pay-ratio comes to mind—even though that obviously increased transparency in one way, how meaningfully did it do that?
But you’ve seen, I don’t want to overstate it by calling it a sea change, but a sea change in transparency, frankly. Some of it’s certainly nudged by the rule-making, but a lot of it nudged by shareholder demands. Obviously, the institutional investors are included in that, maybe primarily even kind of leading the charge on that. But for all investors, frankly, on various things.
Those of us who advise boards, CEOs and CFOs on disclosures still have some with an instinct of, “Do we have to disclose that?” But for many, many years, I’ve been an advocate of, “Yes, you do, and it’s a good idea anyway,” right? So, over certainly the last 10 years, you’ve seen greater transparency. And it’s a good thing.
You referenced boards with a—I don’t know if it’s archaic exactly—tendency to say, do we have to disclose? What kinds of concerns do you hear from boards now in your post-SEC work?
In terms of very recent concerns, there’s been a kind of shifting in the climate on some issues, ESG, DEI and workforce, where [there had been] disclosures and transparencies. So, to the extent that boards and companies had moved in those directions, all of that’s obviously a subject of major scrutiny by the current administration, and obviously by boards as a result of both substantively and then how you disclose whatever it is you are doing in those spaces. That’s a recent change that you didn’t see before in those areas.
It’s interesting because after five years or so of talking about how to disclose about ESG and DEI, now it seems that companies that kind of dragged their feet about disclosing maybe had the right idea.
Well, you could say several other things about that, right? Obviously first, you have to figure out what the law permits. There’s that, and then there is what others might wish the law didn’t permit, and what do you do about that as a prudent company and a prudent board? And how do you describe it in a way that is completely accurate, supportive of whatever your initiatives are, but doesn’t hit the radar screen of a red light?
In many ways that’s unfortunate, frankly, because you want to be able to not have to think so hard about what words you choose in order to avoid scrutiny of something that you think you are clearly proceeding completely lawfully about and is important to you as a company. Nevertheless, others who have the scrutiny power, so to speak, might not agree with you.
What advice do you give boards on how to walk that line?
Since the Harvard decision and Supreme Court’s decision, you advise boards to figure out what is lawful and not lawful. Whether you’re a private company or a public company is relevant in that, but it’s important to both. And where are your values as a company? If they’re consistent with what you’ve been doing for some period of time, is there anything about that that really the law says you can’t do any longer?
Then, you focus on, okay, there’s this sort of gray band that’s always everywhere, right? Do you act prudently by dialing that back or at least looking closely at the language you use in describing that, to be sure you’re not hitting areas that are particularly sensitive at the moment, that if you described it one way totally accurately, it wouldn’t hit the radar screen, but if you describe it in another way, it’s kind of like a red flag. So, all of those issues, you have to do as a prudent board.
That’s difficult to navigate. And whether you’re complying with the law is one thing, but whether you’re going to get unwelcome attention, even though you’re complying, is another.
Yeah. Look, my advice to companies is they should stick to their principles, know what the law is. It has moved away from some things that some companies were doing. You have to take cognizance of that. And then, there’s a risk area and an unknown area to some degree. How do you want to handle that, both substantively and in how you disclose it? But to just back away from it all, even of initiatives that you think are totally lawful under current law, because that will avoid scrutiny… I mean, that’s up to the board and the company, but it’s not something that you’d like to see happening.
When you came into the SEC, the commission was charged with carrying out a lot of mandated rule-making, Dodd-Frank and other acts of Congress. Looking back, which do you feel had the most impact?
Just to talk about that challenge for a second, the SEC had over 100 mandated rule-makings, and that was just a lot. They aren’t all done now, they’re mostly done. We certainly made an awful lot of progress in getting a bunch of them done when I was there, and Mary Shapiro had gotten a bunch of others done. Jay Clayton didn’t want to move them, and didn’t move them. And then, Gary Gensler picked up several of them once he came in.
They ran the gamut, both the JOBS Act and Dodd-Frank had a number of very important rule-makings for financial stability and otherwise in the mortgage area, for example, what was done under the JOBS Act with crowdfunding was important, but it was so conscripted, prescriptive in terms of what we had to do, that we couldn’t really craft what would’ve been optimal, or anything close to an optimal, crowdfunding rule.
When I look back on it, every time you adopted one of the mandated rule-makings, you were kind of revisiting, unfortunately, the political controversy that surrounded Dodd-Frank itself or the JOBS Act itself. That made it exceedingly difficult to, A, get it done, and B, do optimal rule-making that fell within the range you were given by Congress. So, I envy those chairs that have more bandwidth to do the discretionary rule-makings. That’s what, heretofore, the independent agencies were for—their expertise and their bipartisan approach to what makes sense for the markets, what makes sense for investors. I was determined to find the bandwidth for [some of that] despite that heavy burden of the mandated rule-makings, but it’s obviously a balance.
For example, what we did in the asset manager space, the SCI rule on the cybersecurity in effect for the stock exchanges and the major ATSs and so forth; those were enormously important rule-makings that were discretionary. And what will happen to some of the others that were politically motivated… in fairness to the critics, pay-ratio is one of those, conflict minerals is another. That’s an area—now I’ll speak for myself—you’d like to see Congress stay out of in terms of mandating disclosures by the SEC, and you’d like to see the SEC stay out of that too because that is not their expertise. On the other hand, I’m not suggesting they’re not important things, and some investors want to know about them, but those kind of rule-makings, I don’t think have a long shelf life that’s useful.
If you had had more time for discretionary items, what might you have focused on, and what should be focused on now?
Congress made sure we had the power to sort of deal with the broker-dealer, investment advisor, fiduciary duty issues. How can we bring those closer together at least, in a way that there’s not…one has it and one doesn’t, right? Because the functions of those swaths, the critical swaths of the industry have come to overlap much more. So, it was frustrating we couldn’t proceed with that in a sensible way. Due to the complexity, it’s very difficult to do. Obviously, Jay Clayton proceeded with a rule-making in that space. But it only did, as he acknowledged, part of that job. So, that’s one area, and there were a number of market structure issues that one would’ve liked to have had bandwidth for.
Crypto was not really on my radar screen. It really was just beginning as an industry really. Obviously, Bitcoin was around for a while, but… that is not something I had to grapple with as a regulatory matter. It’s critical that it be grappled with as a regulatory matter though… Obviously, I’ve been on the private side of that issue for quite a while now. But quite apart from that, I mean, crypto really is here to stay. And to basically use or overuse the enforcement tool is not the way to go. Parties can’t rely on that. So, you had this situation where the SEC was really de facto trying to prohibit that industry, and that doesn’t work well. But fortunately, I didn’t have to deal with that very difficult problem. Nobody should underestimate how difficult that is to get right, frankly.
What advice would you give now on dealing with that?
The first thing you have to do is clarify who has jurisdiction over what. And that’s probably Congress, right? They’re working on that. You never like to rely on Congress to get something done, but maybe they can. And certainly, the tide of opinion has moved toward, let’s try to kind of rationalize this and do this in a smart, sensible way that protects investors but doesn’t stifle the industry. So, if this were politically realistic, I would probably have another regulator over crypto, as opposed to, is it the CFTC? Is it the SEC? Their tools from Congress don’t really fit in all spaces for crypto. What you want is great expertise, great knowledge and the ability to craft regulation for that space and that industry, which I don’t think the SEC and the CFTC are well equipped to do, frankly.
So, a whole separate entity?
Yes, that would be ideal. But it’ll never happen because you’re just not going to get another [agency], certainly not in the short run. So, you need to rationalize it. And Congress has to play a role in that, not just saying who’s in charge, but the standards for what’s a security, what’s the commodity? You’ll have to do a little of that line drawing, but Congress may be in a better position to do it than kind of ad hoc between the CFTC and the SEC because the Howey test just doesn’t fit. So, you need other standards to do that. They’re working on that, and they’re working on it in a fairly, relatively speaking, bipartisan way.
I’m hopeful something will come out of that. Clearly, the SEC is very focused… Hester Peirce is very, very smart, very knowledgeable in this space. She’s kind of in charge of that, that task force. It’s really the sandbox approach, right? So, for an innovative business for a while, you allow a fair amount of flexibility to see how it does before you try to do regulation for the long run for the whole industry. That makes sense under the current regime.
You worked at the intersection of corporate law enforcement and governance through multiple administrations. What should boards be watching for and prepared to respond to with this one?
We’ve touched on subjects that are obviously on the front burner. In terms of the boards, you have to figure out what you’re doing with areas under scrutiny where there’s change that’s occurred policy-wise and enforcement-wise. We mentioned those in terms of DEI, and it sounds like the SEC is about to embark on a reform of executive compensation rules and things of that sort.
Cybersecurity, putting aside what the changes in what the rule-making may be, what the enforcement powers may be, it’s just a huge risk, the cybersecurity area. It’s been around for a while, but it really has to be at the top of the boards’ list to make sure they’re getting that right.
Then AI, stating the obvious, is a huge challenge. It’s a huge challenge for boards, too, to decide the board’s role, but they surely have a role. They can’t not have a role, particularly with the changes in Delaware law that kind of up the bar for boards and various risk areas.
There are not enough to go around has been some of the arguments against recruiting directors who have AI expertise, you know, cyber expertise. But I will tell you, from my clients, and actually I used to be on a public board myself… it’s enormously helpful to have one or more board members who are conversant in these cutting-edge high-risk areas.
With AI, what are the specific risks or concerns that boards should be focusing on?
To start with, in the disclosure area, which is maybe easier than some of the other areas, be sure you understand what your company is doing in terms of AI and how you’re describing that. Obviously, it’s different for an asset manager or a public company, but what use are you making of it, and what risks are there with making use of it? As a governance matter, you certainly want to put the onus on management, both in terms of what initiatives they ought to be developing with AI, what they are doing, what they plan to do. But then, what’s the best board oversight? You can’t load the audit committee with everything, right? That’s one, frankly, in terms of board composition, where you really need more than one [expert]. You don’t necessarily need an expert in the technical sense, but you want several board members conversant with AI and the risks of AI technology.
Are there other skill sets boards need to make sure are included on their team?
Cyber is still important. Having someone with governmental regulatory background is important. I say that with a caveat because the trend out there a few years ago to have high-ranking ex-government officials join boards is not what I’m talking about necessarily. They might have been high ranking, but I have found just experience-wise that when a company is in crisis, they may be the first people to worry more about themselves and their reputation than the company and the shareholders.
I wouldn’t rule them out. Obviously, you can have a high-ranking former government official who’s a great board member. But what you want is the expertise and the knowledge because in today’s world, if you have a board that’s not conversant with how enforcement, not overly aggressive enforcement, just enforcement, and regulation can impact your company, then Washington is another entirely separate layer you have to be concerned with.
As boards do their assessments of themselves, what should they look out for?
Succession planning is still something that, for boards as well as management, is not where it ought to be. More attention to that is always important. I’ve done more than a couple board self-assessments. Alternating between doing that internally and externally is a good thing. External assessment is useful to get that feedback from somebody who will ask tough questions, get input and have credibility when delivering the results. You get better as a board when you do that.
This is a kind of a tangent, but if you haven’t had a tabletop cybersecurity exercise at the board level, have it. You can have any kind of crisis, right? But cyber’s the one where the tabletop exercise is most developed, and a very good one to do.
What else is important for today’s directors to understand?
I was on the NASDAQ stock exchange board back in the early 2000s when Sarbanes-Oxley happened. Back then, you visibly saw the bar of what was required of directors, CEOs, CFOs, go up before your eyes. It became a very different job… from the point of view of certifying the financials. The audit committee became a different job. And that’s only grown in terms of responsibilities, liabilities as well.
Directorship is not for the faint of heart at any company these days. You need to want to do it. It’s not just something for retired accountants or retired lawyers to do. You really don’t want those people. You want people who are really engaged, really like doing that work or are good at oversight. I really feel strongly about that.
What advice would you give a newly appointed public company board member stepping into their first term?
First, understand what a big job it is and what’s expected of you beyond just six or eight board meetings a year and being on committees. Insist on good onboarding training because you do run into training of varying quality and it may get deferred for some reason. Don’t let that happen.
And, again, this is a delicate one, but get to know your company. You’ll know what you don’t know to some degree. Don’t be shy to ask for briefings, for training on something… or to talk to people who aren’t just the CEO or the CFO. The most successful board members are strong, they know their company, they are not afraid of the CEO, but they also don’t usurp the CEO and try to go around the CEO. Tell the CEO, “Look, I’d really like to learn about this, or I’d like to learn about that.” I would be very, very active in my first year, drinking from that proverbial fire hose.
