Orrick’s “Comment Letter Trend: SEC Seeks Expanded Discussion of Board’s Role in Risk Oversight” suggests how companies may consider proactively enhancing the Regulation S-K Item 407(h) board risk oversight disclosure in their proxy statements based on the firm’s review of numerous SEC comment letters to companies issued during the last calendar year. Specifically, the firm advises companies to consider coverage of the following:
- Whether and why a company’s board would choose to retain direct oversight responsibility for certain material risks (particularly cybersecurity, ESG and sustainability related risks) rather than assign oversight to a board committee
- The timeframe over which a company evaluates risks (e.g., short-term, intermediate-term, or long-term) and how a company applies different oversight standards based upon the immediacy of the risk assessed
- Whether a company consults with outside advisors and experts to anticipate future threats and trends, and how often it reassesses its risk environment
- How a company’s board interacts with management to address existing risks and identify significant emerging risks
- Whether a company has a Chief Compliance Officer, or person serving in a similar role, and to whom this position reports
- How a company’s risk oversight process aligns with its disclosure controls and procedures