Volkswagen’s Emissions Scandal: Lessons for Corporate Governance? (Part 2)

In Part 1 of this post, I posed the question why risk-averse managers at VW might have failed to launch an internal investigation into any potential smoking guns during the company’s prolonged and extensive emissions cheating. The answer, I would hazard, has to do with high-powered incentives. We tend to think of these as being a peculiarly problematic feature of Anglo-American corporations, with dispersed share ownership. In these firms, high-powered incentives in the form of heavily performance-related pay are conventionally deployed as a way of encouraging managers to be less risk averse with respect to business decision-making. The ‘performance’ criterion is normally defined by reference to the stock price, and it is ‘high powered’ because it responds aggressively to changes in the criterion. This is known to give rise to problems when it comes to compliance with corporate obligations imposed for purposes other than to maximise shareholder value: think of Enron, or banks prior to the financial crisis.

What the VW case exposes is that high powered incentives can be linked to compliance problems, even in firms that do not ostensibly have a culture of pursuing ‘shareholder value’. Like all large German firms, VW had a two-tier board structure. VW’s CEO, Martin Winterkorn, had a pay package that was heavily tilted towards variable pay. In 2014, he took home €16m ($18.3m), of which only €2m ($2.3m), or 12.5%, was fixed compensation. The heavy tilting towards performance related pay was common across members of VW’s Vorstand, or Management Board. While executives’ variable pay was not tied directly to the share price, it was linked closely to a number of metrics including operating profits, sales growth, customer satisfaction and employee productivity and satisfaction. This is consistent with the publicly-announced goal for VW for many years, namely growth: the goal was to make VW the largest car maker by sales in the world, which it ironically achieved in the first half of 2015, only to lose again in the wake of the scandal.

Financial incentives were not the only high-powered incentives acting upon senior VW executives. There will also have been intensive monitoring by the Aufsichtsrat, or Supervisory Board. Unlike an Anglo-American corporations’ boards, German supervisory boards are staffed with representatives of major shareholders and labour. Thus VW’s Aufsichtsrat of 21 had 5 members appointed by the Porsche family, the controlling shareholder, 2 appointed by the Qatar Sovereign wealth fund (which holds a 17% stake), 2 appointed by the state of Lower Saxony (holding a 20% stake), 10 appointed by employees, trade unions, and middle management. The other two comprised the Supervisory Board’s venerable former Chairman, and a single independent. Growth was an ambition that pleased both stakeholder groups dominating the Aufsichtsrat, the controlling shareholders and the employees

Astonishingly, the bias toward performance pay was shared by VW’s Aufsichtsrat. The Chair of the Aufsichtsrat, until April 2015 Ferdinand Piëch, took home €1.5m in 2014, of which only €200,000 (13%) was fixed; this ratio was similar across the entire Aufsichtsrat. The Aufsichtsrat’s variable pay is expressly linked by §17 of VW’s Satzung, or Articles of Association, to shareholder dividends.

Although European executives are usually thought to earn less than their counterparts in the US, it is notable that Winterkorn’s package was very similar to the total amount earned by Mark Fields, the CEO of Ford ($18.6m) and more than that of Mary Barra, the CEO of GM ($16.2m), in the same year. Financial incentives and close monitoring of performance are likely additive in terms of their impact on executive behaviour. Thus the intensity of the combined incentives might have been even stronger than those faced by a US executive. In short, high-powered incentives can give rise to perverse incentives in firms without dispersed share ownership, and where performance targets are not defined solely by reference to the share price.

What also emerges starkly from the VW affair is the importance of distinguishing between agency costs and externalities in discussions of corporate governance. Conflicts of interest between managers and shareholders are an agency cost. But so too are conflicts of interest between employees and shareholders. Harm caused to the environment, or any other interest external to the corporation, however, is an externality. Simply because a company’s structure is designed—as codetermination does in Germany—to minimise agency costs between shareholders and employees—does not necessarily imply that it will be less problematic in terms of externalities. Corporate conduct that harms the environment but leads to corporate growth benefits both investors and employees.

What, then, are the implications for corporate governance? There are clearly lessons to be learned about the appropriate use of high powered incentives. However, the most striking implication would seem to be the need for effective personal liability for individuals who either deliberately engage in misconduct, or who fail to ensure the implementation of sufficient risk management. The former, which would be criminal liability, is already in place in most jurisdictions, but suffers from serious problems of proof. The latter, however, which would take the form of negligence based liability, could usefully be strengthened.

Where the probability of detection of misconduct is low, then personal liability for managers is an important way to counteract excessively high powered incentives. Such liability, where breaches of the law are concerned, suffers from none of the standard objections that motivate the business judgment rule in the US and other jurisdictions, including Germany. Decisions to break the law are not business decisions; decisions to engage in oversight to ensure that lawbreaking is not occurring within the firm, are not business decisions. They attract the duty of care. However, it should be clear that any such liability should have a reasonable chance of attracting ex post judicial scrutiny of managerial oversight, and that any such liability should not be insurable. The corporate laws of many jurisdictions do not yet go this far. Insurance is routine. In Germany and the UK, it is clear that liability would be available on a negligence standard, but the chances of a lawsuit being brought have been, at least so far, slim. In a case of oversight failure, this would normally be a problem that the board as a whole might be implicated for. This in turn implies a decision to litigate is unlikely, absent a change of control or a derivative action. The bars to derivative actions in Europe are still too high for these to amount to an effective deterrent. In Delaware, where shareholder litigation is much easier to launch, the duty of oversight is only ever framed in terms of good faith, and were it to go further, would be subject to routine waiver under DGCL §102(b)(7).

Another possibility might be to contemplate public enforcement of directors’ duties under these circumstances. This model is adopted in Australia, where ASIC has power to enforce directors’ private law duties.

All this presupposes some guidance as to what sort of actions such oversight should involve. Here we move into the realm of ‘risk management’. The VW case has some very interesting pointers about this too. The striking thing about the VW case is how the actions of a small number of technical personnel can lead to harms affecting 11 million vehicles. The deceit was perpetrated through software—through code. A modern premium car is a particularly complex piece of software, containing over 100 million lines of code—compare that to 50 million for the Large Hadron collider, or 60 million for all the code in Facebook. The more that the execution of corporate activity shifts from humans to software, the more the focus of risk management must be on those who design and authorise the code. In short, going forwards, the selection, training, compensation and oversight of programmers and software development should probably be a central feature of risk management, with respect to compliance with external obligations, in any industry.

John Armour is the Hogan Lovells Professor of Law and Finance at the University of Oxford.