Risk Management and the Board of Directors

Martin Lipton is a founding partner of Wachtell, Lipton, Rosen & Katz, specializing in mergers and acquisitions and matters affecting corporate policy and strategy.  This post is based on a Wachtell, Lipton, Rosen & Katz memorandum.



As companies seek to navigate a multi-stakeholder global landscape and the world continues to adjust to the impacts of Covid-19, significant new risks have emerged that are reshaping the near-term business and risk landscape. These new risks—and the intensification of longstanding risks—are pressure-testing the agility and resilience of corporate strategies, risk management systems and practices. The pandemic accelerated technological disruptions and business model changes and exposed sharp differences in the impacts felt by different sectors, with some experiencing enormous dislocation and others doing remarkably well and arguably emerging stronger. Looking ahead, all sectors of the economy are facing macroeconomic headwinds, including persistent inflation, surging interest rates, continued supply-chain bottlenecks and commodity shortages, all occurring amid the backdrop of the war in Ukraine, China’s zero-Covid policy and growing geopolitical tensions. Severe drought, heatwaves and flooding across the globe have highlighted the burgeoning challenge of climate risks, which, along with the tight labor market and declining fertility rates across the developed world, present near- and longer-term risks that will require significant planning. Cybersecurity also continues to be a significant threat with regulators stepping up focus in step with growing geopolitical risks. In the United States, the 2022 midterms and ongoing political polarization continue to create uncertainties and surprises that companies will need to prepare for and address.

More than two-thirds of organizations surveyed by the American Institute of Certified Public Accountants (“AICPA”) noted that perceived risk volumes and complexities remain elevated as companies across all sectors continue to deal with the litany of risks noted above. Surveyed organizations also recognized a “need for real change in how organizations govern business continuity and crisis management” in light of growing pressures from stakeholders for more disclosure about risks and heightened demands on management and boards to enhance effective risk management and preparedness for unexpected risk events. The World Economic Forum’s Global Risks Report 2022 highlighted the economic and societal ramifications of the Covid pandemic, noting that domestic and global fragmentation may worsen the pandemic’s impacts and complicate the coordination needed to tackle the challenges ahead.

The disparate and newly emerging risks facing companies today call for boards and management to reassess and update their organization’s risk profile and vulnerabilities, evaluate the maturity and robustness of risk management processes and policies, and integrate risk management into strategic decision-making.

Managing corporate risk is not simply the business and operational responsibility of a company’s management team—it is a governance issue that is squarely within the oversight responsibility of the board. Courts and regulators are increasingly scrutinizing the presence and effectiveness of board-level risk oversight systems, as well as the adequacy of public disclosures and quality of board responses when crises erupt. Recent Caremark decisions from the Delaware Court of Chancery have continued to influence the risk governance landscape. And pressure is coming from other sources, including an emerging wave of “anti-woke” investors, state legislatures and state attorneys general campaigning for a rollback of recent efforts to address ESG-related risks, including climate change.

This guide highlights critical risk-management issues and provides updates on Delaware law governing director liability—including developments that highlight the importance of active, engaged board oversight of corporate risk and maintaining appropriate records of that oversight. Key topics addressed in this guide are:

  • the distinction between risk oversight and risk management;
  • tone at the top and corporate culture as components of effective risk management;
  • recent developments in Delaware law regarding fiduciary duties and other legal frameworks;
  • third-party guidance on risk oversight best practices;
  • institutional investor focus on risk matters;
  • specific recommendations for improving risk oversight;
  • U.S. Department of Justice guidance on the design of compliance programs;
  • special considerations pertaining to ESG and sustainability-related risks, including the emerging pushback from certain investors and state regulators; and
  • special considerations regarding cybersecurity, ransomware and data privacy

To continue reading, please click here.

Both comments and trackbacks are currently closed.