Board oversight of risk management remains front and center in the minds of regulators and boards of directors. This oversight role stems from the board’s fiduciary duty of care, which courts have found requires the board to attempt in good faith to oversee and monitor the operation of the company’s systems designed to identify and mitigate risks, including violations of laws or regulations. The board may be held liable if it is found to have failed to properly oversee the risks facing the company. Thus, the board should ensure that the company implements appropriate risk reporting and monitoring systems, and then the board should review these systems on a regular basis to avoid the possibility of director liability.
While this may sound straightforward, the role and expectations of the board in the area of monitoring and evaluating risk have expanded substantially over the past several years due to the continuous increase in oversight regulation and corporate governance reforms. For example, SEC rules now require that public companies disclose both: