The key roles of a board of directors include monitoring regulatory compliance and risk management systems in their company.
Although the economic events of the last 2 years were well beyond the control of any individual board of directors, some companies did a better job than others in anticipating, identifying and managing the consequences of the GFC.
How can a board prepare for a Black Swan event, which by definition is unknown in advance and highly improbable but which has a large impact?
The author of The Black Swan, Nassim Nicholas Taleb, argues that as it is impossible to know the unknown risks, we should base our decisions around how unknown risks might affect us and prepare for the consequences.
He argues that just as we can prepare for known and repeated risks, we should also prepare for risks which have catastrophic consequences even if we don’t know exactly what the risk that causes it is or its probability of occurring.
The uncertainty is the hardest thing for boards and management to deal with.
If you were a director or manager of a casino, would you focus on anti-money laundering compliance, gambling policies and reducing losses resulting from cheaters or unlikely events such as a possible attack by a white lion, kidnapping of the casino owner’s daughter, an attempt by a former employee to blow up the casino or an employee failing to lodge tax forms? All of these improbable events actually happened with significant cost.
How does the law deal with this? If the risk is unpredictable then directors are not in breach of their duties to exercise care and diligence under
Section 180 Corporations Act. But, as Taleb points out, one of the characteristics of improbable events is that experts predict them after the event.
A board does not have a duty to forecast unpredictable events, but it is required to determine that the company has implemented appropriate monitoring systems, and it must take appropriate action when it becomes aware of a problem and believes that management is not properly dealing with it.
In reviewing risk management, a board should ensure management has identified the most likely sources of material future risks and
understand how the company is addressing any significant potential vulnerability.
Whilst the business judgment rule has not changed, courts may apply new standards, or interpret existing standards, to increase board responsibility for risk management. The reputation of companies and boards with flawed risk management processes will also be affected. The crisis management skills of several major companies have been tested recently.
The Government has responded to the GFC by emphasising the connection between director and executive remuneration and corporate risk-taking.
If at a minimum, boards are responsible for monitoring compliance obligations and known risks, what risks are known?
- Financial Risks (liquidity risks, counterparty risks)
- Disclosure Risks
- Fraud
- Bribery and Foreign Corruption (if operating overseas)
- Disasters: material disruptions in the financial system, terrorist attacks, natural disasters such as earthquakes or tsunamis, weather extremes like cyclones or floods, or company-specific disasters such as industrial accidents.
- Products Liability
- Health and Safety
- Environmental
- Insurance
- Information Technology
- Intellectual Property
- Anti-competitive conduct (cartels, price-fixing)
- Employment-related claims
- Social Responsibility and Human Rights
Boards will need to ensure they are adequately trained and have the right mix of skills to deal with these risks.