Regulating Corporate Governance in the Public Interest: The Case of Systemic Risk

Steven L. Schwarcz is the Stanley A. Star Professor of Law & Business at the Duke University School of Law. This post is based a recent keynote address by Professor Schwarcz at the National Business Law Scholars Conference (NBLSC).

There’s long been a debate whether corporate governance law should require some duty to the public. The accepted wisdom is not to require such a duty—that corporate profit maximization provides jobs and other public benefits that exceed any harm. This is especially true, the argument goes, because imposing specific regulatory requirements and making certain actions illegal or tortious—what I’ll call “regulating substance,” in contrast to “regulating governance”—can mitigate the harm without unduly impairing corporate wealth production.

Whether that’s true in other contexts, I question if it’s true in the context of systemic economic harm. My examination is based in part on a forthcoming article [1] and also parallels the efforts of a Working Group (which I chair) of Fellows of the American College of Bankruptcy, which is examining the same question under the laws of various nations worldwide.

Risk-Taking, Misalignment, and Systemic Harm

Excessive corporate risk-taking by systemically important firms is widely seen as one of the primary causes of the global financial crisis. In response, governments have issued an array of regulation to attempt to curb excessive risk-taking and prevent another crisis.

Many of these measures are designed to control excessive risk-taking by aligning managerial and investor interests, implicitly assuming that the investors themselves would oppose excessively risky business ventures. These include, for example, requiring a systemically important firm to tie management compensation to the firm’s long-term performance, or requiring a systemically important firm to maintain so-called contingent capital, in which debt securities convert into equity upon specified conditions. The assumption that investors themselves would oppose excessively risky business ventures is flawed, however. Therefore financial regulation based on the assumption’s validity is unreliable.

The assumption is flawed because what constitutes “excessive” risk-taking depends on the observer. Risk-taking is excessive from a given observer’s standpoint if it has a negative expected value to that observer—i.e., the expected costs to that observer exceed the expected benefits. It is reasonable to assume that investors would oppose risky business ventures with a negative expected value to them.

The flaw, however, is that systemically important firms can engage in risk-taking ventures that have a positive expected value to their investors but a negative expected value to the public. That is because much of the systemic harm from such a firm’s failure would be externalized onto the public, including ordinary citizens impacted by an economic collapse, causing widespread poverty and unemployment.

Corporate governance law creates this misalignment by requiring managers of a firm to view the consequences of their firm’s actions, and thus the expected value of corporate risk-taking, only from the standpoint of the firm and its investors (effectively stakeholders). That perspective ignores externalities caused by the actions.

Ordinarily this is sensible; managers could not feasibly govern if they had to take into account the myriad small externalities that result from corporate risk-taking. But risk-taking that causes the failure of a systemically important firm could trigger a domino-like collapse of other firms or markets, causing systemic externalities that severely damage the economy. [2]

Regulating Substance may be Inherently Insufficient

There’s another reason, beyond the misalignment per se, why regulating substance may be inherently insufficient. Excessive corporate risk-taking is also tied to managerial judgment calls. For example, poor decisions, bad judgment, and greed contributed to the excessive corporate risk-taking that led to the financial crisis. To control that risk-taking, regulation should also regulate governance.

Others have recognized these limitations

There is now a consensus that existing regulatory measures, which primarily regulate substance, are inadequate. In a widely attended meeting in October at the Federal Reserve Bank of Boston, the New York Times reported that “policy makers have made little progress in figuring out how they might actually” prevent another financial crisis. [3] Donald Kohn, former Vice Chair of the Federal Reserve Board, observed that the Fed “doesn’t really have the tools” to prevent another crisis. Luc Laeven, the European Central Bank Director General for Research, summarized the consensus reached at the conference: “Both monetary policy and macroprudential [regulatory] policy are not really very effective.” He then asked, “Do we have other policies?”

I believe we do have other policies, in the form of regulating governance. Consider how to redesign financial regulation to accomplish that.

I. Redesigning Regulation

In making corporate decisions, managers currently have a duty to the firm and its investors. To reduce systemic externalities, they should also have a duty to society (a “public governance duty”) not to engage their firms in excessive risk-taking that leads to those externalities. So long as it does not unduly weaken wealth-producing capacity (corporate wealth production being in the public interest), regulating governance in this way would help to align private and public interests.

Regulating Governance Works Better also for Financial Change

In the financial context, regulating governance also has another advantage over regulating substance. Regulating substance often depends on regulators precisely understanding the financial “architecture”—the particular design and structure of financial firms, markets, and other related institutions—at the time the regulation is promulgated. Because the financial architecture is constantly changing, that type of grounded regulation has value as long as it is updated as needed to adapt to those changes.

But ongoing financial monitoring and regulatory updating can be costly and is subject to political interference at each updating stage. As a result, financial regulation of substance usually lags financial innovation, causing unanticipated consequences and allowing innovations to escape regulatory scrutiny. [4]

Regulating governance, in contrast, can overcome that regulatory time lag. To fulfill their governance duties, the managers of a firm that is proposing to engage in a financially innovative but risky project must try to obtain the most current information about the innovation and its consequences.

II. Towards Regulatory Alignment: A Public Governance Duty

Next consider the theory and practicality of a public governance duty. Because only systemically important firms, by definition, could engage in risk-taking that leads to systemic externalities, such a duty should apply only to managers of those firms.

A. Situating a Public Governance Duty within Corporate Governance Theory

Except to the extent it intentionally limits shareholder primacy, a public governance duty would not be inconsistent with corporate governance legal theory. It should most clearly be consistent with the stakeholder model of governance, which considers the interests of everyone affected by a firm’s actions to avoid anyone being unfairly exploited. The public, of course, is affected by a firm’s risk-taking. This model, however, adds little explanatory value because there is fundamental disagreement on the extent to which non-investor stakeholder interests should be taken into account, valued, and balanced with shareholder interests.

A public governance duty would, at first glance, appear to be inconsistent with the contractarian model of governance—that a firm is a “nexus of contracts” among private parties. After all, members of the public are not contracting parties. Contract law, however, does not limit its application to contracting parties. Government should be able to limit freedom of contracting when the contracting causes externalities. The critical question is which externalities should count in limiting that freedom.

Even under contract law, there is no absolute answer to that question. But we need answer only a much more limited question: Should systemic externalities count in limiting freedom of contract? That question has already effectively been answered: systemic externalities not only harm the public, who cannot contract to protect themselves, but also cause much more harm than non-systemic externalities, including widespread poverty and unemployment. These are exactly the type of externalities that should count in limiting freedom of contract.

A public governance duty would technically be inconsistent with the shareholder-primacy model. Proponents of shareholder primacy argue that managers of for-profit corporations should govern the firm solely for the best interests of its shareholders. They accept that firms can cause externalities, but they believe the efficient response is for government to regulate substance, without interfering with corporate governance. However, where regulating substance is insufficient, as in the case of controlling the excessive corporate risk-taking that causes systemic externalities, the alternative should be to regulate corporate governance.

Next consider a public governance duty’s practicality: how to regulate governance without unduly weakening corporate wealth-producing capacity.

B. Practicality of a Public Governance Duty

Under a public governance duty, the managers of a systemically important firm would not only have a private corporate governance duty to the firm and its investors but also a duty not to engage in excessive risk-taking that could systemically harm the public. [5] That public duty raises several practical issues.

1. Legally Imposing the Duty.

How should a public governance duty be legally imposed? Courts, for example, could create such a duty through judicial decisions. Or legislatures could amend their corporation laws to require such a duty. The latter may be preferred because imposing such a duty broadly impacts public policy.

In the United States, for example, this would mean that a public governance duty should be imposed either by state legislatures (especially the Delaware legislature, because most domestic firms are incorporated under Delaware law) or by the U.S. Congress. Because corporation law in the United States is traditionally state, not federal, states ideally should take the lead in imposing such a duty.

It is questionable, however, whether state legislatures are well positioned to impose a public governance duty. Any given legislature would be unlikely to want to pioneer such a duty because it could discourage firms from incorporating in its state. Furthermore, systemic risk is a national and international problem, not usually a local state problem. The “internalization principle” recognizes that regulatory responsibilities should generally be assigned to the unit of government that best internalizes the full costs of the underlying regulated activity. For these reasons, Congress may be best situated to impose a public governance duty.

2. Assessing and Balancing Costs and Benefits.

How should managers of a systemically important firm, or members of such a firm’s risk committee, [6] assess and balance the public costs and private benefits of a risk-taking activity? Let’s examine and compare two approaches, one subjective and the other more objective and ministerial. On a case-by-case basis, managers could choose which approach to follow. Either approach would be needed only when deciding on a risky project whose failure might, either itself or in combination with other factors of which such managers are or should be aware, [7] cause the firm to fail. [8]

Managers following a subjective approach would simply consider those costs and balance them against benefits—the same way they would consider and balance any other relevant costs and benefits when making a corporate governance decision. Their assessment and balancing might, but would not necessarily, be documented or explained. Managers may favor this approach because it would not change their current behavior.

This subjective approach would have at least three drawbacks, however. First, because the consequences of a systemic collapse can be devastating to the public, the decisionmaking process to mitigate that harm should be more transparent. Second, managers following a subjective approach may be subject to peer pressure to favor investor profitability over avoiding public harm—especially when, as I later argue, managers often have conflicts of interest that favor the firm’s shareholders over the public. Third, although courts generally try to avoid second-guessing management decisions, even managers should want to follow an approach that provides an explicit safe harbor against litigation—at least if the approach is relatively ministerial.

Consider how to craft a possible ministerial safe-harbor objective approach, using the generic example of a systemically important firm engaging in a risky project that could be profitable. The expected private benefits would be the expected value of the project to the firm’s investors (usually the shareholders). The expected public costs would be the expected value of the project’s systemic costs. [9]

In large part, the firm’s managers should have sufficient information, or at least much more information than third parties, about these values. For example, managers should have much more information than third parties about valuing the chance of the project being successful, the value to investors from that success, the loss from the project’s failure, and the chance of the firm failing as a result of the project’s failure.

The exception, however, is valuing the systemic costs if the firm fails. That valuation should be a public policy choice. It might be based, for example, on the estimated cost of a government bailout to avoid a systemic failure. Such an estimate could be made by the government as part of the process of designating a firm as “systemically important,” and thereafter periodically updated by the government.

From a strict (Kaldor-Hicks) economic efficiency standpoint, the project would be efficient if its expected value to investors exceeds the expected value of its systemic costs. As a public policy matter, however, simple economic efficiency may be insufficient because the magnitude and harmful consequences of a systemic collapse, if it occurs, could be devastating.

When balancing the costs and benefits of activities that might pose great harm, policymakers normally apply a precautionary principle directing regulators to err on the side of safety. Applying that to our balancing, it may be appropriate (as Cass Sunstein has proposed in another context [10]) to require “a margin of safety”—for example, requiring that the expected value to investors considerably exceeds the expected value of systemic costs—to demonstrate that a given risk-taking activity is justified.

I’m not claiming that the foregoing approach to assessing and balancing costs and benefits is perfect. Even if imperfect, however, it should represent a step towards shaping corporate governance norms to begin to take the public into account.

3. Enforcing a Public Governance Duty.

Who should enforce a public governance duty? Under existing corporate governance law, shareholder derivative suits are the primary enforcement mechanism. Shareholders would have no interest, however, in suing managers of their firm for externalizing systemic harm. Therefore, the government, by default, at least should have the right to enforce the public duty.

The government itself may be unable to effectively monitor a firm’s internal compliance with the public governance duty until the firm fails, when systemic consequences may be irremediable. To facilitate better monitoring, regulation implementing a public governance duty should include whistleblower incentives, including anti-retaliation protection for managers or others involved in the risk assessment who inform government officials of their firm’s noncompliance and possibly also monetary rewards. Regulation implementing a public governance duty might even impose an obligation on managers involved in the risk assessment to inform government officials of their firm’s noncompliance.

Another way to facilitate better monitoring, and more specifically enforcement, of the public governance duty would be to incentivize members of the public themselves. One such precedent is so-called qui tam suits under which private citizens can sue alleged defrauders in the name of the government. If the suit is successful or settled, the citizen-plaintiff is entitled to a percentage of the award or settlement.

4. Business Judgment Rule as a Defense.

A critical issue concerns the business judgment rule as a defense to manager liability. In the traditional corporate governance context, managerial risk-taking decisions are protected to some extent by this rule, which presumes that managers should not be personally liable for harm caused by negligent decisions made in good faith and without conflicts of interest—and in some articulations of the business judgment rule, also without gross negligence. The rule attempts to balance the goal of protecting investors against losses against the goals of encouraging the best managers to serve and avoiding the exercise of inappropriate judicial discretion (as would occur if courts tried to second-guess business judgments).

The business judgment rule arguably should apply differently in a public-governance-duty context because one of the rule’s basic assumptions—that there be no conflict of interest—may be breached. The interest of a manager who holds significant shares or interests in shares, or whose compensation or retention is dependent on share price, is aligned with the firm’s shareholders, not with that of the public. To that extent, the manager would have a conflict of interest.

But how should the business judgment rule be modified without requiring courts to exercise inappropriate discretion or discouraging the best people from serving as managers? One approach would be to prevent conflicted managers who are grossly negligent—that is, who fail to use even slight care in assessing systemic harm to the public—from using the rule as a defense.

Technically, this modification merely applies the gross negligence standard that is often articulated as part of the business judgment rule, though rarely utilized with any rigor. Because courts routinely review whether other types of actions are grossly negligent, they should not find it “inappropriate” or impractical to review corporate risk-taking actions under a gross negligence standard. As a practical matter, managers who follow a reasonable procedure to balance public costs and private benefits should be protected. That would effectively conform the business judgment rule’s public-governance-duty application to a duty of process care, a standard commonly used. [11]

5. To What Extent Should Managers be Protected Under D&O Liability Insurance?

Another issue is the extent to which managers who become subject to liability for breaching the public governance duty should be protected under directors and officers (“D&O”) liability insurance, which indemnifies managers against personal liability. Although D&O liability insurance is needed to incentivize good managers and also to help ensure that sufficient funds are available to properly incentivize private-action lawsuits, it might compromise the deterrent effect of imposing personal liability. Furthermore, because the magnitude of systemic harm is open ended, insurers may be reluctant to offer D&O insurance covering breaches of the public governance duty. At least one possible solution to these concerns would be to specify a limit on the amount of the claim that could be imposed for breaching the public governance duty and, like a deductible, to require managers to be personally liable for some portion of that amount.


I have argued that corporate governance law should require some duty to the public in order to help mitigate systemic economic harm. Even if imperfect, such a duty represents (as mentioned) an important step towards shaping corporate governance norms to begin to take the public into account.


[1] Misalignment: Corporate Risk-Taking and Public Duty, 92 Notre Dame Law Review 1 (forthcoming Nov. 2016), available at
(go back)

[2] I am not today engaging the broader question: When regulating substance is insufficient, should corporate governance law take into account other significant externalities, such as harm to public health and welfare, non-systemic economic harm, or climate change and other environmental harm? For analysis of that question, see Steven L. Schwarcz & Edward A. Peck, “Regulating Governance in the Public Interest” (draft on file with authors).
(go back)

[3] See Binyamin Appelbaum, Skepticism Prevails on Preventing Crisis, N.Y. Times, Oct. 5, 2015, at B1.
(go back)

[4] This occurred in 2008, for example, when the pre-crisis financial regulatory framework, which assumed the dominance of bank-intermediated funding, failed to adequately address a collapsing financial system in which the majority of funding had become non-bank intermediated.
(go back)

[5] Cf. John Carney, Big-Bank Board Game Puts Shareholders in Second Place, Wall Street Journal, Apr. 5, 2015 (noting a speech by U.S. Federal Reserve Governor Daniel Tarullo suggesting that “corporate governance would need to change to broaden the scope of boards’ fiduciary duties to reflect macroprudential [i.e., systemic] regulatory objectives”). The nation of Iceland has actually enacted legislation that appears to require, at least in principle, the managers of at least certain systemically important firms to “operate[] [their firms] in the interests of…shareholders…and the entire national economy.” Ministry of Industries and Innovation, Act. No. 161/2002 on Financial Undertakings.
(go back)

[6] Surprisingly, even risk committees required by the Dodd-Frank Act in the United States are not obligated, and indeed may have no legal authority, to consider risks to the public.
(go back)

[7] Cf. John Armour & Jeffrey N. Gordon, Systemic Harms and Shareholder Value, 6 Journal of Legal Analysis 35, 69 (2014) (observing that “it is surely the board’s responsibility to identify those risks which are of a magnitude and kind as to threaten the firm’s stability”).
(go back)

[8] See earlier discussion observing that systemic externalities can result from risk-taking that causes the failure of a systemically important firm.
(go back)

[9] In Misalignment, supra note 1, I examine in detail how these costs and benefits could be calculated.
(go back)

[10] See Cass R. Sunstein, Beyond the Precautionary Principle, 151 University of Pennsylvania Law Review 1003, 1014 (2003) (discussing a form of the precautionary principle under which “regulation should include a margin of safety”).
(go back)

[11] The requirement that managers use at least slight care in assessing systemic harm to the public would also be consistent with the business judgment rule’s actual application in at least some jurisdictions that do not formally articulate a gross negligence standard as part of the rule. Delaware, for example, disallows business-judgment-rule protection for managers who act in “bad faith.” See In re Walt Disney Co. Derivative Litigation, 907 A.2d 693, 755 (Del. Ch. 2005) (explaining that “[t]he presumption of the business judgment rule creates a presumption that a director acted in good faith” and that “[t]he good faith required of a corporate fiduciary includes…duties of care and loyalty”). Bad faith is broadly defined as including conduct that “is known to constitute a violation of applicable positive law.” Gagliardi v. TriFoods Int’l, Inc., 683 A.2d 1049, 1051 n.2 (Del. Ch. 1996) (emphasis in original). Such conduct is interpreted to include a manager failing to take “steps in a good faith effort to prevent or remedy” such a violation. In re Caremark Int’l Inc. Derivative Litigation, 698 A.2d 959, 971 (Del. Ch. 1996). A manager’s failure to use even slight care when assessing systemic harm to the public under a legally mandated public governance duty would appear to be bad faith under those interpretations.
(go back)

Both comments and trackbacks are currently closed.
  • Subscribe or Follow

  • Supported By:

  • Program on Corporate Governance Advisory Board

  • Programs Faculty & Senior Fellows