Risk Management and Compliance at the Board Level: Caremark Obligations and Beyond

The board’s risk oversight responsibility has become more complex and subject to enhanced scrutiny from the courts in recent years. Institutional investors have identified risk oversight as a critical governance issue while pushing for more meaningful disclosures on the board’s risk oversight activities. Although the day-to-day risk management belongs with management, the board must engage proactively in monitoring key corporate risk factors and working with executives on a strategy to mitigate risks. How can directors work most effectively with management to understand the company’s risk appetite, the nature of material risks, their potential impact on corporate strategy and performance, how they are being managed, and what kind of controls are in place? Corporate culture plays a critical role in reinforcing (or undermining) efforts to ensure adherence to legal and regulatory mandates and mitigate risks. How can a director determine if the company’s culture is “right”? What kinds of compliance structures are effective in preventing improper or illegal behavior, or—if necessary—detecting it promptly? How can the board or the appropriate committee ensure that the company’s risk management approach is not just a check-the-box compliance program but a critical part of corporate strategy and culture? How can boards communicate to investors that they are handling the risk oversight function effectively? This session will examine the ways that the board can most effectively carry out this oversight function in a world of increasingly complex and interconnected risks.