The Board's Role In Risk Management - Lessons Learned From The Financial Crisis

Tuesday, September 1, 2009 - 01:00
C. William Baxley
Anne Cox
Bettina Tobben


Without a doubt, the recent financial crisis has tested companies and their boards in ways not seen inmanydecades and has had a profound impact on corporate governance and risk management. Indeed, one group of institutional investors with $9.5 trillion in assets under management, has claimed, "[i]t is now widely agreed that corporate governance failings were not the only cause of the crisis but they were highly significant, above all because boards failed to understand and manage risk and tolerated perverse incentives."1

This article examines the changing role of the board in light of the recent financial crisis and draws, among other things, upon the insights from the Lead Director Network2 . The first section of this article discusses how boards have responded to assist their companies and management in addressing the effects of the recent financial crisis. The second section of this article discusses how the financial crisis likely will change the thinking of directors going forward as to how they identify and assess risk and plan for unexpected contingencies that could have an adverse impact on their companies.

Response Of Boards To The Financial Crisis

The recent meltdown of the global financial system, marked by a dramatic constriction of the credit markets, extraordinary declines in the stock market and asset values, and a precipitous drop in consumer confidence, has caused a widespread and deep impact on companies, casting doubt on the viability of many operating plans and business models in the current environment. Executive management and boards have faced tremendous challenges in grappling with the crisis and implementing change to enable their companies to endure the storm and emerge in a position resistant to future downfalls. Board involvement has been imperative in developing an effective response plan, maintaining shareholder and employee relations and responding to the evolving and more stringent regulatory and legislative requirements.

Board members bring additional expertise, experience and perspective to bear on issues facing their companies, and the increased role of the board in risk management has proven useful in developing and implementing crisis response plans.Many boards have called meetings on a significantly more frequent basis than historical practice, with some meeting as often as once per week, and have reiterated the importance of each director's attendance at all meetings. Boards have also required director availability for additional off-line conversations with other directors and management.

Frequent communication with management also has proven useful in strengthening board-management relations, and boards have been able to provide an invaluable source of support to management during these tumultuous times. A board's hands-on involvement, along with management's acceptance of its board's support, has enabled boards and management to present a consistent message of strength and endurance to weather the crisis, both internally and to the market. While public statements should convey that the board and management are united in dealing with the crisis, it is equally critical that this message is supported by the board's actions. A company's reputation is risked when inconsistent messages are received from the board.

Effective boards also have provided a critical check on management in this tumultuous environment, ensuring that management interprets events in a reasonable manner, acts responsibly in response to corporate events and market conditions and considers the wide range of potential scenarios that might occur based on a universe of unknowns that have existed during the financial crisis.

The Role Of The Board Going Forward

In light of the current crisis, boards are facing increased scrutiny of their oversight of risk by institutional investors, regulators, analysts and the general public. For over a decade, it has been widely accepted that the board's duty extends to good faith oversight of the company's compliance program and requires a good faith attempt to assure the adoption and maintenance of a corporate information and reporting system that is designed to detect compliance issues and bring these issues to the attention of management and the board.4As we emerge from the current environment, which has been marked by reaction and crisis management, expectations are that boards going forward will have an increased role in risk management. Directors will be expected to apply their experiences and intuition to improve a company's approach to corporate governance and make risk management a fixture in the board room by considering risk in all issues addressed by the board.

As a result of the Sarbanes-Oxley Act, in recent years, risk management has primarily focused on compliance and internal controls related to accounting and financial reporting risks. Thus, many boards delegated the risk management function to the audit committee. However, the current crisis revealed that significant risks exist that are outside of the scope of the financial risks addressed by Sarbanes-Oxley Act internal controls and compliance requirements. Going forward, boards are likely to focus on identifying and mitigating broader strategic risks, in addition to financial and accounting risks. Risk is broadly defined as the potential for failure, significant loss or reduced opportunity for gain. Therefore, directors should consider all factors that could threaten or adversely affect a company's operations or business model, including "black swan"4risks, or those risks that are seemingly improbable, but could threaten a company's survival if the risks were to materialize.

Given the realization that risk can exist in every facet of a company's operating plan and business strategy, a company's review of risk should incorporate as much expertise and perspective as possible. The risk management function of the board works best when it includes active participation from all directors, rather than being left to a committee or committees of the board. In addition, boards should selectively seek, or direct management to seek, input from outside experts, who are better equipped and situated to identify certain important long-term and strategic risks that may otherwise be difficult to observe through management's day-to-day operation of the company. Recently, directors have also noted the value of listening to earnings calls and reading analyst reports to understand how the market perceives a company's risk.

With an increased focus on identifying and managing a broader array of risks, and SEC proposals to increase the level of disclosure about risk, many boards may focus upon and re-evaluate the risk factors listed in the company's 10-K annual report and encourage more robust disclosure of risks that the company faces. A focus on comprehensive risk disclosure provides a framework that facilitates additional discussions within the board and between the board and management. Through such discussions, the board can track risks against the backdrop of changes in the company and the financial environment, which may lead to the recognition of additional risks and the realization that risks previously deemed immaterial could impact the company in a significantly adverse manner under certain potential circumstances. In addition, comprehensive risk disclosure gives a more accurate public snapshot of the company's risk posture, which may foster improved public perception and shareholder relations.

In the era following the recent financial crisis, boards are expected to demand a corporate culture that requires the highest of ethical standards, transparency from management and a strong focus on risk management. As such, the board's relationship with management is expected to emerge as a central focus of the board. Through a strong relationship with management, the board can continuously act as a check on management and coach and challenge management effectively, while gaining additional trust in management and discharging oversight duties in appropriate circumstances. Boards may find it helpful to have an active lead director or designate an independent director to act as a conduit between the board and management and facilitate open communication and healthy debate regarding risk management with the company's management.

The renewed emphasis on monitoring risk management will also require boards to evaluate the company's executive succession plans.The loss of a key executive can be extremely disruptive to a company, and boards should focus on having a detailed succession plan that sets forth (1) the company's commitment to preparing for executive succession, even when it is not foreseeable, (2) the company's policy for assessing leadership needs prior to beginning an official search, (3) the plan for appointing appropriate interim leadership that will make executive transition as smooth as possible, and (4) the role of the board and various board committees during the transition. The board should also maintain an understanding of the leadership talent for key executives both within the company and in the marketplace, as sound corporate governance mandates that the board, or an independent director, lead the search for an appropriate successor for key executives when the need arises.

We also expect boards to focus on their executive compensation structures and the relationship of these structures to their companies' risk management. There is a widespread belief that the current financial crisis was exacerbated by performance-based compensation structures that encouraged risk taking in order that members of management could achieve individual short-term benchmarks and that lacked a necessary emphasis on the long-term health of the company. As a result, executive compensation has fallen under tremendous regulatory and public scrutiny. The SEC has proposed additional disclosure requirements that would require a company's compensation discussion and analysis disclosure to address how compensation policies and practices for all employees, including non-executive officers, are aligned with appropriate risk management for the company. In addition, "say on pay" advisory votes on compensation, which would allow shareholders a non-binding advisory vote on whether they support the compensation of the company's top executives, may be mandated for all public companies in the near future. Since February 2009, companies that accepted Troubled Asset Relief Program (TARP) funds have been required to include "say on pay" advisory votes on compensation, and as of August 1, 2009, 82 companies in 20095had received shareholder proposals to include "say on pay" advisory votes. Directors will be charged with the duty of developing and revising compensation plans that not only attract top-level executive talent and reward high performance, but also comply with new and more stringent regulations, minimize risk to the company's health and deter public and shareholder criticism.

Boards anticipate significant challenges as they prepare to comply with additional proposed regulation expected to come out of the financial crisis, including in the areas of shareholder access, board accountability and uninstructed broker votes for director elections. Boards will be expected to track and understand proposed legislation and regulation and the related impact that they would have on the company. We expect that boards will make significant efforts to adopt corporate governance initiatives that do not interfere with the company's success well in advance of final rulings and work with management to put processes in place such that compliance with inevitable requirements is less of a struggle, when adopted.


The recent financial crisis has had a profound impact on the board's role in risk management. Boards have provided tremendous value and support to management in addressing the effects of the recent financial crisis, and boards are expected to have an increasingly important role going forward in identifying and assessing risk and planning for unexpected contingencies that could have an adverse impact on their companies. 1 International Corporate Governance Network, Second Statement on the Global Financial Crisis (London: International Corporate Governance Network, 2009), 1. Available at main/pdfs/news/icgn_statement_on_the_financial_crisis_23_march_09.pdf.

2 As part of its focus on Corporate Governance, King & Spalding LLP, together with Tapestry Networks, has created the Lead Director Network, a group of lead directors, presiding directors and non-executive chairmen from many of America's leading companies that meets to discuss how to improve the performance of their companies and earn the trust of their shareholders through more effective board leadership.

3In re Caremark Int'l. Inc. Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996).

4 The term "black swan" was popularized by Nassim Nicholas Taleb in his 2007 book titled The Black Swan. A "black swan" event is one that (1) lies outside the realm of regular expectations and comes as a complete surprise, (2) carries an extreme impact that can threaten a company's survival and (3) is rationalized and explained with hindsight after the fact, to make it appear more predictable than it was.

5 Data provided by RiskMetrics Group.

Bill Baxley and Anne Cox are Corporate Partners in the Atlanta office of King & Spalding LLP, an international law firm with more than 800 lawyers in 13 offices. Bettina Tobben is a Corporate Associate in the firm's Atlanta office.

Please email the authors at, or with questions about this article.