Paul Hastings: “In-House Counsel Guide to Ransomware Prevention, Preparedness, and Response”


“Ransomware is a variant of cyber-attack in which the perpetrators encrypt an organization’s data and then demand a monetary payment for the decryption key, usually in the form of cryptocurrencies such as bitcoin. Ransomware is most frequently delivered through phishing emails that corporate employees click through, introducing the ransomware onto the corporate network. By rendering critical data and systems inaccessible, ransomware can have severe operational consequences and can bring the business of even multinational companies to a halt.

Corporate Governance Rating Of Japan’s Companies (August 2017)

August CG Score inched up 0.7pt YoY

CG Rating Monthly Letter
1. CG Score attribution analysis (08/2016-08/2017)
CG score of core research universe of 489 companies for 1 year period from August 2016 to August 2017 rose 0.7 pt to 61.7 pt from 61.0 pt a year ago. Core universe increased 30 companies to 489 from 459 companies as JPX400 composites have been renewed in the month. The rise in average score keeps improving at modest rate, whereas the change in score from the previous month of 459 companies from July 2016 to July 2017 rose 0.8 pt.
We are reviewing CG enhancement in Japan before / after AGM in June 2017, but that shows modest improvement after AGM. The analysis will be released soon after review.

Why Secom is the Only Non-Financial Japanese Corporate Pension Fund to Sign the Stewardship Code

Yes, it is true.  Secom’s pension fund is the only one.  Following the report of a government study group urging private pension funds to sign the Stewardship Code, it is an open secret that many firms in industrial Japan are now waiting for either Panasonic or Toyota  to sign the Stewardship Code.  If one of these iconic companies’ pension funds signs,  it is said there will be an avalanche of other corporate funds that sign. Conversely, if neither of them signs, everyone can use that as an excuse for why they did not sign, e.g. “even mainstream companies like Toyota or Panasonic did not sign it yet.”.

Oddly, Japanese companies pride themselves on the strength of their covenant to employees, yet neglect employees’ pensions by failing to sign the stewardship code and report how they have handled those funds.  Why is this? Quite simply, Japanese companies are afraid that if their pension funds become more proactive, those same governance and proxy voting practices might come back and hit them in the face at their own shareholders meeting. What is in the best interests of employees’ pensions may not be in the self-interest of corporate executives. This breaks the most important link in the investment chain – asset owner voice.

Here is an article from Bloomberg focusing on this increasingly interesting situation:

” “The only way you can explain this behavior pattern is to say that, let’s face it, senior executives don’t want active proxy voting and engagement in the market,” said Nicholas Benes, the Tokyo-based head of the Board Director Training Institute of Japan. He said they fear “blowback” at their own shareholder meetings. Judging by their actions, “they care more about that than they do about their employees’ funds,” he said.”

Progress: GPIF Refers to “Corporate Governance Codes” for the First Time

The GPIF should be highly commended for including reference to “the corporate governance codes of each country” to its recent statements regarding its stewardship policy and its proxy voting policy. This is a major step forward, considering the politics that it faces and the long-standing and unfounded claim by leaders in the industrial community who claim that if the GPIF had its own “principles and guidance for governance and proxy voting”, that would be “intervening in managerial decision making.  Even though the reference in the recently-released principles bends over backwards to encourage “giving a full hearing to explanations of non-compliance”, if you know the full background, this is significant progress.  (For the first time, the GPIF has uttered the words “corporate governance code” in writing!)

PRI Publishes “Japan Roadmap” Regarding Fiduciary Duty in Japan

PRI published a “Japan Roadmap” suggesting improvements in Japan regarding fiduciary duty and ESG practices. (  The Roadmap cited BDTI’s recent joint research with METRICAL with regard to our analysis showing that lower cross-shareholders correlate with better corporate performance.

Quote from the PRI’s introduction of the Roadmap: “Japan’s governance reforms will fail unless more asset owners join in, and all the talk about stewardship is accompanied by analysis, action and sweat,” said Nicholas Benes, representative director, The Board Director Training Institute of Japan. “The Japan Roadmap makes sensible recommendations to turn governance goals into realities.”

Corporate Governance in Japan 2017 – Report

This is an insightful report with some similar conclusions that recent analysis by BDTI and Metrical (Titlis) also reveals, which will be the subject of a seminar on 3/16.  In particular, the presence of large owners matters, foreign shareholders select well-governed and well-performing companies (a leading indicator for decades), and the quality of directors matters.  The latter point is the reason why BDTI is focused like a laser on director training. The pilot analogy has been in my materials since 2014. I am tickled pink if the FSA has adopted it.  Quote:  “Improving board behaviour is a mindset issue, not a regulatory one. A successful company should be willing to encourage open debate. More so for a company that has been struggling for years with its strategic direction. ….. Independent directors should not be viewed as an ‘unavoidable cost’ but as a ‘wise investment’ for firms. …Would an airline actively seek unqualified pilots to fly its passengers?”


Pity poor Hitachi.

In 2015 Hitachi, accustomed to the forgiving corporate governance culture of Japan, acquired control of Italian railway operator Ansaldo STS, a publicly listed company, without fully comprehending the traps for the unwary that lurk in corporate governance environments outside Japan. The shareholder list of Ansaldo STS, it turns out, was loaded with sophisticated hedge funds that have cleverly exploited their “rights” as minority shareholder “victims” to try to shake down Hitachi for more cash. The case for victimhood made by the hedge funds is superficially appealing, but on closer analysis unpersuasive.

”Research Reveals “Human” Issues as Top Cyber Security and Business Risk”

”…Based upon the data collected from the first global survey to capture the voice of cyber security professionals on the state of their profession, this final report of the two-part series, titled “Through the Eyes of Cyber Security Professionals: Annual Research Report (Part II),” concludes:

  • The clear majority (92%) believe that an average organization is vulnerable to some type of cyber-attack or data breach.
  • People and organizational issues contribute to the onslaught of security incidents.
  • Most organizations are feeling the effect of the global cyber security skills shortage.
  • Cyber security professionals have several suggestions to help improve the current situation.
  • Sixty-two percent (62%) believe critical infrastructure is very vulnerable to cyber-attacks.
  • Sixty-six percent (66%) believe government cyber security strategy tends to be incoherent and incomplete.
  • Eighty-nine percent (89%) of cyber security professionals want more help from their governments

ISS Proposes Policy Opposing the Creation of “Advisory” Posts (sodanyaku, komon)

ISS has proposed a policy for Japan essentially opposing the creation of “advisory” posts for retired directors or kansayaku, who can tend to over-influence the decisions of currently serving executives because the “advisors” were previously the “senpai” (seniors)  of executives, thus creating bottlenecks or “legacy” issues can make changing strategy difficult. This occurs notwithstanding the fact that “advisors” bear no fiduciary duties, cannot be sued by shareholders, and require no disclosure (not even regarding their compensation). At the same time, METI has announced that it will undertake a study about the impact of such positions.

Such advisory posts are a custom in Japanese corporate governance that I have publicly opposed for some time, even before I proposed the full disclosure of all compensation paid to “advisors” when proposing the contents of the Corporate Governance Code to the FSA in 2014. (Unfortunately, the FSA did not include that provision. )

While ISS’ proposed policy is the outcome of my recommendations in an indirect sense, in fact I have had no recent discussions whatever with anyone at ISS about this topic, and it is most accurate to say that concern about the practice simply “percolated” and came to be shared by many others over the past few years.  This is further evidence of a deepening dialogue and consideration of key issues related to corporate governance practice in Japan.

I would like to encourage those who have comments on the proposed policy to respond to the questions below by sending an email to: