Spotlight On Risk Oversight: Director Duties And Disclosure – Securities

Connect with us

To print this article, all you need is to be registered or login on

Expectations surrounding the role of the board of directors in
risk oversight have evolved. Delaware courts are entertaining more
duty-of-oversight claims. The US Securities and Exchange Commission
(“SEC”) is calling for more fulsome risk-related
disclosure. Here is what directors and public companies should keep
in mind in 2023.

“Caremark” Takes a Turn: The
seminal 1996 Delaware court case, In re Caremark
International Inc
Derivative Litigation, has
historically set the stage with respect to the legal standard for
directors’ risk oversight duties. In
the Caremark  line of cases, Delaware courts
held that directors can be liable for a failure of board oversight
only where there is “sustained or systematic failure of the
board to exercise oversight,” such as (i) an utter failure to
implement any reporting system or controls, particularly of
“mission-critical” functions or (ii) even when such a
system or controls are in place, a conscious failure to oversee
corporate operations, notably when presented with red flags of
imminent problems. This presented a high bar to clear, and in the
decades that followed, courts regularly dismissed stockholder suits
claiming a total failure of oversight responsibility. However,
recently, there have been a growing number of cases
where Caremark  claims survived motions to
dismiss and were permitted to proceed against directors. Some key
takeaways from these cases include:

  • Good Record Keeping Is Important. Meeting
    minutes should document the board’s careful attention to risk
    oversight, including discussion of legal compliance matters
    applicable to the business and monitoring of other mission-critical
  • Consider a Risk Committee/Develop Risk
    . A risk committee is not required, but if there
    is not one, there should be clear and documented protocols in place
    for who at the board level will monitor risk and how management
    will report any relevant issues to the board. For example, if there
    is no standalone risk committee, then it is advisable to have
    committee charters that reflect which board committees are
    responsible for monitoring risk. “Red flags” cannot
    simply be ignored.
  • Trainings on Key Issues Can Help. If there are
    particular areas of exposure or applicable emerging areas of risk
    (such as cyber-attacks), for which directors do not already have
    expertise or familiarity, it is important that directors develop a
    working knowledge of key issues. This can often be done by
    leveraging the expertise of management and outside advisors through
    training sessions.

Caremark  claims, which allege violations of a
director’s fiduciary duty of loyalty that are not exculpable
under a corporation’s certificate of incorporation and may
not be indemnifiable by the corporation, may create heightened
pressure to settle should they survive a motion to dismiss.

The SEC Has Called for More Disclosure: In
2022, a number of public companies received a letter from the SEC
asking for increased risk disclosure to be included in their future
proxy statements. More specifically, many of the letters included
requests such as: “Please expand upon how your board
administers its risk oversight function. For example, please

  • Why your board elected to retain risk oversight rather than
    assign oversight to a board committee.
  • Whether you consult with outside advisors and experts to
    anticipate future threats and trends, and how often you re-assess
    your risk environment.
  • The timeframe over which you evaluate risks and how you apply
    different standards based upon the immediacy of the risk
  • Whether you have a Chief Compliance Officer and to whom this
    position reports.
  • How your risk oversight process aligns with your disclosure
    controls and procedures.

The SEC has generally said that risk oversight disclosure has
become too boilerplate to be helpful to stockholders, and that this
needs to be remedied. The letter that included the above disclosure
requests, for example, directed the company to refer to Item 407(h)
of Regulation S-K for guidance (which Item requires disclosure
regarding Board leadership structure and
role in risk oversight
). Thus, even if a company did not
receive a letter specifically urging it to expand its risk
oversight-related disclosure, it would be prudent to re-visit
407(h) of Regulation S-K and confirm that the company is addressing
the disclosure requirements with sufficient specificity in its 2023
proxy statement and going forward.

Visit us at

Mayer Brown is a global legal services provider
comprising legal practices that are separate entities (the
“Mayer Brown Practices”). The Mayer Brown Practices are:
Mayer Brown LLP and Mayer Brown Europe – Brussels LLP, both
limited liability partnerships established in Illinois USA; Mayer
Brown International LLP, a limited liability partnership
incorporated in England and Wales (authorized and regulated by the
Solicitors Regulation Authority and registered in England and Wales
number OC 303359); Mayer Brown, a SELAS established in France;
Mayer Brown JSM, a Hong Kong partnership and its associated
entities in Asia; and Tauil & Chequer Advogados, a Brazilian
law partnership with which Mayer Brown is associated. “Mayer
Brown” and the Mayer Brown logo are the trademarks of the
Mayer Brown Practices in their respective

© Copyright 2020. The Mayer Brown Practices. All rights

Mayer Brown
article provides information and comments on legal
issues and developments of interest. The foregoing is not a
comprehensive treatment of the subject matter covered and is not
intended to provide legal advice. Readers should seek specific
legal advice before taking any action with respect to the matters
discussed herein.

POPULAR ARTICLES ON: Corporate/Commercial Law from United States

Choice Of Entity: LLC Vs. Corporation

Brown Rudnick LLP

For many entrepreneurs, their first experience with corporate law occurs when they decide to organize their fledgling business into one of the several forms of business entities permitted by law in most states.

SEC Rulemaking Agenda For 2023 Released

Mayer Brown

On January 4, 2023, the Office of Information and Regulatory Affairs released the Fall 2022 Unified Agenda of Regulatory and Deregulatory Actions, which includes, among other things…

Corporate Basics – Part I


Common questions founders ask when they begin to explore forming an entity are, when should I form a legal entity and what factors should I consider? In this blog post, we’ll explore…

SEC Updates Guidance On Non-GAAP Financial Measures

Baker Botts

On December 13, 2022, the Staff of the Division of Corporation Finance of the U.S. Securities and Exchange Commission updated its Non-GAAP Financial Measures Compliance & Disclosure Interpretations Questions.

Leave a Reply

Your email address will not be published. Required fields are marked *