ISS recently released updated methodology for its Governance QualityScore (GQS) rating system for institutional investors.  The new factors relate to areas of emerging concern to investors, with 11 of the 17 new factors addressing information security risk and oversight.  Other new factors relate to board matters, such as diversity, inclusion, practices and composition, and to compensation matters, such as whether and the extent to which special grants have been made to executive officers.  ISS also extended to the U.S. market certain factors regarding the number of boards on which directors serve and shareholder voting rights.  ISS further indicated that the updated methodology reflects the rebalancing of certain existing factors in the categories of Board Commitments and Litigation Rights.

ISS reviews its methodology annually to ensure that its approach remains closely aligned with ISS’ benchmark voting policies and reflects developments in regulatory and market practices.  Key updates to ISS’ benchmark voting policies for the 2021 proxy season are summarized in our December 11, 2020 post. The new factors and factors newly applied to the U.S. market include:

New Factors as of January 29, 2021:

Audit (Information Security Risk Oversight)

• What percentage of the committee responsible for information security risk is independent? (Q403)
• How often does senior leadership brief the board on information security matters? (Q404)
• How many directors with information security experience are on the board? (Q405)

Audit (Information Security Risk Management)

• Does the company disclose an approach on identifying and mitigating information security risks? (Q402)
• What are the net expenses incurred from information security breaches over the last three years relative to total revenue? (Q406)
• Has the company experienced an information security breach in the last three years? (Q407)
• What are the net expenses incurred from information security breach penalties and settlements over the last three years relative to total revenue? (Q408)
• Has the company entered into an information security risk insurance policy? (Q409)
• Is the company externally audited or certified by top information security standards? (Q410)
• Does the company have an information security training program? (Q411)
• How long ago did the most recent information security breach occur (in months)? (Q412)

Board Structure (Diversity and Inclusion)

• Does the board exhibit ethnic or racial diversity? (Q390)

Board Structure (Board Practices)

• What percentage of the sustainability committee is independent? (Q396)

Board Structure (Board Composition)

• What percentage of the board has familial relationships with other directors? (Q401)

Compensation (Communications and Disclosure)

• What is the level of disclosure on diversity and inclusion performance measures for the short-term or any long-term incentive plan for executives? (Q398)

Compensation (Compensation Controversies)

• Has the company made special grants to executives excluding the CEO in the most recent fiscal year? (Q399)
• What percentage of the CEO’s total compensation was due to special grants in the most recent fiscal year? (Q400)

Application of Existing Factors to New Markets:

Board Structure

• How many executive directors serve on an excessive number of outside boards? (Q36)
• Does the Board Chair serve on a significant number of outside boards? (Q39)

Shareholder Rights

• What is the percentage of multiple voting rights or voting certificates relative to total voting rights? (Q57)
• What percentage of issued share capital is composed of non-voting shares? (Q63)

[View source.]