A prominent proxy adviser has recommended that Target Corp.’s shareholders oust seven of 10 board members at the retailer’s annual meeting next month, saying that those directors failed to protect the company against a massive data breach last year.
Institutional Shareholder Services (ISS), which provides counsel to investors, said members of Target’s audit and corporate responsibility committees should not be re-elected since risk assessment and oversight of reputational risk were part of their duties.
“The data breach revealed that the company was inadequately prepared for the significant risks of doing business in today’s electronic commerce environment,” ISS said in its report, released this week.
ISS went on to say that these two committees “should have been aware of, and more closely monitoring, the possibilities of theft of sensitive information” given Target’s significant exposure to customer credit card information and e-commerce.
In a statement, Target said Wednesday that the board views risk oversight a “full board responsibility.” As for data security issues, it said it had been among the “best-in-class within the retail industry” before the cyberattack.
“As one would expect, following the criminal attack that resulted in the data breach, the board is re-examining the entire risk oversight structure, including senior management roles and reporting structures, as well as board oversight,” the company said.
Target declined to make any representatives available for an interview.
ISS’ recommendations can be “highly influential” and are sometimes directly followed by mutual funds and other big institutional investors, said David Larcker, a Stanford business professor who focuses in corporate governance.
“It can move the vote 20 to 30 percent,” he said. “That can be a pretty big number.”
Another proxy adviser, Glass, Lewis & Co., however, is encouraging Target shareholders to wait before holding the board accountable for the data breach, noting that investigations are ongoing. For now, Glass Lewis said there is not enough evidence that the breach resulted from board or management neglect. It did recommend that shareholders reject two current board members, but for other reasons.
In their reports, ISS and Glass Lewis expressed support for a shareholder proposal to require an independent chairman by separating the role from the CEO. At last year’s annual meeting, that proposal failed after garnering just 37 percent of votes. But ISS said this could be even wiser to do now given the impact from the data breach.
In response, Target said the board prefers to have flexibility to determine which leadership structure best serves the company’s interests.
“The board believes there are many strong governance practices in place at Target that balance any risk of concentration of authority that may exist with a combined chair/CEO position, including the requirement to have an independent lead director in those situations,” the retailer said.
Even if it doesn’t swing the vote, the proxy adviser’s report will bring additional scrutiny to these issues, Larcker said. And it may put pressure on some board members if say, 45 percent of shareholders vote against them, he added.
“That’s a pretty uncomfortable position, and you may just resign,” Larcker said.
Last year, ISS recommended a “no” vote for three Wal-Mart board members amid the retailer’s foreign-bribery probe. All three of them kept their seats, but with less support than other board members.
This year, it is advising Wal-Mart shareholders to oppose the re-election of two board members. But ISS’ recommendations don’t have as much sway at Wal-Mart given that the Walton family owns about 50 percent of that company’s stock.
As for Target, it is no stranger to proxy fights. In 2009, activist investor Bill Ackman unsuccessfully tried to add himself and four others to the company’s board.
Among the Target board members ISS suggests shareholders vote against this year is interim board chairwoman Roxanne Austin, who leads the company’s audit committee.
In December, Target disclosed that its point-of-sale systems had been compromised by cyberthieves who gained access to the personal and financial information of tens of millions of customers. The breach triggered several congressional hearings and a blistering Senate committee report outlining several steps Target could have taken to prevent the attack.
Amid the fallout from the breach, Target’s chief information officer, Beth Jacob, resigned in March. In late April, the company announced that Bob DeRodes would take over that role.
But ISS noted that questions have been raised about the adequacy of Jacob’s credentials to be the chief information officer. It noted that her public biography listed previous roles such as head of guest operations. DeRodes, by comparison, has a deep background in information technology and data security, it said.
Target is still looking for a new chief security officer and chief compliance officer, in addition to a new chief executive since the board fired Gregg Steinhafel last month.
But ISS said these actions by the board seem to be “largely reactionary in nature.” It noted that Target’s stock has fallen about 11 percent — or a $4.2 billion loss in market value — since Dec. 18 when the data breach was first disclosed.
“For shareholders who have seen the value of their investment decline by over 10 percent, this might appear to be a case of ‘too little too late,’ ” ISS said. “The addition of these ‘new’ positions raises serious concern about how Target could have been running a business of its size and complexity without these permanent roles.”
But one area where ISS and Target management see eye-to-eye this year is executive compensation. Last year, ISS opposed Target’s “say-on-pay” vote, which ended up only receiving 52 percent of votes. So in the year since, Target has reached out to shareholders and come up with a plan to lower its executive pay and more closely tie it to performance.
So the proxy adviser suggested shareholders give the green light to that proposal at the annual meeting, which will be held on June 11 in Dallas.