Top Five Risks Facing Corporate Boards
A Top 5 list should be viewed with suspicion — it is often just a headline grabbing posting with the clear purpose to gain readers’ attention. In defense, however, it is interesting to compare articles on risk rankings.
To start with the obvious, corporate boards face growing risks — the economy, the regulatory environment, cybersecurity threats, technology developments and stakeholder interests are all colliding and competing for corporate board attention. Every board member faces a delicate balancing act — how to devote adequate attention to these growing risks in an ever-changing economic and regulatory environment.
Corporate boards have a far broader perspective than the past. No longer can they focus only on maximizing shareholder value; instead, corporate boards have expanded their vision to address “stakeholder” interests — a broad view of a corporate mission that satisfies not only stakeholder interests but extends to balancing other stakeholder interests. In this framework, 2024 will present corporate boards with five significant issues:
Cybersecurity — At the top of every company’s risk ranking is cybersecurity. It is a significant threat that poses serious risks to companies — companies are investing more in the cybersecurity area and board members have to devote more time and attention to learning technology issues. To conduct proper oversight, boarrd members have to invest in training and learning how to identify, measure and mitigate cybersecurity risks. Board members have to do much more than sit through a 30 minute information technology presentation and then ensure that the company has adequate cyber-insurance. The threats posed to companies by a cyberattack are real — service disruptions, data breaches and collateral damages.
Political Challenges to Environment Social and Governance (ESG) and Diversity Equity and Inclusion (DEI) principles will continue to increase. States are pushing back against ESG issues and seeking to restrict ESG considerations in state public financing and investment vehicles. This will continue. At the same time, whether the label of ESG is applied or not, companies are focusing on ESG-type issues, particularly relating to governance. The ESG label may become taboo but the issues underlying ESG continue to present risks for the board agenda. Corporate boards have to navigate this difficult environment. As part of this political movement, companies are facing more challenges from internal and external stakeholders to corporate DEI initiatives.
Foreign and Domestic Regulations — Regulators are continuing to push new rules and regulations. The SEC has adopted comprehensive cybersecurity disclosure rules, and is expected to issue its new climate rules in 2024. In Europe, the German Due Diligence Act and the EU’s Corporate Sustainability Reporting Directive have caused global companies to undergo significant risk and compliance reviews.
The CSRD mandates reporting on a number of issues. U.S. companies (including private companies) with European subsidiaries will be subject to regulation and disclosure requirements beginning in 2026. The reporting and disclosure process will be difficult and require dedicated resources and personnel.
Sanctions and Anti-Corruption Compliance Risks: DOJ has promised a robust sanctions enforcement initiative in 2024; This new priority for corporate criminal enforcement will combine with existing anti-corruption/FCPA risks creating a high-risk enforcement and compliance reality. DOJ enforcement of economic sanctions will be the big story of 2024. Corporate boards should prepare for this coming enforcement storm.
Artificial Intelligence: Perhaps the most significant area for regulation will be generative artificial intelligence. California already has started to regulate AI. The EU is building an AI regulatory framework that is even more comprehensive. The Biden Administration adopted a comprehensive Executive Order on AI. Corporate boards have to assess their own AI risks — some companies have significant risks while most companies have only minimal AI risks. For the private sector, AI risks are likely to grow as the economy incorporates AI technology to improve business processes.