Considerations for External Disclosures Related to Board Oversight of Disruptive Risks

In brief: As expectations of investors and society continue to evolve and the SEC increasingly focuses on disclosure of disruptive risks, boards of US public companies should confirm that their companies have adequate controls and procedures in place to identify disruptive risks, assess and analyze their impact on a company’s business and strategy, and make timely disclosures regarding such risks where appropriate.

This tool outlines considerations for determining whether and how to disclose disruptive risks facing a company and board oversight of such risks. It includes examples of committee charter provisions from several large public companies that have delegated responsibility for reviewing the process for assessing and managing disruptive risks to a board committee. It also summarizes the US Securities and Exchange Commission (SEC) disclosure requirements and guidance most likely to trigger disclosure of disruptive risks. Directors can use this material when considering possible changes or enhancements to their company’s disclosures.

Most relevant audiences: board chairs, lead independent directors, CEOs, audit and risk committee members, chief risk officers, and heads of internal audit

This tool outlines considerations for determining whether the board of directors is receiving sufficient information to identify and provide oversight of disruptive risks. Directors can use this material when considering possible changes or enhancements to their company’s compliance program and board reporting procedures.

Sidley Austin LLP provides this information for educational purposes only. It should not be construed or relied upon as legal advice. Given the complexities of law, regulation and practice in this area and the variety of company-specific factors that need to be considered, this information should not be applied to any particular situation without the advice of an attorney experienced in this area of law.

INTRODUCTION

Many disruptive risks are foreseeable with appropriate coordination between boards and management. Different kinds of risks could prove disruptive, and sometimes companies are monitoring for some but not all of them. Boards rely on information from management to help identify and provide oversight of disruptive or emerging risks that could result in a significant impact on the company’s strategy, operations, financial performance, or reputation.

Boards should periodically evaluate whether information provided to the board adequately emphasizes areas of potential risk, and whether improvements are needed. The board (or a designated board committee) could retain outside counsel and/or a third-party consultant to conduct such an evaluation, which, among other things, could include a review of board and committee minutes and materials for a period of several years, interviews with directors and key personnel (including one or two layers below the C-suite), and a review of risk management and information reporting controls, policies, and procedures.