In February 2010 the SEC released new disclosure requirements, which call for companies to provide further insight on risks facing the company, governance and director qualifications, and compensation. In April of the same year, Akin Gump Strauss Hauer & Field, LLP randomly selected fifty S&P 500 companies who had since released proxy statements to find out what these companies were initially saying in their disclosures, specifically on the board of director’s role in risk management oversight. While companies reported a wide range of topics, some common themes emerged including the use of the term “enterprise risk management” and the role of risk oversight as it relates to strategic objectives.
This article, published Akin Gump Strauss Hauer & Field, LLP provides a detailed background on the legal and regulatory underpinnings of the board’s role in risk oversight. These new disclosures by the SEC are not the first requirements regarding the board and risk; the board has always been obligated to oversee the company’s risk management process and controls while management handles day-to-day risk management. Directors have a fiduciary duty under most state laws to implement and oversee systems designed to inform them of material risks in good faith. On the federal level, companies are able to substantially reduce penalties if they can show an effective compliance program existed with oversight from the directors. Additionally, the NYSE listing standards require the company’s audit committee to discuss risk assessment and management policies.
The survey focused on disclosures in preliminary or final proxy statements filed since February 28, 2010. The findings from the survey include:
- 92% of companies had a designated section for risk oversight that typically stood alone.
- 24% included a statement indicating that management is primarily responsible for risk management, while the board’s role is oversight.
- 42% explained that risk oversight was an integral part of the board’s role in the strategic planning process.
- 54% expressly used the term “enterprise risk management”.
- 8% stated that primary responsibility for risk management oversight rests with the entire board, 34% stated the responsibility was vested in one or more committees, and 52% stated both the board and various committees hold responsibility.
The new disclosure rules also require companies to discuss compensation policies as they relate to risk management if they are reasonably likely to have a material, adverse effect on the company. The statements surveyed showed that most companies chose to discuss compensation risk determinations and included that:
- 68% of companies stated their compensation committee was charged with determining whether compensation policies encouraged unnecessary risk or had a material, adverse effect.
- 74% expressed that their compensation policies and practices did not encourage unnecessary risk taking or have a material, adverse effect.
- 65% provided the process used to make the compensation risk determination.
- Almost 75% discussed various features of their compensation programs.
The survey pointed out that the actual format of the disclosures varied widely, including the length and placement of the discussions. These disclosures continue to prove that risk management within companies is not a standard, checklist procedure. Instead, it should be tailored to each individual company’s needs and wants and built upon the risk management foundation already in place.
Click below to download article.