The Gaming Boardroom

Risk Management and the Board of Directors

Steve Tyler Leave a comment

Risk Management and the Board of Directors

Summary

This Wachtell, Lipton memorandum (authored by Martin Lipton and colleagues) explains why boards of public companies must treat risk oversight as a core governance function. It outlines the evolving risk landscape—geopolitics, monetary policy, climate and nature-related events, labour shortages, and generative AI—then surveys legal and regulatory demands (notably Delaware Caremark decisions, SEC and NYSE rules), DOJ expectations, and investor and proxy-adviser pressures. The memo stresses that boards should oversee risk (not manage day-to-day), set the tone at the top, maintain documented oversight, and adopt practical steps for ESG, cybersecurity, data privacy, compensation/clawbacks and crisis response.

Key Points

  • Boards must focus on oversight, not day-to-day risk management, while ensuring management embeds risk into strategy and operations.
  • Delaware Caremark jurisprudence exposes boards to liability where there is a sustained or deliberate failure to monitor material risks; good-faith processes and documentation are protective.
  • Regulators (SEC, NYSE), DOJ guidance and new rules (cybersecurity, climate disclosures, clawbacks) raise disclosure and compliance expectations for boards.
  • Investors and proxy advisers increasingly scrutinise board risk oversight — failures can trigger adverse votes or campaigns.
  • Boards should set and communicate the ‘tone at the top’, cultivate a strong risk-aware culture, and be decisive in response to misconduct or crises.
  • Priority risk areas highlighted: ESG/sustainability, cybersecurity and data privacy, third‑party/vendor risk, compensation incentives and insider trading plans.
  • Recommended actions include defining risk appetite, allocating committee responsibilities, regular director training, annual and periodic risk reviews, and rigorous minute-taking and record-keeping.

Context and relevance

The memo comes amid an intensifying risk environment: climate-driven losses, geopolitical conflict, AI-driven threat vectors, and heightened cyber incidents. At the same time, the SEC, DOJ and stock exchanges have sharpened expectations for board oversight and disclosure. Investor stewardship and proxy-adviser policies mean failures in oversight can cause reputational, financial and governance consequences. For directors and senior executives, the note is a practical map of where to concentrate resources and documentation to meet legal, regulatory and stakeholder expectations.

Why should I read this?

Punchy take: if you sit on a board, run legal, risk, compliance or are in the C-suite — this is worth ten minutes. We ploughed through the dense memo and boiled it down: it tells you what courts and regulators now expect, where boards are vulnerable, and the concrete steps to reduce legal and reputational risk. In short: read it so you can sleep better when the next crisis lands.

Source

Source: https://corpgov.law.harvard.edu/2025/09/25/risk-management-and-the-board-of-directors-10/

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2026 The Gaming Boardroom. All rights reserved.