![Page 1: Managing Risk While Managing your Stock Plan What should and shouldn’t be keeping you up at night Managing Risk While Managing Your Stock Plan](https://reader030.vdocuments.us/reader030/viewer/2022033106/56649f065503460f94c1b236/html5/thumbnails/1.jpg)
Managing Risk While Managing your Stock PlanWhat should and shouldn’t
be keeping you up at night
Managing Risk While Managing Your Stock Plan
![Page 2: Managing Risk While Managing your Stock Plan What should and shouldn’t be keeping you up at night Managing Risk While Managing Your Stock Plan](https://reader030.vdocuments.us/reader030/viewer/2022033106/56649f065503460f94c1b236/html5/thumbnails/2.jpg)
Introductions
• Carine Schneider, CEO, Equity Administration Solutions, Inc.
![Page 3: Managing Risk While Managing your Stock Plan What should and shouldn’t be keeping you up at night Managing Risk While Managing Your Stock Plan](https://reader030.vdocuments.us/reader030/viewer/2022033106/56649f065503460f94c1b236/html5/thumbnails/3.jpg)
Agenda
• Data Privacy• Software Model• Outsourcing• Plan Interpretation• Plan Set-up• SAS 70s
![Page 4: Managing Risk While Managing your Stock Plan What should and shouldn’t be keeping you up at night Managing Risk While Managing Your Stock Plan](https://reader030.vdocuments.us/reader030/viewer/2022033106/56649f065503460f94c1b236/html5/thumbnails/4.jpg)
Data Privacy
• Understanding the EU Data Privacy Directive– Company obtain consent from participants before
data can be shared with a third party.– Consent must cover what data is being shared and
for what purpose.– Consent to share data should be part of the
communication of grants to participants, but be careful about how consent is requested in order not to violate the Directive with the request.
– Safe Harbor exception for processing in the United States
![Page 5: Managing Risk While Managing your Stock Plan What should and shouldn’t be keeping you up at night Managing Risk While Managing Your Stock Plan](https://reader030.vdocuments.us/reader030/viewer/2022033106/56649f065503460f94c1b236/html5/thumbnails/5.jpg)
Data Privacy
• Data Privacy in the United States– No overarching rules.– Massachusetts is currently the most stringent
standard, and thus serves as a good guide to follow.– Need to assign an individual or a group to be
responsible for risk mitigation.– Encryption is required for sensitive data.– Comprehensive training on security standards and
procedures is required.– Review where data is housed and secured.
![Page 6: Managing Risk While Managing your Stock Plan What should and shouldn’t be keeping you up at night Managing Risk While Managing Your Stock Plan](https://reader030.vdocuments.us/reader030/viewer/2022033106/56649f065503460f94c1b236/html5/thumbnails/6.jpg)
Software Models-The ‘pros’
• SaaS– Less demand from
internal IT– May be more globally
accessible for a mobile or remote administration team
– Scaling to future growth is easier (you’ve outsourced the problem)
• Server– Control over which
version of the software you are on
– Vendor Risk Assessment is limited to the development process, as hosting is your own environment
– May reduce issues related to data privacy
![Page 7: Managing Risk While Managing your Stock Plan What should and shouldn’t be keeping you up at night Managing Risk While Managing Your Stock Plan](https://reader030.vdocuments.us/reader030/viewer/2022033106/56649f065503460f94c1b236/html5/thumbnails/7.jpg)
Software Models-The ‘cons’
• SaaS– Less control over
software version and changing browser compatibility
– Increases Vendor Risk Assessment requirements
– May increase data privacy requirements
• Server– May be difficult to
predict the cost of running the program into the future
– Transition to new versions of software poses a burden to the stock admin team as well as IT
![Page 8: Managing Risk While Managing your Stock Plan What should and shouldn’t be keeping you up at night Managing Risk While Managing Your Stock Plan](https://reader030.vdocuments.us/reader030/viewer/2022033106/56649f065503460f94c1b236/html5/thumbnails/8.jpg)
To Outsource…
• What audit controls are in place?• What is the knowledge base of the people
administering your plan?• What technology is being leveraged to
administer your plan?• Is your entire participant base being cared for?• Who can you call?• Are your procedures written out? Do all parties
understand their part in the process?
![Page 9: Managing Risk While Managing your Stock Plan What should and shouldn’t be keeping you up at night Managing Risk While Managing Your Stock Plan](https://reader030.vdocuments.us/reader030/viewer/2022033106/56649f065503460f94c1b236/html5/thumbnails/9.jpg)
Or Not to Outsource?
• How is access to data controlled?• How will the plan be supported on a day-to-
day basis? What cross-training exists?• How is ongoing education being handled? Are
all disciplines of share plan functionality being addressed?
• How well understood is the technology being used? (reference the earlier discussion on technology models)
![Page 10: Managing Risk While Managing your Stock Plan What should and shouldn’t be keeping you up at night Managing Risk While Managing Your Stock Plan](https://reader030.vdocuments.us/reader030/viewer/2022033106/56649f065503460f94c1b236/html5/thumbnails/10.jpg)
Plan Interpretation
• Discrepancies between plan documents and grant agreements– Termination type definitions– Changes to definitions, how are they phased in?
• Ramifications of modifications– Be sure to discuss any proposed grant
modifications with accounting, tax, and legal– Document your process for modifications so
that they can be handled the same way each time
![Page 11: Managing Risk While Managing your Stock Plan What should and shouldn’t be keeping you up at night Managing Risk While Managing Your Stock Plan](https://reader030.vdocuments.us/reader030/viewer/2022033106/56649f065503460f94c1b236/html5/thumbnails/11.jpg)
Plan Set-up
• Share Reserve– Be sure to track changes over time– Limits on award types– Fungible shares
• Rounding rules– Vesting– Share withholding
• FMV definitions
![Page 12: Managing Risk While Managing your Stock Plan What should and shouldn’t be keeping you up at night Managing Risk While Managing Your Stock Plan](https://reader030.vdocuments.us/reader030/viewer/2022033106/56649f065503460f94c1b236/html5/thumbnails/12.jpg)
SAS 70, What does it really mean?
• SAS 70 is an audit style that gained popularity in the US with the passage of Sarbanes Oxley (SOX)
• This audit report should be available from most US based vendors of share plan administration, related software, or transaction processing services
• Audit does NOT confirm that your financial reporting is correct, only that it is performed in an environment with the proper controls in place
• As the issuing company, be aware that some of the controls are your responsibility