Among the Many Risks Boards Manage, Don’t Forget CEO Risk

Business risks are everywhere and boards rightly place responsibility for anticipating and managing many of those risks on their CEOs and management teams. In turn, a number of incidents in 2018 highlighted the potential risk individual CEOs can pose to their own companies’ reputations and drew attention to the board’s obligation to anticipate and manage that risk. The nature of the risk assessment and the appropriate mitigating actions will vary depending on the CEO’s role, public profile and relationships with other board members.

Considerations in Evaluating the Risk Level Presented by a CEO

Baseline Risk

As the top-level of management, the CEO is the spokesperson for the company’s business and in many cases, on a range of other issues affecting modern companies – labor and human rights, trade and immigration policy, gender diversity and others. Any ill-considered commentary can alienate employees, customers, suppliers and shareholders.

This baseline risk necessitates a minimum level of board oversight to ensure alignment between the board-developed strategy and the effectiveness of the public execution of that strategy. As a result, most boards communicate to their CEOs basic expectations and policies, formally or informally, to guard against, for example, inadvertent off-script comments announcing material developments prematurely or inaccurately.

Areas of Incremental Risk

Incremental risk above the baseline, and a red flag for the board, exists when the CEO has a pattern of public commentary that surprises the board, possibly indicating a lack of internal collaboration, discipline or overall care in crafting messages to stakeholders. At this level of risk, the board may decide additional hands-on oversight is warranted, which could include pre-vetting of the CEO’s communications when they relate to the company or are made through company-approved communication channels.

When a CEO is unusually prominent, high profile or becomes synonymous with the company’s brand, the risk level increases. Shareholders and regulators may have difficulty separating the CEO’s personal speech and actions from company views and commentary. When faced with this situation, the board should evaluate expanding any pre-vetting measures to include non-company related public events and communication channels.

The potential for the CEO to exert influence over directors is another circumstance in which the risk is incrementally elevated, such as when a CEO is also the chairperson or has outside relationships with board members. However, the burdens on the director and the board are very different in these two situations. On the one hand, with a combined CEO and chair role, the potential conflict is an easily identifiable governance issue and many solutions have already become widespread best practices. For example, ensuring there is a strong lead independent director who leads meaningfully probing executive sessions and keeps an open line of communication with the CEO are often sufficient for a board to feel comfortable that it has exercised appropriate oversight.

On the other hand, when the CEO has an outside relationship, whether personal, professional or otherwise, with one or more board members or there is a culture of board deference to management, the metrics by which to judge the severity of the issues and formulate responses are subjective. These are situations in which the relationships are not sufficient to cause a director to be non-independent under applicable SEC or stock exchange regulations, but are sufficient to create an appearance, or worse, of bias or inadequate oversight of the CEO. In these instances, individual directors must assess the governance issues based on their independent judgment, frequently using incomplete information about the nature and closeness of the relationships.

To add complexity to the oversight dynamic, the directors without personal relationships with the CEO (the “non-aligned directors”) may find themselves at odds with the other directors, creating a fraught inter-board dynamic. It is not an enviable task¹, and the inclination to remain silent and not “rock the boat” will be alluring to the non-aligned directors, but they must use their good judgment to identify the personal relationships that rise to the level of undermining the board’s independent oversight role and then convince the aligned directors to act accordingly to correct the problem.

In addition to some of the previously mentioned risk mitigation strategies, a board in this situation may decide oversight is more properly placed in a subset of non-aligned directors working as an ad hoc committee. Even if those directors who have outside relationships with the CEO would in fact be able to discharge their oversight with no bias, such a committee of non-aligned directors will eliminate the appearance of bias and enhance the board’s credibility. Boards should be mindful that these relationships are usually scrutinized with the benefit of hindsight, where appearances are given a great deal of weight.²

Risk of Overcorrection and Overregulation

While there are opportunities to identify and harness the risk a CEO may pose, sensible and balanced implementation requires an appreciation of the facts on the ground. Boards must be mindful that the method of CEO regulation must be calibrated to maximize long-term shareholder value in fulfillment of the directors’ fiduciary duties. Balancing risk to maximize shareholder value is a familiar topic to boards, but it is interesting to juxtapose the risk of oversight of a person – the CEO – with shareholder value. Too little regulation, and the board risks an ungovernable and overly risky CEO who can cause legal and regulatory harm, but may unleash significant creative energy. Too much oversight, and the board may view themselves as having discharged their oversight duties, but the CEO may become an uninspired leader, which will decrease long-term shareholder value.

As boards evaluate their practices, as well as CEO performance, their risk appetites and the risk profile of the company for the coming year, there is no prescription or set of procedures that will fit each company. However, directors should be thinking critically and creatively about the board’s relationship with the CEO in his or her many roles – as a director, member of management, executor of strategy, and company spokesperson.

[1] Line drawing of this type is subjective and sometimes difficult to rationalize. In In re MFW S’holders Litig, the Chancery Court of Delaware drew a distinction between friendships in which parties served as each others’ maids of honor, had been college roommates, or shared a beach house with their families from those where the parties occasionally have dinner over the years, attend the same parties and call themselves ‘friends’.